Using Snyk, NSP and Retire.JS to Identify and Fix Vulnerable Dependencies in your Node.js Applications


Dependency management isn’t anything new, however, it has become more of an issue in recent times due to the popularity of frameworks and languages, which have large numbers of 3rd party plugins and modules. With Node.js, keeping dependencies secure is an ongoing and time-consuming task because the majority of Node.js projects rely on publicly available modules or libraries to add functionality. Instead of developers writing code, they end up adding a large number of libraries to their applications. The major benefit of this is the speed at which development can take place. However, with great benefits can also come great pitfalls, this is especially true when it comes to security. As a result of these risks, the Open Web Application Security Project (OWASP) currently ranks “Using Components with Known Vulnerabilities” in the top ten most critical web application vulnerabilities in their latest report.

Continue reading “Using Snyk, NSP and Retire.JS to Identify and Fix Vulnerable Dependencies in your Node.js Applications”

Perform hands-on, real-world IoT development at the Red Hat Summit IoT CodeStarter

What happens when you have expensive industrial equipment that needs to be moved from point A to point B and you want to anticipate all that could happen in the process: improper handling, power failure, or even thievery? How do you collect data from its various sensors (vibration, humidity, etc.) to make sure your equipment is operating properly? How do you provide connectivity so that all the way from point A to point B, your asset is reporting to a backend server to allow for remote tracking? What kind of backend system should you rely on for collecting and making use of the information that you will be collecting?

Join this year’s Red Hat Summit IoT CodeStarter [1] to experience – live! –  the capabilities of open source projects such as Eclipse Kura and Eclipse Kapua for creating efficient and easy-to-maintain IoT solutions for asset management.

Continue reading “Perform hands-on, real-world IoT development at the Red Hat Summit IoT CodeStarter”

Red Hat Summit 2017 – Planning your Cloud and Containers Labs

This year in Boston, MA you can attend the Red Hat Summit 2017, the event to get your updates on open source technologies and meet with all the experts you follow throughout the year.

It’s taking place from May 2-4 and is full of interesting sessions, keynotes, and labs.

This year I was part of the process of selecting the labs you are going to experience at Red Hat Summit and wanted to share them to help you plan your cloud and containers labs experience. These labs are for you to spend time with the experts who will teach you hands-on and how to get the most out of development with containers and in the Cloud using products like OpenShift Container Platform.

Each lab is a 2-hour session, so planning is essential to getting the most out of your days at Red Hat Summit.

As you might be struggling to find and plan your sessions together with some lab time, here is an overview of the labs, you can find the exact room and times in the session catalog. Each entry includes the lab number, title, abstract, instructors, and is linked to the session catalog entry:

Continue reading “Red Hat Summit 2017 – Planning your Cloud and Containers Labs”

40+ Cloud Native Development sessions/labs/demos at Red Hat Summit

There’s a whole lot of activity around the complementary aspects of microservices, containers, open source, and cloud, so I’ve assembled this set of sessions/labs/etc. for those of you who want to focus on Cloud Native Development at Red Hat Summit.  We’ll have a printed “Trail Map” version of this as well.  Come find me at the DevZone booth and “hi”.  Mention this blog article and I may have some swag for you.  🙂

Continue reading “40+ Cloud Native Development sessions/labs/demos at Red Hat Summit”

Benchmarking nftables

Since I’ve learned about nftables, I heard numerous times that it would provide better performance than its designated predecessor, iptables. Yet, I have never seen actual figures of performance comparisons between the two and so I decided to do a little side-by-side comparison.

Continue reading “Benchmarking nftables”

The Shadow Man on Our campus

Engineering is the platform where after the tenure of a four-year term we look back, feel proud about some of our own decisions, and regret others as well. Such as the following case at our college when first-time industry professionals met with one of the most experienced trainers of Red Hat, at our campus, spreading the word of Open Source.

Continue reading “The Shadow Man on Our campus”

Working with a Dispersed Team – Part 7 of 7

How to Build Community in Your Dispersed Team

People want to be part of something bigger than themselves. The identity of your team hugely influences that. Some teams discover shared interests or hobbies. Others share a sense of humor to cope with challenging customers. Camaraderie makes all the difference for workplace satisfaction. When that happens, people will work harder, work more smoothly with each other, and be less likely to leave. It’s great news that distance does not have to get in the way of your team’s community.

Continue reading “Working with a Dispersed Team – Part 7 of 7”

Develop and Deploy on OpenShift Next-Gen using Red Hat JBoss Developer Studio

The OpenShift Next-Gen platform is available for evaluation: visit It is based on Red Hat OpenShift Container Platform 3.4. This preview allows you to play with OpenShift Container Platform 3.4 and deploy artifacts. The evaluation is limited to one month. The purpose of the article is to describe how to use Red Hat JBoss Developer Studio or JBoss Tools together with this online platform.

Continue reading “Develop and Deploy on OpenShift Next-Gen using Red Hat JBoss Developer Studio”

Red Hat Summit 2017 is for developers

You may have read or heard that we folded DevNation into Red Hat Summit this year, which means that every Summit attendee has access to developer-related sessions, labs, and more!

Here are some highlights to look forward to at Red Hat Summit (and why you should attend):

  • LOTS of developer content. This is possibly the largest Red Hat-hosted commercial developer event ever with nearly 150 developer-related sessions, labs, BoFs, Lightning talks, CodeStarters [1], classes, and demos, plus nearly 50 Red Hat engineers available for one-on-ones in the new “Ask the Experts” area.
  • Find your sessions. As you search for topics, look at the Application Development track and beyond as you’ll find many additional and relevant sessions in different tracks as well.
  • Hot topic. Microservices, containers, and cloud are all hot topics right now, so for those of you that want to focus on these, we have a Cloud Native Development Trail Map that will help you focus on 40 sessions, labs, and more.

    Continue reading “Red Hat Summit 2017 is for developers”