Today I came across a requirement to export vulnerabilities/issues identified by SonarQube Community/Developer Edition into CSV file in order to share the list with team members (normally security team members are not part of development team and like to get report dump periodically).
Export functionality is available out of the box in SonarQube Enterprise Edition but not available in lower editions.
Luckily, SonarQube exposes extensive set of REST APIs that can be leveraged for this purpose. One can find the link to “Web API” in the footer of the SonarQube portal page.
In order to export issues, there is a…
I came across a use case to test ASP NET Core Web API secured with JWT (JSON Web Token) authentication using Postman. In order to test the api, we need to first retrieve the authentication token from token authority (in my case it was Azure AD) and then use the retrieved token while initiating actual web api requests.
Azure AD Tenant Id — you can get it from Tenant properties
Azure AD App Registration — will be used to establish trust relationship between user and Azure AD. Note down the Client Id and Client Secret for app registration.
Recently I came across a request to run Java Applet on Ubuntu 20.04. Java Applet is an old technology currently not supported by latest version of JDK, JRE and Eclipse.
There are two standard types of installation available are JDK and JRE. JDK (Java Development Kit) provides the ability to develop a new Java application, which includes Java compiler. JRE (Java Runtime Environment) provides the runtime environment for any Java application with applets. The Java developers required to install JDK and JRE both on their system to create new Java Applications.
In order to run Applets, we need to install…
In my recent engagement, I came across a requirement to consume NuGet packages from private Azure Artifacts feed in GitHub Actions.
I was working with was an ASPNET Core dotnet application and writing a GitHub Actions workflow to deploy the application in Azure Cloud (App Service).
Challenge: How to include registry feed authorization information in GitHub Actions workflow to dynamically authorize private Azure Artifacts package feeds on workflow execution.
Project Setup: The key elements in the project structure were:
In order to connect Azure DevOps to external and remote services, you need to create service connection.
Some service connection types like Azure Resource Manager (ARM) allows you to use a custom service principal. This is a preferred option over automatic service connection creation through Azure DevOps Wizard for below reasons-
Terraform is the most talked about tool when it comes to Infrastructure-as-Code (IaC). When someone starts to explore Terraform, first question arises in mind around the terraform project structure. What should be the ideal project structure that provides flexibility and extensibility to all projects across the organization?
I decided to explore Terraform against my Azure cloud environment keeping in mind following goals & benefits-
Remote state files: In order to save the terraform state in a centralized remote storage, I used Azure store account to save terraform state files. Separate containers were created for each environment (dev, test, prd) to…