This article details LinkedIn's efforts to upgrade its Static Application Security Testing (SAST) capabilities. It covers the challenges faced with legacy systems, the design principles guiding the modernization, and the implementation of a new GitHub Actions-based workflow to enhance security without disrupting developer productivity.

pinact is a command-line tool that helps you edit and pin versions of GitHub Actions and reusable workflows. It allows you to update versions, verify annotations, and create pull request reviews for better security and reliability in CI/CD pipelines.

The article discusses how the team automated updates for GitHub Actions runners using Claude AI, enabling seamless management and deployment of updates. This automation significantly reduces manual intervention and streamlines their workflow, enhancing overall efficiency in their development process.

Learn how to capture screenshots of a statically exported Next.js site using a GitHub Actions workflow, especially when preview deployments are not available. The article outlines a script utilizing Puppeteer to automate the screenshot process for each page during pull requests. Additionally, it provides details on setting up the workflow to build the app, serve it, and upload the screenshots as artifacts for review.

GitHub Actions allows users to specify any executable on the $PATH as the shell for running commands, rather than being limited to predefined shell values. This flexibility enables various unconventional uses, such as executing C code directly or modifying the $PATH dynamically. However, this raises potential security concerns, as it allows for unexpected behaviors in the execution environment.

Gemini CLI GitHub Actions is an AI-powered tool designed to enhance team collaboration in software development by automating routine coding tasks and facilitating issue triage and pull request reviews. Available in beta, it allows developers to delegate tasks easily using the @gemini-cli tag and offers robust security features to ensure safe operation in repositories. The tool is open-source, customizable, and encourages community contributions to enhance its workflows.