https://romanoroth.com/en/tags/code-review/Recent content in Code Review on Romano RothHugo -- gohugo.ioenRomano RothTue, 30 May 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-pull-request/Tue, 30 May 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-pull-request/<p>In the previous nine sessions Patrick Steger and I built a GitHub DevSecOps pipeline with build, SCA, License Compliance, SAST, Container Scanning, Secret Detection and DAST. All useful — but only if it actually runs <em>before</em> code lands in main, and only if the merge is blocked when something serious shows up. In Part 10 we wire that gate together with Pull Requests and Branch Protection rules.</p>https://romanoroth.com/en/blogs/gitlab-devsecops-merge-request/Wed, 02 Nov 2022 00:00:00 +0000https://romanoroth.com/en/blogs/gitlab-devsecops-merge-request/<p>In the previous nine sessions Patrick Steger and I built a GitLab DevSecOps pipeline that runs SAST, secret detection, software composition analysis, container scanning and DAST. Useful — but only if it actually catches issues <em>before</em> they reach the default branch. In Part 10 we close that loop: we wire the pipeline into Merge Requests so every change is scanned, the deltas against the default branch are visible, and approvals are required when new high or critical vulnerabilities appear.</p>