BestHub
search
Sign in
Tag

security scanning

1 views collected around this technical thread.

Raymond Ops
Raymond Ops
Jun 12, 2025 · Information Security

Build an Automated Security Code Scanning Platform with SonarQube, Jenkins, and SVN

This guide walks you through setting up a fully automated security code detection platform—covering environment preparation, installing JDK, MySQL, SVN, Maven, Tomcat, SonarQube, and Jenkins, configuring each component, integrating them via Jenkins pipelines, and running sample scans to generate actionable security reports.

AutomationJenkinsdevops
0 likes · 20 min read
Build an Automated Security Code Scanning Platform with SonarQube, Jenkins, and SVN
DevOps Cloud Academy
DevOps Cloud Academy
Nov 11, 2024 · Information Security

Implementing a Secure Multi‑Language DevSecOps CI/CD Pipeline with Jenkins

This article details how to build a comprehensive DevSecOps CI/CD pipeline using Jenkins that integrates source control, SonarCloud, Snyk, Docker, Trivy, Kubernetes, and ZAP to automate building, testing, scanning, and deploying multi‑language applications securely and efficiently.

CI/CDDevSecOpsDocker
0 likes · 17 min read
Implementing a Secure Multi‑Language DevSecOps CI/CD Pipeline with Jenkins
DevOps Cloud Academy
DevOps Cloud Academy
Jul 30, 2024 · Operations

Implementing a DevSecOps CI/CD Pipeline with Jenkins, Kubernetes, ArgoCD, and Security Scanners

This article details a comprehensive DevSecOps pipeline that uses Jenkins for CI/CD, Dependency‑Track and DefectDojo for SBOM management, SonarQube and Trivy for static and container scanning, Docker for image builds, and ArgoCD with Kubernetes for automated deployments, illustrating each stage with full code examples.

ArgoCDCI/CDDocker
0 likes · 15 min read
Implementing a DevSecOps CI/CD Pipeline with Jenkins, Kubernetes, ArgoCD, and Security Scanners
High Availability Architecture
High Availability Architecture
Jun 14, 2024 · Operations

Evolution and Practice of Vivo CICD Artifact Management in DevOps

This article details the evolution of Vivo's CICD artifact management across four stages, explains its core functions such as multi‑type support, unified storage, promotion, security scanning, aging, and permission control, and outlines future directions toward smarter, more integrated, and secure DevOps operations.

Artifact ManagementCICDcontinuous delivery
0 likes · 16 min read
Evolution and Practice of Vivo CICD Artifact Management in DevOps
vivo Internet Technology
vivo Internet Technology
May 29, 2024 · Operations

vivo CICD Artifact Management: Evolution and Implementation Practices

vivo’s CICD artifact management has evolved from manual builds to a comprehensive Platform Management 2.0 that provides unified storage, multi‑type support, version control, promotion, security scanning, lifecycle policies, and fine‑grained access, dramatically reducing errors and operational costs.

Artifact ManagementArtifact PromotionCICD
0 likes · 15 min read
vivo CICD Artifact Management: Evolution and Implementation Practices
JD Cloud Developers
JD Cloud Developers
Dec 16, 2021 · Information Security

Detect and Mitigate the Log4j2 Remote Code Execution Flaw with JD Cloud Tools

This article explains the critical Log4j2 remote code execution vulnerability, offers JD Cloud's free online scanning service, details rapid defense measures using Web Application Firewall and Starshield, and provides step‑by‑step mitigation and upgrade recommendations to protect Java applications.

Cloud SecurityLog4j2mitigation
0 likes · 6 min read
Detect and Mitigate the Log4j2 Remote Code Execution Flaw with JD Cloud Tools
DevOps Cloud Academy
DevOps Cloud Academy
Apr 21, 2021 · Information Security

Integrating SonarQube Sonar Secrets Plugin into a CI/CD Pipeline for Secure Development

This article explains how to integrate the SonarQube Sonar Secrets plugin into a CI/CD pipeline to provide early security feedback, detect hard‑coded credentials, build and install the plugin, configure SonarQube, and enable secret scanning for Java and JavaScript projects.

CI/CDSecrets Detectiondevops
0 likes · 4 min read
Integrating SonarQube Sonar Secrets Plugin into a CI/CD Pipeline for Secure Development
Efficient Ops
Efficient Ops
Jul 19, 2020 · Operations

How Capital One Built a Single Trusted Artifact Repository with JFrog Artifactory

This article explains Capital One’s data‑driven approach to creating a single trusted source for all internal software artifacts using JFrog Artifactory, detailing the motivations, implementation steps, release workflow, and the operational benefits achieved.

CI/CDJFrog Artifactoryartifact repository
0 likes · 9 min read
How Capital One Built a Single Trusted Artifact Repository with JFrog Artifactory
Qunar Tech Salon
Qunar Tech Salon
Apr 25, 2018 · Fundamentals

Recap of Qunar QTest Conference 2023: Highlights of Technical Sessions

The Qunar QTest Conference held on April 21 showcased a series of technical talks covering test environment governance, code coverage platforms, dynamic BadSQL scanning, machine‑learning‑based mobile performance testing, and case‑bug management systems, providing attendees with practical insights and future development roadmaps.

AutomationQTestcode coverage
0 likes · 4 min read
Recap of Qunar QTest Conference 2023: Highlights of Technical Sessions