Hard problems are not solved by adding more people.

I've worked on a pet project in the weekend: #Drupal Dependency Quality Gate (#ddqg). For now, only quality-level-max is available and auto-generated with GHA with unsupported projects and versions. packagist.org/packages/mxr57… See what could come in the README #highQualityDrupal

I must admit, I have got a bit addicted on mass-analyzing dependency trees =] (See mxr576/ddqg package) It is also good to see that within a week, 3 projects got a D10 stable release. Keep up the good work everyone! #Drupal

We're proud to announce that Pronovix has been audited and certified as meeting the requirements of ISO/IEC 27001:2013 in the areas of software development, support, hosting and maintenance. We continue the hard work to deliver best-in-class services to our customers 🚀

Dear #Drupal community! Let me promote my new tool that enhances "composer audit" with extra advisories for insecure- (even if there is no CVE) and unsupported versions! Share in the thread if your project passed on it, you should be proud! #FOSS #php packagist.org/packages/mxr57…

Have you seen a pending CR/MR/PR before that was blocked because a security advisory has just been released for a existing dependency? Solution: Only audit changed packages! packagist.org/packages/mxr57… #php #Composer #opensource

Kudos to Tidelift (now Sonar) for all resource materials that I have used for this article!

Composer audit is already on Drupal steroid, did you know that? #Drush #DrupalConPittsburgh #Drupal #Composer

I am trying to explain colleagues why something is rather a domain- than an application service. I may have went a bit far with this diagram from the original problem statement... :) What do you think? #DDD #hexagonalarchitecture #onionarchitecture

\o/ With the support of pronovix I contributed 2 important changes to the Audit component. PR11605 changed the new ignore feature's implementation before the release and PR#11436 added support for multiple sec. advisory sources. github.com/composer/compo… github.com/composer/compo…

Composer 2.6.0 related enhancements were added to my Composer plugins and they also got the RC1 tag. Happy testing! :) Hopefully audit ignore feature helps with the adaptation of ddqg-composer-audit on #Drupal projects 🙈 packagist.org/packages/mxr57… packagist.org/packages/mxr57…

Just found Jiří Pudil's awesome #PHPStan #generics deep dive presentation. This is a super valuable asset for learning the essentials. I very much liked the "you've already used it" slides, they bring this idea more closer to the audience. docs.google.com/presentation/d…

TIL that #[\SensitiveParameter] in #PHP is not as powerful as I thought so... it simply does nothing in hierarchies. 3v4l.org/bWI8W 3v4l.org/KZWmp

🔒 pronovix enhances Drupal’s username privacy with 2 open-source modules for fine-grained control. Built for AI era, these tools boost security while maintaining flexibility for diverse needs. 🥂 for Drupal’s API-first future! 🚀 bit.ly/4fXHcwf Akos Horvath BICZÓ Dezső

As a little pre-Christmas gift, my #Composer plugins got #PHP 8.4 support today. 🎄 packagist.org/packages/mxr57… packagist.org/packages/mxr57… #opensource #dependencyTrack #securityAudit #maintainability

Is not this version number beautiful? 😍 111111111111111111111111111.... #Drupal