Devsecops

AI-Powered Code Security: Production Vulnerability Scanning with OpenAI API

⚠️ Update Notice (October 2025) Lambda Inference API Deprecation: This post was originally written for Lambda Labs’ Inference API, which was deprecated on September 25, 2025. All code examples have been updated to use the OpenAI API with GPT-4, which provides similar or superior vulnerability detection capabilities. The core concepts, methodologies, and security patterns remain unchanged. Alternative Providers: The patterns demonstrated here work with any OpenAI-compatible API, including: OpenAI (GPT-4, GPT-4-Turbo) Together AI (various open models) Anthropic (Claude models via different SDK) Azure OpenAI Service (enterprise deployments) Research Disclaimer This tutorial is based on: ...

Automating Security: How to Scan AI-Generated Code with Endor Labs (Step-by-Step Guide)

Introduction AI-generated code from tools like GitHub Copilot and Cursor accelerates development but introduces hidden risks: 62% of AI-generated solutions contain security flaws, including hardcoded secrets, SQLi, and insecure dependencies. Traditional SAST tools struggle with probabilistic code patterns, creating a critical gap in modern DevSecOps pipelines. Endor Labs’ $93M-funded platform addresses this with AI-native static/dynamic analysis, scanning LLM outputs for context-aware vulnerabilities. This guide walks through local setup, CI/CD integration (with GitHub Actions examples), and custom rule creation to secure AI-generated code before deployment. ...

Securing AI-Generated Code: Production Workflows and Security Scanning

Research Disclaimer This tutorial is based on: Semgrep v1.55+ (SAST scanning) Bandit v1.7+ (Python security linter) CodeQL v2.15+ (GitHub Advanced Security) SonarQube v10.3+ (code quality & security) Academic research on AI code generation security (NYU 2023 study, Stanford 2024 study) OWASP Top 10 2021 vulnerability classifications All code examples demonstrate production-grade security scanning integrated into CI/CD pipelines. Tested with GitHub Actions, GitLab CI, and Jenkins. Security recommendations follow OWASP and NIST guidelines. ...

Hardening Your CI/CD: Terraform, Docker, and Kubernetes Security

Update (January 2026): The package versions in this tutorial were current as of March 2024. While the concepts and approach remain valid, you should check for newer versions of the tools mentioned (Hadolint, Terrascan, pre-commit hooks, etc.). Most importantly, update actions/checkout@v3 to actions/checkout@v4 in your workflows - v3 uses deprecated Node.js 16. As I continue this series on CI/CD pipeline security, it is time to now work on securely building and deploying our application. This post picks up where my Build Secure Python Pipelines: Adding Tests and Hooks in Action post left off. ...