Blog
Thoughts, tutorials, and insights on web development
—
DevSecOps
Blocking Unsafe Code: Security Audits in GitHub Actions
2025-09-017
Step-by-step guide to integrating bundler-audit, license_finder, and OSV Scanner into CI/CD pipelines — with YAML examples that block deployments until issues are fixed.
GitHub Actions
Ruby
Security
Supply Chain
DevSecOps
How RubyGems Protects Us From Supply Chain Attacks (And Why Every Ruby Developer Should Care)
2025-09-016
What happens behind the scenes during gem install: automated scanning, risk scoring, retroactive scanning, incident response — and why companies should support RubyGems critical infrastructure.
Ruby
RubyGems
Security
Supply Chain
DevSecOps