Monday, May 28, 2018

NodeJS static code security analysis

Use the ESLint security plugin to find out potential vulnerabilities in your nodejs code and the node security package (nsp) to find vulnerabilities in your dependencies. Here is a quickest way to get an idea where you are: Install eslint and the security plugin: Have a minimal eslint-sec.json file somewhere locally. Note that there is an issue I reported with one of the rules: Without messing with your project details use the plugin to get a report of where your code is in terms of common possible vulnerabilities:
eslint --no-eslintrc -c /path/to/eslint-sec.json /path/to/project/source/code/dir/
Here is a quick intro to nsp: Up to you to automate this and include it in your pipeline. No kidding, do it!

Saturday, May 05, 2018

Run kubernetes on specific cluster or context

First get credentials
gcloud container clusters get-credentials ${CLUSTER_NAME} --zone ${ZONE_NAME} --project ${PROJECT_NAME}
Then list the context:
kubectl config get-contexts
Then either switch to a context:
kubectl config use-context $CONTEXT_NAME
Or simply run each command using the --context flag. For example to list the pods in a specific cluster run:
kubectl --context $CONTEXT_NAME get pods
To avoid verbosity, create functions in ~/.profile:
kubetest() {
    kubectl --context=$TEST_CONTEXT_NAME "$@"
}

kubeprod() {
    kubectl --context=$PROD_CONTEXT_NAME "$@"
}

Followers