1. Introduction 🔗Security is a non-negotiable aspect of modern software development. As applications grow in complexity, so do the threats they face. In fact, the estimated value of cybercrime-related losses are projected to increase from ~ $8 trillion in 2023 to ~ $14 trillion worldwide in 2028. On average, an attack is launched every 3 seconds, counting 26,000 attacks on a daily basis [1]. To mitigate these risks, two core security testing approaches exist: Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).

As developers we routinely grapple with enforcing rules, even when we repeat the reminder a dozen times. Humans—ourselves included—forget the guidance or choose to cut corners. That was exactly the issue we hit in one of our repositories, where every folder uploaded to the app had to follow a slug-based naming convention. We started with manual reviews, but it quickly became obvious that automation was the only scalable answer. Fortunately, GitHub Actions came to the rescue. Their official page says it best:

Welcome to the official ufirst tech blog. We built this space to share how we design and operate the platform that keeps queues moving and customer experiences frictionless. Expect engineering deep dives, architecture decisions, release notes, and the lessons we learn while scaling for partners across mobility, retail, and public administration. What you can look forward to: Product and infrastructure updates straight from the teams shipping them Practical guides on building with the ufirst stack and our public APIs Culture stories from the people behind the service Thank you for stopping by. Subscribe to the RSS feed or follow along on https://ufirst.com to catch each new post.