• 0

Looking for a Solution that does the following


 Share

Question

I am looking to implement something that contains the features below for my development team.  Please let me know of the solutions that you would suggest.

 

  1. Secure Place
  2. Able to Put in Code Snippets
  3. Able to Save Passwords
  4. Able to Save Licenses
  5. Documentation around the Code
  6. Behind a SSO (SAML/AD/ADFS)
  7. Wiki type of interface
  8. Onsite or Cloud Solution

 

 

Link to comment
Share on other sites

5 answers to this question

Recommended Posts

  • 1

I know it's been some time since this question was asked, but it really depends on what you're using it for. Licenses are often store seperately from the things you stated above, however you can use secrets managers to store license keys if you're willing to do so.

 

The more popular all-in-one services that also offer on-prem deployments are GitLab and Atlassian. GitLab is a bit more modern, but supports things like Secrets/Passwords, git repos, documentation pages, etc. As far as I know you can also apply certain levels of encryption and SSO/SAML/OIDC.

Atlassian is a bit more pricey, but does offer additional options that can easily extend the usability, and Confluence is a pretty powerful tool that most other vendors can't quite compete with. For example, most other developer focused tools will require direct editing of Markdown files for documentation. Confluence allows anyone without code knowledge to make similarly rich pages in a wiki-style structure.

 

It all just depends on what features you most want to use, and what the skill level of the people who are going to be using it on a day to day basis is.

Link to comment
Share on other sites

  • 0

Hello,

Are you asking for a recommendation as to what to run this on?  Perhaps a network using Microsoft Windows Server 2019 with Active Directory as the server, and clients running Windows 10?  You could probably integrate macOS or Chrome OS, too, if those were in use.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

  • 0

I am asking for a solution that has all those features built in for developers to use.

 

So the secure place is optional to making sure it is either on site or soc II certified.

Link to comment
Share on other sites

  • 0
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Hamza Jawad
      Power BI Report Builder gets rebuilt as an x64 app, among other updates
      by Hamza Jawad



      In 2019, Microsoft released a new Report Builder tool for Power BI, with the rather self-explanatory purpose of allowing paginated reports to be authored and then published to the data analytics service. Around the time of its release, the tech giant launched a 'Feature Friday' series that highlighted the latest capabilities for the tool, including Secure Embed, adding comments, and more.

      Today, Microsoft has started rolling out a new version of the Power BI Report Builder. This version has been rebuilt as an x64 app, and users should notice this change in the form of performance improvements when it comes to designing and locally rendering paginated reports.

      As for other new additions, for starters, there is a new 'Data' tab. This acts as an efficient way to connect to a variety of different data sources when creating reports. Next up, DAX queries can now be copy/pasted with ease. Previously, users were required to connect to models in third-party tools to paste in custom DAX queries.

      Support for single sign-on (SSO) for SQL Server and Oracle data sources is now available too, through the Enterprise Gateway. And finally, the release also includes bug fixes and accessibility improvements.

      The latest version of Power BI Report Builder - which is currently in preview - can be downloaded from the Download Center here or the Microsoft Store here.

    • By Usama Jawad96
      Microsoft expands AccountGuard features to high-risk entities in 31 countries
      by Usama Jawad

      AccountGuard is Microsoft's cybersecurity offering that protects the digital security of high-risk entities such as political parties and their candidates, journalists, human rights workers, and more. The service is available in dozens of regions including the United States, the United Kingdom, France, and Spain.

      Now, Microsoft has announced that it is expanding AccountGuard's identity and access management protections to 31 democracies.

      Image via Pixabay Microsoft states that these "enterprise-grade" features were first made available to political campaigns in the 2020 U.S. presidential elections, and the company noted an 18% enhancement in the Microsoft Identity Protection Security Score for customers who utilized it. As such, it is now rolling these out to 31 democracies - where AccountGuard is already available - at no extra cost.

      Five of these 31 countries have elections coming up this year, which is why AccountGuard may play a crucial role. It will strengthen defenses against state-sponsored cyberattacks, hack-and-leak operations, and impersonation of campaign staff.

      Microsoft is also expanding its partnership with Yubico, with the latter now supplying 25,000 hardware security keys. Eligible customers will have access to a fixed number of YubiKeys depending upon their organization size.

      Identity and access management protections in AccountGuard include multi-factor authentication (MFA), single sign-on (SSO), privileged identity management (PIM), conditional access policies, and access governance. Microsoft says that deployment teams of engineers and partners such as the Patriot Consulting Technology Group will be assisting customers in onboarding to these solutions and making use of the aforementioned protections, if needed.

    • By zikalify
      Try out freeCodeCamp if you want to get into programming
      by Paul Hill



      Whether you’ve seen some of the latest robot or AI Sci-Fi films or you’re simply thinking about a change of career and want to learn to code, freeCodeCamp is an excellent resource to begin your journey into the world of programming, it's available to everyone around the world and at no cost.

      freeCodeCamp, which is a little over six years old, boasts more than 40,000 graduates who have gone on to get jobs at big tech firms including Microsoft, Apple, Google, Amazon, and Spotify. It offers a variety of courses which you work through where you'll learn all the relevant information before completing several projects which demonstrate you’ve learned the content - upon completion of the projects, you get a certificate for the course which appears on your public profile.

      This approach to teaching programming is great because you end up with five projects per course which can be shown off to prospective employers, who will most likely want to know what you’ve worked on. The courses that are available at the time of writing include:

      Responsive Web Design JavaScript Algorithms and Data Structures Front End Development Libraries Data Visualization APIs and Microservices Quality Assurance Scientific Computing with Python Data Analysis with Python Information Security Machine Learning with Python It’s recommended that you work through the material in order but nobody is stopping you from jumping to other sections first. In addition to the courses, there’s also a section called Coding Interview Prep which contains hundreds of coding challenges that “test your knowledge of algorithms, data structures, and mathematics” as well as additional projects which you can add to your portfolio.

      To help you along your coding journey, freeCodeCamp features a very active forum where you can ask questions if you get stuck on any of the tasks or just want to ask about any coding concepts. Once you are thinking about searching for jobs that utilise your new skills, the Career Advice section of the forums can provide you with invaluable information about landing a job.

      A few other niceties about the service include that content is available in English, Spanish, and Chinese, there are regular blog posts related to programming from contributors and they’ve created a radio player that loops music “designed for coding” 24/7.

      To begin learning, you do not need to create an account but making one is highly recommended so that you can save your progress, earn certificates, and have a public profile page to show off. To learn more about the service, reading the FAQs section is highly recommended.

    • By Usama Jawad96
      Microsoft open sources CodeQL queries used in Solorigate investigation
      by Usama Jawad

      Last week, Microsoft finally completed its Solorigate investigation, concluding that while some code files for Azure, Intune, and Exchange were accessed, no customer data was compromised. The cyberattack had caused major concern around the globe because it targeted the United States' federal departments, the UK, the European Parliament, and thousands of other organizations. Supply chain attacks were executed on SolarWinds, Microsoft, and VMware, with Microsoft President Brad Smith calling it "a moment of reckoning".

      Now, Microsoft has open sourced the CodeQL queries that it utilized in the Solorigate investigation.

      Image via Kevin Ku from Pexels For those unaware, CodeQL is code analysis engine which depends upon code semantics and syntax. It develops a database built around the model of the compiling code, which can then be queried just like a regular database. It can be used both for static analysis and retroactive inspection of code.

      CodeQL queries were used by Microsoft in its Solorigate investigation in order to analyze its code in a scalable manner and pinpoint indicators of compromise (IoCs) and other coding patterns used by Solorigate attackers directly on a code-level.

      Microsoft essentially built multiple CodeQL databases from various build pipelines, and then aggregated them in a single infrastructure to enable system-wide querying capabilities. This enabled the firm to detect malicious activity in code within hours of a coding pattern being described.

      Given that this is more of a syntactic and semantic technique that depends upon identifying similarities in coding patterns such as the variable names used, Microsoft has emphasized that if you find the same patterns in your own code base, that does not necessarily mean that it's compromised. Multiple programmers can of course have the same coding style.

      At the same time, it is also important to remember that a malicious actor is not constrained to a single coding style. Essentially, if the attacker deviates significantly from their usual implant pattern, they would be able to circumvent Microsoft's CodeQL queries. Regarding the syntactic and semantic code pattern identification capabilities of the CodeQL engine, the Redmond tech giant notes that:

      More information about using Microsoft's CodeQL queries is available here. You can find out more about how to deploy queries here.

    • By Usama Jawad96
      Microsoft: Customer data was not accessed in Solorigate attack
      by Usama Jawad

      In 2020, there was a major global cyberattack, spanning across the United States' federal departments, the UK, the European Parliament, and thousands of other organizations. It was reported to have been triggered by supply chain attacks on three major firms: SolarWinds, Microsoft, and VMware, where attackers were able to access private documents and emails. The attack was dubbed "Solorigate" by Microsoft with President Brad Smith calling it "a moment of reckoning". Now, the company has shared a final update on its Solorigate investigation.

      Image via Splashtop Microsoft Corporate Vice President of Security, Compliance, and Identity Vasu Jakkal has concluded that while nation-state actors were able to compromise some initial security procedures, they were then stopped by a "unified team of human and digital defenders". She also clarified that the company has found no proof of customer data or production services being breached. Furthermore, the investigation confirmed that Microsoft software was not used to attack other identities.

      Microsoft states that multiple factors aided in limiting the scope of this attack and these should be embraced by other security teams and organizations moving forward as well. These include adopting a Zero Trust security model with multi-factor authentication for credentials, and cloud technologies like Azure Active Directory and Microsoft 365 Defender. Lastly, Jakkal has emphasized that it is paramount that companies and teams work together to strengthen collective defenses.

      The Microsoft Security Response Center (MSRC) went on to say that:

      MSRC highlighted that even though the attack was discovered in December 2020 with organizations racing to mitigate the threat, its analysis shows that the malicious actor attempted access in January 2021 as well. It has clarified that across all of its services, the attacker was able to view and download only a small number of code files for Azure, Intune, and Exchange. None of the code files breached contained any live credentials being used in production environments.