AI 생성 코드의 보안 취약점 제거를 위한 7단계 감사 체계 및 CI 자동화 전략
AI Code Security Audit for Startups: What to Check Before Deploying
AI Code Security Audit for Startups: What to Check Before Deploying
Your AI Code Has 6 Secret Hits. Only 3 Ship in the npm Package.
I built a local-first LLM code reviewer in Go. Here's the entire pipeline.
I built a live secret scanner for VS Code (and why CI scanning is too late)
I Ran Gitleaks Against My Own Repo and Found 12 Real Secrets
Three Security Checks for Any AWS Pipeline
Secret Scanning in CI: What Pre-Commit, Pull Request, and Main Branch Each Actually Catch
Making secret scanning more trustworthy: Reducing false positives at scale
Non-Human Identity Governance: Field Tips for 2026
The Pre-Commit Hook That Catches API Keys Before They Hit Git
How to Stop Leaking AWS Keys to GitHub (And What to Do When You Already Did)
GitHub Expands Secret Scanning with General Availability of MCP Server Integration
I shipped cc-audit as a GitHub Action. Now your CLAUDE.md gets linted on every PR.
4 Open-Source Security Tools Every Dev Should Know
I built a CLI that scans, validates and audits your .env files and it works with any stack
The Case for Secret Validation: Building an Open Source Tool to Reduce Risk
We scanned 1,764 vibe-coded apps. 453 had critical vulnerabilities. Here's what we found beyond Supabase RLS.
Cloudflare and GitHub are building identity systems for AI agents. We're not ready for this.
GitHub for Beginners: Getting started with GitHub security
Hugging Face partners with TruffleHog to Scan for Secrets