- 11
- 85 362
The Software Developer
India
เข้าร่วมเมื่อ 7 ม.ค. 2020
Every programmer needs help to grow and become more productive, my goal is to help you in gaining knowledge on common coding practices and concepts. I try to keep the learning easier and focus on keeping videos on point. I will keep addressing the common issues we face in our day to day code.
My focus is mostly .NET technology but I keep exploring new technologies.
My focus is mostly .NET technology but I keep exploring new technologies.
Terraform Security Using Checkov | Scan Terraform Templates
Terraform is an Infrastructure as Code (IaC) tool, and Terraform security refers to securing the infrastructure that is built using Terraform.
By leveraging tools that understand Terraform files and workflows, teams can effectively implement security controls earlier in the development process.
Terraform security scan using checkov. In this video we will see how we can use checkov tool for scanning security issues within out terraform templates.
We will also see how to publish the results in pipeline, which makes it easy to go through the results and verify those.
By leveraging tools that understand Terraform files and workflows, teams can effectively implement security controls earlier in the development process.
Terraform security scan using checkov. In this video we will see how we can use checkov tool for scanning security issues within out terraform templates.
We will also see how to publish the results in pipeline, which makes it easy to go through the results and verify those.
มุมมอง: 2 471
วีดีโอ
Security Code Scan | Azure Pipeline
มุมมอง 3.6K3 ปีที่แล้ว
In this video we will see how to perform static code analysis using security code scan tool in azure build pipeline. In the demo section you will see how to install security code scan tool in all projects dynamically and then perform the scan. And at the end we will see how to display the results in task output.
OWASP Dependency Check | SCA Tools
มุมมอง 8K3 ปีที่แล้ว
This video contains details on what is SCA, what is OWASP dependency check, what are OWASP top 10 vulnerabilities and how to integrate OWASP dependency check in azure pipeline.
SonarCloud integration with Azure Pipeline
มุมมอง 22K3 ปีที่แล้ว
This tutorial covers all the steps required to integrate SonarCloud with azure pipeline. We will see its benefits and issues you might face while integrating it. We will also see how to integrate quality gate result in pull request.
Builder Design Pattern | C# Design Patterns
มุมมอง 6033 ปีที่แล้ว
This video contains all the implementation details related to builder design pattern. I have covered how builder design pattern is used, how it works and actual implementation for same.
Decorator Design Pattern | C# Design Patterns
มุมมอง 3683 ปีที่แล้ว
This video contains all the implementation details related to decorator design pattern. I have covered where decorator design pattern is used, how it works and actual implementation for same.
Façade Design Pattern | C# Design Patterns
มุมมอง 3663 ปีที่แล้ว
This video contains all details related to facade design pattern and its implementation with good example. It will help you to understand how it works and how to apply facade design pattern in your application.
Adapter Design Pattern | C# Design Patterns
มุมมอง 1.1K3 ปีที่แล้ว
This video contains details on how Adapter design pattern works and how to implement it in your code. It contains details on what problems adapter design patter solves, how to use it and which other patterns look similar but they are not. With this course you will get confidence to implement adapter design pattern in your code.
SonarQube analysis and SonarLint integration with Visual Studio 2019
มุมมอง 47K3 ปีที่แล้ว
This video contains details on how to configure SonarQube on local system and perform the scan for local solution. It also contains details on how to integrate SonarLint with Visual Studio. I have also covered how to scan code coverage in visual studio for community/professional edition.
[Fixed] OBS Studio audio recording issue
มุมมอง 814 ปีที่แล้ว
After trying out many solutions available on the internet nothing worked for me. Finally, one setting worked which I have explained in the video. Please do subscribe to my channel and let me know in the comment section if this solution worked for you.
[Fixed] OBS studio not capturing display (Black screen)
มุมมอง 1134 ปีที่แล้ว
OBS studio black screen issue seems to be common on laptops as more than one graphics card is involved. With the settings mentioned in the video, you can fix the issue. For capturing games select High-performance option. I have already done the settings so you will already see OBS studio in the graphics settings window.
How to generate personal access token from Azure?
dont to need python to install using pip ?? does microsoft hosted agents have python in it??
Bro you are awesome. I will connect with you
Thanks for this beautiful video. Do you have a github repo for this sample project that you can share. Will really appreciate to get a practical hands on. Thanks in advance
which is best sca tools?
Hi sir my unit test project does not lines of code on sonarcube server what can be issue it also does not show code coverage for unit test project
Hi nice explaination, actually I wanted to fail build with sonar qube warning can please help me how to do it
Great demo! But how does it work under the hood? Is an agent from SonarCloud downloaded on the build agent machine for making the quality checks?
Really a great vedio Please can I know what is input to scan --scan ??? it the build location or the source code
Great Explanation,thanks for the Info
Nice tutorial. Could you please help me how to get the source code for this project? i mean ProfileInfo source code C#. Thanks
Hello Buddy. Great video. Can you also create some tutorial on OWASP ZAP and its integration in Azure Pipeline?
Yes, soon will create one.
Can u help me in. I am struck in one of statuschecks implementations. I have enabled it as a mandatory check for Code quality but they are listed out as optional.
Can you please provide me the repo ?
Thanks for you video, I am trying to intergrate sonarQube with angular 12 application, Sonar detect any username and password but not detection any accesskey(api key) if hardcoded value, is there any way to write rules for this case...
@The Software Developer can u please suggest how to perform code analysis for the same by using jenkins freestyel job
Hi, Nice tutorial. Thanks for posting it. I'm trying to understand what SQ is actually scanning. My understanding is that it's the embedded source code, which is what goes into the compiler, not what is generated by the compiler.
i did not get coverage-opencover.xml file on unit test project 15:19 here
nice thanks to help
You sucks explaining, what is all the configuration to get the report?
Thank You Very Much.
Thank You Very Much
excellent👏👏👏👍👍👍
Thank you :)
Excellent
Thankyou for the video., But for me its showing no code coverage...wat might be the problm?
Sorry for delayed response, the reason can be wrong configuration for coverage file.
How can I configure sonarcloud through docker image and yml file?
Sorry for delayed response, I have not tried this but you can check if there is any existing docker image with this sonarqube configuration.
Hi, great video. How can I scan all type of files, not only .csproj? Thank You!
I think if you provide root location for scan then it goes for scanning all file, let me know if you try it.
@@thesoftwaredeveloper2307 I have no idea. I want to scan all files, all extensions. Any idea?
I ran the sonar test-specific command. I had one test case, it passed but the coverage file didn't generate.
Awesome presentation, you are a gem! Thank you for helping the community, may you grow exponentially professionally for the great work you are doing. Would be great if you cover some other integrations like ServiceNow in the release pipeline for change management, that would be so cool. Thanks BOSS!
Thank you for the comment...
I am trying to setup the PR decoration. I have followed the steps you have mentioned. But I am not able to view SonarCloud/qualitygate in the status check of the branch policy. Do we need to add any configuration to the pipeline to view that?
Make sure you are not doing it on private repository, for private repository I think you will need developer edition. If you are not using private repository then follow steps mentioned in below blog, let me know if it solves the problem. writeabout.net/2019/04/18/use-pull-request-decoration-in-azure-devops-with-sonarcloud/
Great Explanation, but where can i configure file exclusions(not on ui). if wanted to change in sonar-project.properties file and based on that i want my analysis scope defined
Sorry for delayed response, I have not tried this approach but try something like this: sonar.exclusions=system/**, test/** Let me know if this works, I will also try from my end to see if this works.
Thank you very much, nice explanation.
Than you for the comment, if the content helps you do subscribe to my channel.
How can we include to the branches in sonarcloud????
Sorry for delayed response, for branch analysis I think you can use below parameter: sonar.branch.name Project will stay same, only branch name will be additional parameter.
@@thesoftwaredeveloper2307 thanks for ur response,I'm able to get that branch 😉
I am setting up sonar PR decoration for my ADO Project. I am not getting drop down for sonar status check. what can be the issue?
Sorry for the delayed response, check if you are using private repository for scanning. I think for it free only for public repositories. You can also refer below steps for enabling it: writeabout.net/2019/04/18/use-pull-request-decoration-in-azure-devops-with-sonarcloud/
Superb mate, it is very good explanation. Cheers.
Glad you liked it!
Thank you so much, how I can excludes some projects from code coverage, or exclude all projects and include one project for the testing.
Sorry for delayed response, that can be done from project settings on sonar portal. Please refer below link for same -- docs.sonarqube.org/latest/project-administration/narrowing-the-focus/
10:45 Could you please help me on configuring sonarcloud for multiple projects? How we can add variables or parameters.
Sorry for delayed response. You can try scanning different projects with different project keys, that will make sure results are shown separately for each project.
@@thesoftwaredeveloper2307 I have used pre-defined variables and its working.
Very well explained. Thanks!! Will it generate coverage report on sonar cloud if some tests are failing ?
sorry for delayed response, if code coverage file is generated and you are performing sonar scan even after test failure then yes the results will be published to sonar.
thank you for explanation 👍
Glad it was helpful!
How can we perform incremental scan or scanning the modified file in CI/CD pipeline?
Sorry for delayed response, you try integrating sonar scan in pull request. That will make sure the scan is performed on the files which are modified.
Does code build mandatory step in sonarqube, as I am facing issue with build via command prompt. Although it is getting succesfull build in VS2019. I am also getting MSBUILD : error MSB1008: Only one project can be specified. Can you please help me with this?
Sorry for the delayed response, based on what I have seen so far this issue comes if there is any space in arguments. Please verify if the arguments you are passing to the command are in correct format.
Man - Your scanning command is incomplete
Any issues you are facing?
@@thesoftwaredeveloper2307 The sequence of executing commands is like: Step 1: dotnet sonarscanner begin /k:"MyProject" /d:sonar.host.url="localhost:9000" /d:sonar.login="KEY" Step 2: dotnet build Step 3: dotnet sonarscanner end /d:sonar.login="KEY" KEY has to be configured from SONAR portal while creating a new project setup and SONAR is autogenerating this commands for us. Also the mention of default login credentials to SONAR is also reqruied.
@@dhruval20 Thanks for pointing it out. As I was running all the setup locally that might be the reason I never needed to pass token, may be Force User Authentication setting was disabled so it worked fine but great that you have solution for that. For default credentials I have mentioned it at 14:22 I think, as user - admin and pass-admin.
@@thesoftwaredeveloper2307 I am also trying on my local. And I also feels like it will be better to introduce the configuration of JDK. Latest version of JDK is not compatible with SONAR. It fails to start ES & JVM. Need to downgrade the JDK version and also need a configuration of JAVA_HOME
How do you set the quality gate standard?
Sorry for delayed response, I have not tried that but you can follow steps mentioned in below blog to achieve it: writeabout.net/2018/09/25/fail-your-azure-devops-pipeline-if-sonarqube-quality-gate-fails/
Thank you for explaining the configurations and generating reports. This video is helpful.
Glad it was helpful! Please do subscribe to my channel.
Thank you, can you please share the power shell script.
Thanks for watching the video. Actually I do not have those scripts anymore, you will need to take those from the video only.
Finally I found those scripts, please refer below link for scripts: github.com/swapnilsomkuwar25/ScriptFiles/blob/main/SAST_Scan_Result.ps1
Thank you very much, this is helpful :)
Thank you for your comment.
Thanks for the video, I am using SonarQube Community Version and Visual Code(with Angular, TypeScript and JavaScript). I run the commands and get the result in SonarQube. But I have two issues. 1) The Coverage is always shown as 0.0%..... 2) The Hotspots Reviewed sometimes shows E and A. .. Can you please help me as what need to done or configure to solve these two issues?
Thanks for watching the video, I came across below article on integrating angular code coverage with sonarqube and similar steps I have followed in past: medium.com/@learning.bikash/angular-code-coverage-with-sonarqube-d2283442080b Let me know if you still face the issue.
@@thesoftwaredeveloper2307 Thanks for the article. I have almost all the necesary set up. But still I am facing the same issues. Please your help. May be I need to some additional settings in sonarqube and my code in VS Code.?
@@amiraliansari9887 Sorry for delayed response, I was in training for last week. Please confirm if below steps works for you, these are the steps I have followed in my project: First, we need to install sonar-scanner node package in the Angular application. Use below command to install this sonar-scanner package: npm install sonar-scanner - save-dev Once the package is installed, create file named “sonar-project.properties” in project root directory and add below configurations in it: sonar.host.url={IP}:9000/ sonar.login=admin sonar.password=admin sonar.projectKey=text-phrase-client sonar.projectName=text-phrase-client sonar.projectVersion=1.0 sonar.sourceEncoding=UTF-8 sonar.sources=src sonar.exclusions=**/node_modules/** sonar.tests=src sonar.test.inclusions=**/*.spec.ts sonar.typescript.lcov.reportPaths=coverage/lcov.info Run below command in terminal to generate the code coverage file: ng test - watch=false - code-coverage New Folder named coverage will be created under project directory: First, we need to add below script entry in package.json file: "scripts": { "sonar": "sonar-scanner" } Once done, run below command to perform the sonar scan: npm run sonar
Thank you so much for your great explanation. It was really good. I have a question, for test project configuration, you have configured opencover.xml file right, can we do the same via commands?
Thank you for the comment. Below page contains the commands you can use for setting up the open cover reports path: docs.sonarqube.org/latest/analysis/coverage
@@thesoftwaredeveloper2307 Hi sir my unit test project does not show lines of code on sonarcube server what can be issue it also does not show code coverage for unit test project
Hi if I login with GitHub credential, I can't see Azure DevOps organization name?
For azure DevOps organization you will need to use your azure DevOps account.
Great explanation but can you tell me the exact JDK and the link to download it? Open JDK 13 is not available and Oracle JDk is not working. Its giving me this error when I try to run SonarStart.bat Waiting for Elasticsearch to be up and running Unrecognized VM option 'UseConcMarkSweepGC'
same error with me. I used JDK 11 and it worked for me
@@treegacayan753 thanks. I will try that