Paul Hodgkinson
Paul Hodgkinson
Perl::Critic's command line application `perlcritic` produces human readable output, and Perl::Critic has a custom Perl API for integrating with other applications. Adding a "Static Analysis Results Interchange Format" aka [SARIF](https://sarifweb.azurewebsites.net/)...
Improvement from existing `cs/web/missing-token-validation` rule. I also don't want to take the same shortcut checking that at least one other HttpPost is validated before flagging those that aren't, since that...
New patterns to cover test secrets provided by a customer
We have some patterns here that are now supported as vendor partner patterns in Secret Scanning. We should explain that these patterns were written before they were supported in Secret...
Point clearly to the [secret scaning documentation](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning) and to the [hyperscan pattern docs](https://intel.github.io/hyperscan/dev-reference/compilation.html#pattern-support).
For patterns we have defined that use anchors in the additional matches, we need to communicate that GitHub Enterprise server v 3.7 and below do not support anchors. Those additional...
The [Helmet 🪖 middleware](https://helmetjs.github.io/) is used to set security-related HTTP headers in Express applications. This query finds instances where the middleware is configured with important ⚠️ security features disabled 🚫....
Polyfill.io was a popular JavaScript polyflll Content Delivery Network (CDN), used to support new web browser standards on older browsers. In February 2024 the domain was sold, and in June...
New version of the existing `cs/web/missing-token-validation` query that adds: 1. support for AspNetCore 2. lower tolerance for false negatives Any `POST` method without either an explicit CSRF attribute, or an...
Bump to `actions/checkout` v4, v2 will be deprecated soon ## Pre-requisites - [x] Prior to submitting a new workflow, please apply to join the GitHub Technology Partner Program: [partner.github.com/apply](https://partner.github.com/apply?partnershipType=Technology+Partner). ---...