Hey everyone! I'm new to this community and also a junior DevSecOps. I'm looking for some recommendations on free but effective tools for code quality and security checks. I'm currently working at a small company, so budget is tight. It would really help my dissertation if I could find a solid free or low-cost solution. Any suggestions?
3 Answers
Have you ever used Gitleaks? It's pretty straightforward and can really help with identifying hardcoded secrets, especially in environments with newer developers who might be prone to that.
Most modern security platforms that provide code quality and security scanning are actually built on open-source projects. It's a good idea to explore that avenue for potential scanners. Also, think about where you plan to implement these scanners—pre-commit hooks, within CI/CD pipelines, or even integrating them into IDEs for developers. The goal is to create a rapid feedback loop that enhances the developer experience without overwhelming them with unnecessary security checks. If you're using GitLab, check out their built-in security scanners; you might be able to leverage those for free. And don’t try to implement everything at once—start with what will have the greatest impact, like checking for hardcoded secrets using tools like gitleaks, which is free and easy to configure.
While some tools like SonarQube (SonarCloud), GitHub Advanced Security, and GitHub Dependabot aren't technically free unless you're analyzing public repos, you can run SonarQube scans for free with some effort. It's worth checking, especially if your company isn’t counting every penny closely. If you’ve got some budget, these options are pretty powerful!
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically