Signed Commits in Github

Intro I have been working on an open source project called Project Tetsuo. Part of getting serious about it is doing some of the scaffolding that open source projects have. In this post, I’ll talk about working through the process of making signed commits to my codebase. Why Essentially a signed commit is a commit that has been cryptographically signed and validated. This is a good thing to do. It gives people confidence that the commit has come from an authenticated source....

March 2, 2023 · 6 min · codecowboy.io

Security in my pipeline - why and how

Intro I’ve been doing a lot recently with what is known in the industry as “shifting left” with security. Essentially this is the concept of moving security related checks closer to the beginning (or the left) of the software development lifecycle. As I’ve been doing some of this with work, it has raised a number of questions for me personally about moving security checks earlier in the software development lifecycle....

December 16, 2022 · 7 min · codecowboy.io

Mermaid and Hugo - a tale of submodules and subtrees

Intro I have decided to investigate the difference and strengths and weaknesses of using subtrees versus submodules in git. Both have pros and cons, and in this post I explore them both. What prompted this? Recently I decided to update my hugo instance to use mermaid. Mermaid is a library that allows you to embed diagrams in markdown. This means that I can create diagrams simply by using markdown. My hugo theme, was installed as a git submodule....

April 3, 2022 · 11 min · codecowboy.io