Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

AEM Users: Which Third-Party Tool Do You Prefer - Veracode, Snyk, or Others ?

Avatar

Level 2
Level 2
10/15/24 12:09:35 PM

Hi AEM Community,

I’m reaching out to gather insights on the third-party tools you use for Adobe Experience Manager (AEM) that will allow us to increase the security on our codebase/projects. Specifically, I’m interested in understanding your experiences with tools like Veracode and Snyk, but I’m also open to hearing about any other tools you find valuable.

 

Here are a few questions to guide your responses:

  1. Which third-party tool do you use with AEM (e.g., Veracode, Snyk, or another tool)?
  2. What are the key benefits you’ve experienced with this tool?
  3. Are there any challenges or limitations you’ve encountered?
  4. How has this tool impacted your workflow or project outcomes?
  5. Would you recommend this tool to other AEM users? Why or why not?

Your feedback will be incredibly helpful for anyone looking to enhance security on AEM with reliable third-party tools.

Thank you in advance for sharing your experiences!

Views

154

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 8
Level 8
10/16/24 1:03:41 PM

Hi @JM-JosePerez,

 

on my current project, we are using:

  • GitHub Actions for CI/CD like AEM Git Sync, RDE Deployments, UI Testing, Performance Testing
    • Pros: Simple to use but still powerful, many plugins available that make integration with other tools simple, Dependabot raises automatic PR for dependency updates, branch protection rules to ensure quality gates pass
    • Cons: Haven't found one yet, it was a great experience to migrate from Jenkins to Actions
    • Recommendation: 5/5
  • SonarQube with Custom AEM Rules for static code checks on every PR
    • Pros: Catches a lot of issues in the code, ensures good code coverage, ability to develop and install custom rules, easy to automate with GitHub Actions
    • Cons: Some rules are opinionated, not so simple to write custom rules, the cloud version doesn't allow custom plugins/rules
    • Recommendation: 4/5
  • Snyk for license and vulnerability checks on every PR
    • Pros: Super simple to set up, PR decorations work on the Cloud version with just one click, Simple interface with guidance on how to fix vulnerabilities and ability to automatically open PRs for new vulnerabilities found
    • Cons: I haven't used it for a long time, but for now it does exactly what we need it to do
    • Recommendation: 5/5
  • Sentry for real-user monitoring, core web vitals, and frontend errors
    • Pros: Important not to forget about frontend errors and performance as every project has them, quite simple to set up, a powerful interface enables easy team collaboration, and can automatically track releases and link issues to commits
    • Cons: Requires someone to review, manage and prioritize issues
    • Recommendation: 5/5

 

Hope this helps,

Daniel

View solution in original post

Views

99

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Community Advisor
Community Advisor
10/16/24 8:43:48 AM

@JM-JosePerez  When you say you want to enhance AEM set up? where exactly ? Is it in Content creation , Pipeline set up for deployment or Devops or security scan for vulnerabilities or anything else? 
looks like the products you mentioned are code scan for security? Currently we use Nexus IQ scan for code vulnerabilities , even look for vulnerabilities in dependency jar and address the issues. 

Your questions are very broad to discuss. 

Views

108

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
10/16/24 12:26:15 PM
In response to Saravanan_Dharmaraj

Thank you for the pointers. I have edited the questions to make it clearer for the community. My company and I will look at Nexus IQ but would love to know any other recommendations too!

Thank you!

Views

102

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 8
Level 8
10/16/24 1:03:41 PM

Hi @JM-JosePerez,

 

on my current project, we are using:

  • GitHub Actions for CI/CD like AEM Git Sync, RDE Deployments, UI Testing, Performance Testing
    • Pros: Simple to use but still powerful, many plugins available that make integration with other tools simple, Dependabot raises automatic PR for dependency updates, branch protection rules to ensure quality gates pass
    • Cons: Haven't found one yet, it was a great experience to migrate from Jenkins to Actions
    • Recommendation: 5/5
  • SonarQube with Custom AEM Rules for static code checks on every PR
    • Pros: Catches a lot of issues in the code, ensures good code coverage, ability to develop and install custom rules, easy to automate with GitHub Actions
    • Cons: Some rules are opinionated, not so simple to write custom rules, the cloud version doesn't allow custom plugins/rules
    • Recommendation: 4/5
  • Snyk for license and vulnerability checks on every PR
    • Pros: Super simple to set up, PR decorations work on the Cloud version with just one click, Simple interface with guidance on how to fix vulnerabilities and ability to automatically open PRs for new vulnerabilities found
    • Cons: I haven't used it for a long time, but for now it does exactly what we need it to do
    • Recommendation: 5/5
  • Sentry for real-user monitoring, core web vitals, and frontend errors
    • Pros: Important not to forget about frontend errors and performance as every project has them, quite simple to set up, a powerful interface enables easy team collaboration, and can automatically track releases and link issues to commits
    • Cons: Requires someone to review, manage and prioritize issues
    • Recommendation: 5/5

 

Hope this helps,

Daniel

Views

100

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
10/22/24 10:03:09 AM
In response to daniel-strmecki

Thank you so much for your comprehensive and insightful reply! Your breakdown of the tools and their pros and cons is incredibly helpful

Views

72

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Optimizing Daily API Calls in AEM: A Better Solution? Solved

Views

164

Likes

0

Replies

5
AEM dispatcher not serving page from publisher

Views

38

Likes

0

Replies

0
RTE full options not appearing in minimized view AEM 6.5 cloud

Views

143

Likes

0

Replies

4
Redirects do not work with x-aem-client-country header

Views

123

Likes

0

Replies

1
Community: Likes do not show up

Views

97

Likes

0

Replies

1