dependency-check is a standalone maven plugin which checks for vulnerable dependencies. It’s hosted on GitHub. I switched to it from the victims-db, which no longer looks like it is updated. I had to carefully analyze the output, it was very helpful finding one issue where we had an unintended include.
Per Enqueue Zero, Nsenter is a utility enters the namespaces of one or more other processes and then executes the specified program. In other words, we jump to the inner side of the namespace. Search for the namespace, by searching for S+, and then using the PID to target the namespace, and run the local tools in the namespace. This is very helpful where the docker container does not contain the necessary tools by default.
Never accept the defaults: Lessons Learned using OpenJ9 in a Container Eclipse OpenJ9 is an efficient virtual machine with a small-dynamic footprint that is used for many cloud applications. Many applications use the OpenJ9 to run their applications, such as the Apache OpenWhisk, IBM FHIR Server and Open Liberty. I learned a few things about running Java applications with the OpenJ9 VM in Docker: Eclipse OpenJ9 knows about modern applications Tweak Your Settings Review your Settings 1. Eclipse OpenJ9 knows about modern applications The Eclipse OpenJ9 team smartly realized many Java applications are in a container or namespace or virtual…
The upper limits for prepared statement parameters in db2, postgres and derby.
As of IBM FHIR Server 4.10.2… A colleague of mine is entering into the depths of the IBM FHIR Server’s Bulk Data feature. Each tenant in the IBM FHIR Server may specify multiple storageProviders. The default tenant is assumed, unless specified with the Http Headers X-FHIR-BULKDATA-PROVIDER and X-FHIR-BULKDATA-PROVIDER-OUTCOME. Each tenant’s configuration may mix the different providers, however each provider is only of a single type. For instance, minio is aws-s3 and default is file and az is azure-blob. Note, type http is only applicable to $import operations. Export is only supported with s3, azure-blob and file. File Storage Provider Configuration…
With the change to Docker, Docker is changing its license going forward with Docker Desktop as noted in their license and blog. Much like a former colleague of mine’s article YADPBP: Yet Another Docker to Podman Blog Post, I have entered into the Docker Desktop migration.
My team uses GitHub Actions 18 in total jobs across about 12 workflows. When we get multiple pull requests we end up driving contention on the workflows and resources we use. I ran across concurrency control for the workflows. To take advantage of concurrency control add this snippet to the bottom of your pull request workflow: When you stack the commits you end up with this warning, and the prior job is stopped:
Tracing the IBM FHIR Server file access on MacOSX
Thie attached GIST is a package of Kubernetes yaml files and Java code to test locally with Docker/Kubernetes with the IBM FHIR Server. You’ll want to kubectl apply -f <filename> for each of the files. Then apply the fhir-server-config-snippet.json to your fhir-server-config.json And run kubectl config use-context docker-desktopkubectl -n fhir-cicd-ns port-forward kafka-0 9092 Thanks to https://github.com/d1egoaz/minikube-kafka-cluster for the inspiration.