Latest Posts

GitLab CI Pipeline for Go Projects

After recently learning Go, and about to start my first project, I started putting together a GitLab CI pipeline for Go projects. After scouring the Internet, I found mostly old posts on the subject. The posted pipelines, as well as numerous actual Go project pipelines, were missing jobs in my set of goals for a CI pipeline. So I built this GitLab CI pipeline for Go projects.

GitLab Semgrep SAST Analysis... But More

GitLab continues to migrate Static Application Security Testing (SAST) to Semgrep, and makes this available to all GitLab tiers. This analysis only includes the rules that GitLab manages, but there are many more available in the Semgrep Rules project. This post details how to combine the two to get a more comprehensive analysis.

The Year in Review 2023

A lot has happened in the last year - the resurgence of this blog, I created six new software projects, and I shipped almost 200 software releases. In addition, I learned Go, started publishing NPM packages with provenance, and generative AI and large language models took over the world. This post reviews it all.

Managing GitLab License Policies With No Dependencies

GitLab's license approval policies provide a powerful and flexible means of managing dependency license approvals. Using these policies requires performing GitLab's Dependency Scanning to generate and report a Software Bill of Materials (SBOM). For the cases where there are no dependencies, Dependency Scanning is not run, no SBOM is created, and the license policies are considered failed and require approval. For projects without dependencies this is an added hassle, and this post proposes a solution.