JavaScript, webdev

RegEx 101

Regular expression or in short Regex is a string of text that lets you create patterns that help match, locate, and manage text. It’s an important tool in a wide variety of computing applications, from programming languages like JS, Java and Perl, to text processing tools like grep, sed, and vim.

Here are a few helpers to refresh your mind when you need some ‘simple’ regex to do the job.

Continue reading
Standard
cloud, JavaScript

Integrate JFrog Xray with Slack

The need to protect your software and to be updated about vulnerabilities is getting stronger. JFrog Xray is unique in its capabilities to perform analysis of all the binaries you are consuming in your project. It works with Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. Xray provides great visibility into issues lurking in components anywhere in your organization and there are many cases where you wish to get notified on a security violation (or a license breach) directly to Slack.

Getting Started

We will use Xray’s Webhooks to define our server’s and base on the policies/rules our Webhook will be notified with the alerts about violations (security or licenses).

Continue reading
Standard
cloud, JavaScript

Export Violations From JFrog Xray to CSV

The trend of #DevSecOps is growing fast and it is no longer just part of your security team. More and more organizations wish to integrate their security team in all the phases of development and operations. To achieve it, there are cases where you need to export data from JFrog Xray (in our case to a CSV format) so you can ingest it to your current logging/monitoring system. 

What is Xray?

In a nutshell, JFrog Xray works with JFrog Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. It provides full transparency that leads to more trust in your software. 

By scanning binary components and their metadata, recursively going through dependencies at any level (think on the layers you have in any Docker container), JFrog Xray provides great visibility into issues lurking in components anywhere in your organization.

Xray API

One of the best parts is that JFrog Xray is also fully automated through a rich REST API. We will use it to create this Exporter. Please feel free to clone/fork the code below and use it, but remember you might need to add pagination and a watchdog for a real system.

Continue reading
Standard
cloud, JavaScript

How To Build An Integration With JFrog Xray?

The trend of DevSecOps is not new but it’s growing fast. More and more organizations wish to integrate their security team in all the phases of development and operation. 

Many security products keep your code safe from vulnerabilities at different stages (dev, test, qa and prod). However, JFrog Xray is unique in its capabilities to perform analysis of all the binaries you are consuming in your project.

JFrog Xray works with JFrog Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. It provides full transparency that leads to (more) trust in your software. By scanning binary components and their metadata, recursively going through dependencies at any level (think on the layers you have in any Docker container), JFrog Xray provides great visibility into issues lurking in components anywhere in your organization.

One of the best parts is that JFrog Xray is also fully automated through a rich REST API that lets it integrate with a CI/CD pipeline and allows other binary analysis tools to build on its unique capabilities.

Continue reading
Standard
JavaScript, life

The Monty Hall Problem

The Monty Hall problem is a brain teaser loosely based on the American television game show “Let’s Make a Deal” and named after its original host, Monty Hall.

I wrote a little web app that show you what is the right choice with a simulator. It’s a bit hard to explain the correct solution as it’s going against ‘common’ sense. Continue reading

Standard
bots, JavaScript

Build Your First Smart Bot For Google Home

In the past few months, I heard someone smart saying that “the future is artificial intelligence first”.

Artificial intelligence, is making computers “smart” so they can think on their own and be even more helpful for us. It’s clear that Google, has been investing heavily in the areas of:

  • Machine learning – Teaching computers how to see patterns in data and act on it.
  • Speech recognition and Language understanding – Meaning, being able to understand you when you are talking with all the little differences and nuance.

These days we can see it all come together in the Google Assistant. It allows you to have a conversation with Google and be more productive. In this post, we will see how it’s all working by building a new Action for Google home. In the same time, we will have a nice bot that in the future we will integrate with many apps. Cool? Continue reading

Standard
Chrome, JavaScript, webdev

Online Editors For Web Developers

One of the most powerful aspects of the web is the ability to share your ideas and work with others quickly.

Over the years, I tried several options to share code and do demos. It’s true that you can always start your own server and serve your site, but in many cases, you want to focus on your demo and not do administrative work again and again. Here are some tools that I enjoyed using and I still find myself returning to check them from time to time. In most of them you got a nice ability to move (even) faster and to use GitHub for your code. Continue reading

Standard
Chrome, JavaScript, webdev

Protect Your Website With HTTPS

TL;DR

  1. Create (for free) an SSL certificate.
    One resource for that is letsencrypt.org
  2. Install it on your website’s server: letsencrypt.org/docs/client-options/ – You just quickly choose the client that will match your server environment or do everything in your browser.
  3. Change all your website’s links from HTTP to HTTPS so that search engines are notified and users will get the HTTPS version.
  4. Go have a drink.

Why?

You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications. HTTPS helps prevent intruders from tampering with the communications between your websites and your users’ browsers. It might be a malicious attacker or legitimate (but intrusive) companies, such as ISPs or hotels that inject ads into pages. Your users will think that your site is ugly or worst because they can’t tell who is doing what to the pages.
If you care about your users, always protect them and serve them with HTTPS. It will also prevents intruders from being able to passively listen in on the communications between your website and your users. Another benefit we gain from HTTPS is the ability to work with new powerful web platform features: Continue reading

Standard