Merge pull request #107 from mergestat/chore/small-fixes

chore: add keywords to recent blogs posts
mergestat · Apr 29, 2023 · 9d06f61 · 9d06f61 · vercel · Apr 29, 2023
2 parents 1e345b1 + f4ce905
commit 9d06f61
Show file tree

Hide file tree

Showing 8 changed files with 8 additions and 1 deletion.
diff --git a/blog/2023-02-13-open-source-vulnerability-management/index.md b/blog/2023-02-13-open-source-vulnerability-management/index.md
@@ -4,6 +4,7 @@ authors: [patrickdevivo]
 description: In this post, we’ll explore how MergeStat’s integration with code scanners Grype and Trivy allows us to put together an open-source solution for managing vulnerabilities across many Git repositories.
 image: ./trivy-vulns-by-repo.jpg
 tags: [mergestat, sql, vulnerabilities, security, open-source]
+keywords: [cve, log4shell, secure open source, software security, trivy, trivy scan, grype, grype scan]
 ---
 
 # Open-Source Vulnerability Management w/ MergeStat 🔎

diff --git a/blog/2023-02-16-querying-renovate-bot-across-repos/index.md b/blog/2023-02-16-querying-renovate-bot-across-repos/index.md
@@ -4,6 +4,7 @@ authors: [patrickdevivo]
 description: Recently, we wanted to know which of our repos had Renovate installed, which is a use case several folks have now shared with us! This post showcases some of the queries we put together around our use of Renovate.
 image: ./renovate-prs-by-state.jpg
 tags: [mergestat, sql, vulnerabilities, security, open-source, renovate]
+keywords: [code vulnerabilities, npm check updates, renovate json]
 ---
 
 # Querying Renovate Bot Across Repos w/ SQL

diff --git a/blog/2023-02-26-tracking-git-release-frequency/index.md b/blog/2023-02-26-tracking-git-release-frequency/index.md
@@ -4,6 +4,7 @@ authors: [patrickdevivo]
 description: In our work on MergeStat, we've often wanted to understand how frequently we ship code, for a variety of reasons. Luckily, we've been able to *use* MergeStat as a way to extract measures of our release frequency.
 image: ./grafana-release-dashboard.jpg
 tags: [mergestat, sql, grafana, DORA, open-source, git]
+keywords: [git release, dora, dora metrics, open source dora metrics]
 ---
 
 # Open-Source Git Release Tracking w/ SQL 🚀

diff --git a/blog/2023-03-04-parsing-yaml-in-pg/index.md b/blog/2023-03-04-parsing-yaml-in-pg/index.md
@@ -4,6 +4,7 @@ authors: [patrickdevivo]
 description: MergeStat's mission is to make it possible to query *anything* involved in building & shipping software with SQL. Recently, we had a user looking to query YAML files across their git repos, wanting to extract and aggregate values from config files.
 image: ./pg-logo.png
 tags: [mergestat, sql, yaml, postgres, open-source]
+keywords: [yaml parsing, yaml, yaml to json, postgres json]
 ---
 
 # Querying YAML in PostgreSQL with PLV8 🐘

diff --git a/blog/2023-03-07-identifying-open-source-risk-part-2/index.md b/blog/2023-03-07-identifying-open-source-risk-part-2/index.md
@@ -4,6 +4,7 @@ authors: [peterfreiberg]
 description: Previously, we looked at a few ways we can look at open-source library risk across our code. In this article, we’ll look at how we can search for new known vulnerabilities once details become available. 
 image: ./log4j.png
 tags: [mergestat, sql, vulnerabilities, security, open-source]
+keywords: [cve, log4shell, secure open source, software security]
 ---
 
 :::info *Guest Post*

diff --git a/blog/2023-03-31-exploring-git-blame/index.md b/blog/2023-03-31-exploring-git-blame/index.md
@@ -4,6 +4,7 @@ authors: [patrickdevivo]
 description: One of MergeStat's more unusual data syncs is `GIT_BLAME`. It's unusual because the output of `git blame` is typically not viewed *in aggregate*, let alone with SQL 🙂. We spent some time playing with this data, and came up with some interesting queries! We also learned a bit about the MongoDB source code running these queries (from the time of writing)
 image: ./MongoDB_ForestGreen.png
 tags: [mergestat, sql, git, open-source, blame]
+keywords: [git blame, git blame line, mongodb, mongodb stats]
 ---
 
 # Exploring Git Blame w/ SQL 🌎

diff --git a/blog/2023-04-26-finding-pins-in-docker/index.md b/blog/2023-04-26-finding-pins-in-docker/index.md
@@ -4,6 +4,7 @@ authors: [peterfreiberg]
 description: In this article, we will look at processes and techniques for finding `Dockerfile`s across git repos, looking for specific image pinning practices. We will use the lens of a DevSecOps persona assessing the current state of where we are using a know-your-code approach.
 image: ./dockerfile-locations.png
 tags: [mergestat, sql, docker, security, open-source, know your code]
+keywords: [docker, dockerfile, secure docker, search docker]
 ---
 
 :::info *Guest Post*

diff --git a/docs/mergestat/solutions/appsec-and-devsecops/cve-management/README.md b/docs/mergestat/solutions/appsec-and-devsecops/cve-management/README.md
@@ -9,7 +9,7 @@ As such, CVE *management and mitigation* is a key part of an organization's prac
 
 Through our support for common open-source CVE detection tools, [MergeStat](https://github.com/mergestat/mergestat) can be used as a **purely open-source** solution for reporting on CVEs detected across source code in an org.
 
-It's very important for organizations of *any* size to apply best practices in **source code security**, as the potential impact of not doing so could be *catastrophic*, as recent high profile security breaches frequently remind us.
+It's important for organizations of *any* size to apply best practices in **source code security**, as the potential impact of not doing so could be *catastrophic*, as recent high profile security breaches frequently remind us.
 
 MergeStat can be used to gain **visibility into CVEs detected across *all* codebases in an organization** (across multiple Git providers if necessary).
 This is valuable for: