Check all repositories in a GitHub organization for SHA1Hulud vulnerabilities by analyzing lock files via GitHub API (no cloning required).
export GITHUB_ORG=myorg
export GITHUB_TOKEN=ghp_xxx
curl -s https://gist.githubusercontent.com/Lp-Francois/cf203ef12ffd597dceb4716900e0dbe1/raw/392abd4bf134245085fb877ed837d47b5b60b487/check-github-org-sha1hulud.js | node
| #!/usr/bin/env node | |
| /** | |
| * SHA1Hulud Vulnerability Checker | |
| * | |
| * Checks if the workspace is affected by the SHA1Hulud vulnerability | |
| * as described in https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24 | |
| * | |
| * Usage: node tools/check-sha1hulud-vuln.js | |
| */ |
| #!/bin/bash | |
| # Script to check if repository is affected by vulnerable package versions | |
| # Usage: ./check-for-sha1hulud.sh | |
| # See https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24 | |
| # Disclaimer: AI-generated | |
| set -e | |
| # Colors for output |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: hello-there | |
| spec: | |
| containers: | |
| - name: nginx | |
| image: nginx:latest |
| /* | |
| Run the following to get started: | |
| 1. `mkdir example-dir && cd example-dir` | |
| 2. `npm init -y` | |
| 3. `npm i pino-http --save` | |
| 4. `touch example.js` | |
| */ | |
| 'use strict' |
| #!/usr/bin/env bash | |
| set -o errexit | |
| set -o pipefail | |
| # Activate debug: | |
| # set -x | |
| # Require https://github.com/yannh/kubeconform | |
| # Require https://helm.sh/docs/helm/helm_install/ |
A lot of people land when trying to find out how to calculate CPU usage metric correctly in prometheus, myself included! So I'll post what I eventually ended up using as I think it's still a little difficult trying to tie together all the snippets of info here and elsewhere.
This is specific to k8s and containers that have CPU limits set.
To show CPU usage as a percentage of the limit given to the container, this is the Prometheus query we used to create nice graphs in Grafana:
sum(rate(container_cpu_usage_seconds_total{name!~".*prometheus.*", image!="", container_name!="POD"}[5m])) by (pod_name, container_name) /
| #!/bin/bash | |
| set -o pipefail | |
| doctl="/usr/local/bin/doctl" | |
| FW_ID=the-id-of-the-firewall-wqd-2312-qwdq | |
| FW_NAME=my-databases-firewall-for-admin | |
| CACHE_PATH="/path/to/my/cache/named/.cache" | |
| TAG_NAMES=mongodb,mysql,other | |
| function valid_ip() |
| #!/usr/bin/env bash | |
| # back-up script | |
| echo " " | |
| echo "[~_~Z~@] Start back-up script" | |
| DATE=$(date +"%y-%m-%d_%H_%M_%S") | |
| REMOTE_NAME="remote" | |
| REMOTE_FOLDER="backups" |