9 Matching Annotations
  1. Nov 2022
    1. Individual enterprises can use the DBoM through vendors or other partners or can choose to run aDBoM Node. DBoM Nodes are available as open source and can be created without externalsupport by any entity or can be hosted as a service.

      DBOM projects looks to be unmaintained. https://github.com/DBOMproject

  2. Mar 2022
    1. Defender for Containers expands on the registry scanning features by introducing the preview feature of run-time visibility of vulnerabilities powered by the Defender profile, or extension.

      This only works for images deployed from an ACR.

  3. Jul 2020
    1. 8. Foster a positive code review culture

      Peer review can put strain on interpersonal team relationships. It is really important to create the best culture of collaboration and learning. While it´s easy to see defects as purely negative, each bug is actually an opportunity for the team to improve code quality.

    2. Authors should annotate code before the review occurs because annotations guide the reviewer through the changes

      Guide the reviewer during the review process

    3. It´s also useful to watch internal process metrics, including:

      Inspection rate Defect rate Defect density

    4. Before implementing a process, your team should decide how you will measure the effectiveness of peer review and name a few tangible goals.

      Set few tangible goals. Fix more bugs is not a good example.

    5. Code reviews in reasonable quantity, at a slower pace for a limited amount of time results in the most effective code review.

      Only less than 500 LOC per hour

    6. The brain can only effectively process so much information at a time; beyond 400 LOC, the ability to find defects diminishes.

      <400 LOC