The asm (agent‑skill‑manager) tool unifies the management of AI coding‑assistant skills by providing a global view, one‑click GitHub installation, built‑in security scanning, a complete local development workflow, and support for over 17 assistants through both TUI and CLI interfaces.
The article analyzes the systemic shortcomings of AI coding assistants and presents everything‑claude‑code, an open‑source Agent harness that adds plug‑and‑play Skills, automatic learning Instincts, cross‑session Memory, production‑grade Security scanning, and a research‑first development workflow, comparing it with other tools and detailing deployment and best‑practice guidance.
This guide explains how to dramatically shrink Docker image sizes by up to 70% using multi‑stage builds, Alpine or Distroless bases, layer merging, .dockerignore, and BuildKit, while also integrating Trivy security scanning, non‑root users, SUID removal, and CI/CD automation to ensure a lean, secure container deployment.
The article explains why OpenClaw’s autonomous AI‑agent architecture poses serious security risks—exposed ports, default‑off authentication, vulnerable skill plugins, and known CVEs—and presents a seven‑step manual baseline audit plus the open‑source Dejavu tool that automates these checks.
The article introduces Cloud ProxyPool, a Go‑based distributed IP proxy pool built on Tencent Cloud Functions (SCF) that bypasses WAF IP restrictions, provides step‑by‑step deployment, client configuration, CA certificate installation, proxy settings, a monitoring dashboard, and outlines supported use cases such as crawler IP rotation, IP testing, HTTPS interception, and integration with tools like Burp Suite.
This article examines the security challenges of the Model Context Protocol (MCP) in AI applications, analyzes attack surface expansion across creation, runtime, and update phases, and presents a comprehensive AI‑enhanced scanning architecture with mitigation strategies to protect the entire AI ecosystem.
The article explains GitLab SAST’s standardized JSON report format, walks through the meaning of the scan metadata and the vulnerabilities array, and shows that an empty vulnerabilities list together with a success status simply indicates a clean, successful static analysis run.
This guide walks you through setting up a fully automated security code detection platform—covering environment preparation, installing JDK, MySQL, SVN, Maven, Tomcat, SonarQube, and Jenkins, configuring each component, integrating them via Jenkins pipelines, and running sample scans to generate actionable security reports.
This article details how to build a comprehensive DevSecOps CI/CD pipeline using Jenkins that integrates source control, SonarCloud, Snyk, Docker, Trivy, Kubernetes, and ZAP to automate building, testing, scanning, and deploying multi‑language applications securely and efficiently.
This guide explains the background, purpose, and step‑by‑step process for creating an automated security code detection platform that integrates SonarQube, Jenkins, Maven, SVN and MySQL, enabling continuous security testing and reporting within the software development lifecycle.
This article details a comprehensive DevSecOps pipeline that uses Jenkins for CI/CD, Dependency‑Track and DefectDojo for SBOM management, SonarQube and Trivy for static and container scanning, Docker for image builds, and ArgoCD with Kubernetes for automated deployments, illustrating each stage with full code examples.
This article details the evolution of Vivo's CICD artifact management across four stages, explains its core functions such as multi‑type support, unified storage, promotion, security scanning, aging, and permission control, and outlines future directions toward smarter, more integrated, and secure DevOps operations.
vivo’s CICD artifact management has evolved from manual builds to a comprehensive Platform Management 2.0 that provides unified storage, multi‑type support, version control, promotion, security scanning, lifecycle policies, and fine‑grained access, dramatically reducing errors and operational costs.
Amazon CodeWhisperer, a free real‑time AI coding assistant, integrates with popular IDEs to generate code for routine tasks, unfamiliar APIs, and security‑critical snippets across multiple languages, while also offering reference tracking and built‑in vulnerability scanning.
This article explains how to programmatically parse container images using Google's go‑containerregistry library, covering basic concepts such as ImageIndex, Image Manifest, layers, and diffIDs, and demonstrates retrieving image metadata, system packages, and Java application dependencies through code examples and practical Go snippets.
This article explains the critical Log4j2 remote code execution vulnerability, offers JD Cloud's free online scanning service, details rapid defense measures using Web Application Firewall and Starshield, and provides step‑by‑step mitigation and upgrade recommendations to protect Java applications.
This article explains how to integrate the SonarQube Sonar Secrets plugin into a CI/CD pipeline to provide early security feedback, detect hard‑coded credentials, build and install the plugin, configure SonarQube, and enable secret scanning for Java and JavaScript projects.
A sudden P1 incident reset all user passwords, and after a thorough investigation the team discovered that a security‑scanning tool’s weak‑password check repeatedly hit login attempts, triggering a bug that caused the outage, highlighting the critical need for proper incident response and security engineering.
This article explains Capital One’s data‑driven approach to creating a single trusted source for all internal software artifacts using JFrog Artifactory, detailing the motivations, implementation steps, release workflow, and the operational benefits achieved.
GitHub’s recent Satellite event unveiled major platform upgrades—including the beta‑stage Discussions forum, the cloud‑based Codespaces development environment, enhanced Code and Secret scanning security tools, and private enterprise instances—offering developers richer collaboration, faster setup, and stronger protection.
An overview of eleven essential open-source and commercial tools—including SonarQube, Kritika, DeepScan, Klocwork, CodeSonar, JArchitect, Bandit, Code Climate, Crucible, Fortify, and Codecov—that help developers analyze code quality, detect security vulnerabilities, and integrate seamlessly into CI/CD pipelines across multiple programming languages.
The Qunar QTest Conference held on April 21 showcased a series of technical talks covering test environment governance, code coverage platforms, dynamic BadSQL scanning, machine‑learning‑based mobile performance testing, and case‑bug management systems, providing attendees with practical insights and future development roadmaps.
