Fail a Gitlab pipeline when code coverage decreases
Nov 18, 2020
Automatic and continuous testing is a fundamental part of today’s development cycle. Given a Gitlab pipeline that runs for each commit, we should enforce not only all tests are passing, but also that a sufficient number of them are present.
Create a PyTorch Docker image ready for production
Nov 3, 2020
docker and pytorch
Given a PyTorch model, how should we put it in a Docker image, with all the related dependencies, ready to be deployed?
Introducing Daintree.app: an opensource alternative implementation of the AWS console.
May 1, 2020
aws and daintree.app
Daintree.app is a website to manage some of your AWS resources: since this is an early preview, at the moment, it supports a subset of Networking, EC2, SQS, and SNS
Leveraging AWS Lambda to notify users about their old access keys
Feb 29, 2020
I love to spend time trying to automatize out boring part of my job. One of these boring side is remembering people to rotate AWS Access Keys, as suggested also by AWS in their best practices.
My year on HackerOne
Dec 28, 2019
Last year, totally by chance, I found a security issue over Facebook - I reported it, and it was fixed quite fast. In 2018, I also found a security issue over Gitlab, so I signed up to HackerOne, and reported it as well. That first experience with Gitlab was far from ideal, but after that first report I’ve started reporting more, and Gitlab has improved its program a lot.
Exploring Gitlab Visual Reviews
Nov 3, 2019
With version 12.0 Gitlab has introduced a new interesting feature: Visual Reviews! You can now leave comments to Merge Requests directly from the page you are visiting over your stage environment, without having to change tab.
Using AWS Textract in an automatic fashion with AWS Lambda
Jun 24, 2019
During the last AWS re:Invent, back in 2018, a new OCR service to extract data from virtually any document has been announced. The service, called Textract, doesn’t require any previous machine learning experience, and it is quite easy to use, as long as we have just a couple of small documents. But what if we have millions of PDF of thousands of page each? Or what if we want to analyze documents loaded by users?
Responsible disclosure: improper access control in Gitlab private project.
Apr 19, 2019
As I said back in September with regard to a responsible disclosure about Facebook, data access control isn’t easy. While it can sound quite simple (just give access to the authorized entities), it is very difficult, both on a theoretical side (who is an authorized entity? What does authorized mean? And how do we identify an entity?) and on a practical side.
Glasnost: yet another Gitlab's client.
Feb 10, 2019
gitlab and glasnost
I love Gitlab. I have written about it, I contribute (sporadically) with some code and I am a big fan of their CI/CD system (ask my colleagues!). Still, they need to improve on their mobile side.
Responsible disclosure: retrieving a user's private Facebook friends.
Sep 23, 2018
Data access control isn’t easy. While it can sound quite simple (just give access to the authorized entities), it is very difficult, both on a theoretical side (who is an authorized entity? What does authorized mean? And how do we identify an entity?) and on a pratical side.