GitLab continues to migrate Static Application Security Testing (SAST) to Semgrep, and makes this available to all GitLab tiers. This analysis only includes the rules that GitLab manages, but there are many more available in the Semgrep Rules project. This post details how to combine the two to get a more comprehensive analysis.
With it's default configuration, Renovate does a great job of managing container
image tag updates. One limitation is that for updates that include an OS in the
tag, for example the Alpine Linux version in python:3.11.3-alpine3.17,
Renovate only updates Python image tags matching that version, which may limit
updates, and doesn't identify any OS updates. This post details how to configure
Renovate to work around that limitation for Alpine images.
See all tags.
Aaron Goldenthal