Security
21 posts
Sentinel: Using MCP Sampling to Analyze Your Own Tool Security
Building an MCP server that uses sampling to discover your connected tools and analyze them for security risks, with no API keys required.
A Practical Guide to GitHub Branch Protection Rules
What each GitHub branch protection rule actually does, when to use it, and how to choose the right configuration for your project's size and risk profile.
Ruff vs Traditional Bandit - A Performance Comparison
Ruff is 25x faster than traditional Bandit. Here's what that performance difference means for your workflow and when to choose each tool.
Integrating Bandit into CI/CD Pipelines
How to add Bandit security scanning to your CI pipeline without breaking every build and making developers hate you forever.
Managing Bandit False Positives Without Breaking Security
How to handle false positives in Bandit without accidentally silencing the real vulnerabilities hiding among them. A practical guide.
Governance in AI Agent Security
Why prompt injection defenses keep failing and what enterprise AI deployments actually need to detect the lethal trifecta.
SQL Injection Detection with Bandit Rule B608: Beyond the Basics
Learn how Bandit's B608 rule detects SQL injection vulnerabilities in Python. Understand common patterns, secure alternatives, and defense strategies.
Advanced Bandit Configuration: Custom Rules and Team Workflows
Master advanced Bandit features including custom rules, baseline configurations, and team-wide security policies for enterprise Python development.
Ghost Letters: The Hidden Signatures AI Leaves in Your Text
From fancy punctuation to zero-width characters, here's how AI tools leave their calling cards in your content-and what you can do about it.
Bandit Severity Levels: Understanding High, Medium, and Low Findings
Master Bandit's severity and confidence classification system. Learn how to prioritize security findings and build effective remediation workflows.