Committing in your workflow can normally be done using git commands or other actions that perform commits for you. However, if your repository requires commit signing, it is difficult to manage securely a GPG keys and set up GitHub Runner to sign your commit. Fortunately, this can be done through the GitHub GraphQL API.

The Next/Image component is a crucial part of the Next.js framework, offering image optimization functionalities. However, utilizing this component can have significant implications for Content Security Policy (CSP).

Next.js lacks many built-in security measures. In fact, it doesn’t offer predefined configurations for your Content Security Policy (CSP). Consequently, setting up CSP becomes your responsibility. Let’s explore how we can implement a CSP.

With the integration of AppRouter, Next.js undergoes significant internal changes in component loading and management. Underneath, AppRouter defaults to employing SSR (Server-Side Rendering) and leverages React Server Components (RSC). However, this transition brings about consequential impacts on CSP (Content Security Policy).

Semgrep is an incredible static analysis engine that can be used for finding bugs, detecting vulnerabilities and even for enforcing code standards. Semgrep is a Swiss army knife for static code analysis.

Log Injection is an attack that has been known to everyone for years. Despite the fact that any application can record logs from user input, for too long many of us had forgotten about the dangers. But the recently discovered vulnerabilities concerning log4j2 have reminded us of the importance of preventing log injection attacks. This article describes one concrete way - albeit not the only way - to prevent log injection attacks in a Spring Boot application using Logback.