Development against Legacy Databases A “legacy” relational production database can be a challenge to develop new software against, whether it be “reports” or a feature for a web application. The schema sets a minimum for what to expect, but the actual data content may be “dirty” or inconsistent. There can be any number of curiosities Read more…
CloudFormation Development Process and Privilege As a developer works through the development of a CloudFormation template, they are likely working in a “sandbox” account where they have significant “power user” privileges. This is convenient in order to allow the developer to focus on the business needs, but what happens when the same template is converged Read more…
Test Automation for Integrating with External Services Developing test automation code for an interface to an “external” service is always a difficult proposition. There is a spectrum of techniques for developing reproducible tests against an external service. On one end of the spectrum are “mocking” techniques and on the other far end of the spectrum Read more…
Code Complexity Metrics When a professional software developer writes code, they measure the complexity of the code they write. The contrapositive holds true as well that those who don’t measure the complexity of their code are not professional. There are a variety of code complexity metrics available to the professional developer. The “better” metrics are Read more…
Introduction The cfn_nag tool is a static analysis tool for finding obvious security weaknesses in CloudFormation templates. The core product includes rules that apply universally across environments and enterprises. That said, the product supports the development of custom rules to allow enterprise-specific rules for compliance and security controls. For more information on developing custom rules Read more…
Deployment Pipelines – Introduction The software “deployment pipeline” has become a common mechanism in the modern enterprise. A deployment pipeline is a sequence of automation that produces or deploys a software artifact. This artifact can take many forms, for example, a programming library, a web application, or even automation to converge infrastructure and security controls. Read more…
This is an older post. For newer information on cfn_nag and DevSecOps, please check out these posts: Development Acceleration Through VS Code Remote Containers: How We Leverage VS Code Remote Containers For Rapid Development of cfn_nag Custom Rule Distribution Enhancements for cfn_nag Is My Container Image Secure? CI/CD Container Scanning using Trend Micro Deep Security Read more…