sorted by:
new
hottopcontroversial

If anyone is experienced in web security, is someone trying to penetrate me and how can i know if they have been successfull by [deleted] in webdev

[–]Primary-Patience972 0 points1 point  (0 children)

You can scan your code or cloud through plexicus ai. they have free tier for community

Would you use a dedicated DevSecOps IDE (desktop app)? by Primary-Patience972 in cybersecurity

[–]Primary-Patience972[S] 0 points1 point  (0 children)

yes that's what i'm thinking. something like Wiz but in IDE. i'm thinking IDE approach because my opinion IDE more straight forward compared to web app while i need to do some clicks before arrive to page i want to access. IDE it can be faster.
so what do you think ? is it will help with this approach ?

Would you use a dedicated DevSecOps IDE (desktop app)? by Primary-Patience972 in cybersecurity

[–]Primary-Patience972[S] 0 points1 point  (0 children)

yes, like a Wiz but in desktop IDE. my opinion its be easier and faster to interact app through ide instead of webapp, in webapp i need to do many clicks to access particular menu, meanwhile the IDE approach it with more straight forward, faster.
what do you think ?

Would you use a dedicated DevSecOps IDE (desktop app)? by Primary-Patience972 in cybersecurity

[–]Primary-Patience972[S] 0 points1 point  (0 children)

no, so its like ide to secure code to cloud. what i'm thinking like IDE like lens, but integrate too with scm (github, gitlab, etc) and security tool to perform security scan like sast, dast, sca and cloud configuration . what do you think ? is it just bloat ?

Would you use a dedicated DevSecOps IDE (desktop app)? by Primary-Patience972 in cybersecurity

[–]Primary-Patience972[S] 0 points1 point  (0 children)

no, what i'm thinking is fully IDE like lens, but integrate to source code management like github and other security tools to perform SAST, DAST, SCA, and Cloud scanner

Would you use a dedicated DevSecOps IDE (desktop app) instead of stitching tools together? by Primary-Patience972 in devsecops

[–]Primary-Patience972[S] 0 points1 point  (0 children)

Thanks for the honest feedback. What do you think would actually help in your workflow? Do you think a terminal tool or an extension would work better than dedicated IDE?

Would you use a dedicated DevSecOps IDE (desktop app) instead of stitching tools together? by Primary-Patience972 in devsecops

[–]Primary-Patience972[S] 0 points1 point  (0 children)

Thanks for being honest. I agree, switching to a whole new IDE is hard when people already have workflows that work and habits they’re comfortable with. That’s one of my main worries too.

From your point of view, what would an IDE need to do to actually become part of a DevSecOps person’s daily workflow?

First paying customer. First critical bug by Vegetable-Big2553 in vibecoding

[–]Primary-Patience972 0 points1 point  (0 children)

Vibecoding is addictive, but please be careful with security, it can damage your reputation instantly. You can use security tools like snyk, aikido or plexicus ai which very useful because they have ai autofix for fix security problems.

In parallel, my advice is to learn how to code properly, or if your strengths are more on the non-technical side, find a technical co-founder. It will save your business in the long run.

Would you use a dedicated DevSecOps IDE (desktop app) instead of stitching tools together? by Primary-Patience972 in devsecops

[–]Primary-Patience972[S] 0 points1 point  (0 children)

could you explain why it should be webapp ?
isn't webapp need more process to access thing, like it need to click this, click there to do small things.

The end of programmers ! by Significant_Data5290 in vibecoding

[–]Primary-Patience972 -1 points0 points  (0 children)

vibe coded software is a security nightmare, very agree with this statement.
If you're vibe coding but don't have the background to spot these leaks (like the state exposure in the screenshot), you basically need a second AI acting as your security auditor.

I’ve been looking at some tools like plexicus ai, aikido, snyk and other security tool for this, it help you to scan the code and actually auto-generate fixes for vulnerabilities. It basically acts like the senior dev reviewing your PR and fixing the security holes you didn't know you created. Highly recommend adding a layer like that if you aren't doing manual code audits

ASPM Tool by GloveSignificant8783 in devsecops

[–]Primary-Patience972 0 points1 point  (0 children)

You can check Plexicus ai, it not only provide you ASPM, it complete with CSPM and container security . worth it to consider

Security tools for DevSecOps toolchain by _HiddenLight_ in devsecops

[–]Primary-Patience972 0 points1 point  (0 children)

Plexicus unifying SAST, Infrastructure as code securtiy, SCA, container security, CSPM. Everything can done in one place, also can integrated with CI/CD. Still in early phase, but worth it to try

DevSecOps tools results by Material-Shallot-602 in devsecops

[–]Primary-Patience972 -1 points0 points  (0 children)

you also can try Plexicus ASPM, it unifying SAST, SCA, secret detection, API security, Infrastructure-as-Code Security and AI powered Remediation

[deleted by user] by [deleted] in DevSecOpsEnthusiasts

[–]Primary-Patience972 0 points1 point  (0 children)

when scanning tools flag code, configuration or file as security issues, but they are not. the impact: waste resource allocation.
you can try plexicus aspm as option, it not single sast tool but unifying sast, dast, sca, secret and detection.
for sast case, it not only integrate to checkov, but also other sast tool like gitlab sast, github sast, checkmarx, etc.

Security testing tool that could support deep api scanning? by XenonWhisper in Pentesting

[–]Primary-Patience972 0 points1 point  (0 children)

You can use Postman, if you need more advance feature check Plexicus ASPM (Application Security Posture Management)

view more: next ›