GitHub: signing commit in a workflow

Committing in your workflow can normally be done using git commands or other actions that perform commits for you. However, if your repository requires commit signing, it is difficult to manage securely a GPG keys and set up GitHub Runner to sign your commit. Fortunately, this can be done through the GitHub GraphQL API.

Read More

Next.js: Crafting a Strict CSP

Next.js lacks many built-in security measures. In fact, it doesn’t offer predefined configurations for your Content Security Policy (CSP). Consequently, setting up CSP becomes your responsibility. Let’s explore how we can implement a CSP.

Read More

Next.js: consequence of AppRouter on your CSP

With the integration of AppRouter, Next.js undergoes significant internal changes in component loading and management. Underneath, AppRouter defaults to employing SSR (Server-Side Rendering) and leverages React Server Components (RSC). However, this transition brings about consequential impacts on CSP (Content Security Policy).

Read More

Spring Boot: Prevent Log Injection Attacks With Logback

Log Injection is an attack that has been known to everyone for years. Despite the fact that any application can record logs from user input, for too long many of us had forgotten about the dangers. But the recently discovered vulnerabilities concerning log4j2 have reminded us of the importance of preventing log injection attacks. This article describes one concrete way - albeit not the only way - to prevent log injection attacks in a Spring Boot application using Logback.

Read More