Mark Allen
@markhallen.dev
Building with Ruby on Rails. Learning SEO, marketing and Tailwind. Developer @ GitHub, former Shopify and United Nations. Opinions are my own.
Wiz is open‑sourcing baseline secure rules for popular languages/frameworks:
• Python: Flask, Django
• JavaScript: React, Node.js
• Java: Spring
• .NET
— And for all major AI assistants
github.com/wiz-sec-pub...
• Python: Flask, Django
• JavaScript: React, Node.js
• Java: Spring
• .NET
— And for all major AI assistants
github.com/wiz-sec-pub...
GitHub - wiz-sec-public/secure-rules-files: Baseline rules files to improve the security of AI-generated code (Claude, Cursor, Copilot + more)
Baseline rules files to improve the security of AI-generated code (Claude, Cursor, Copilot + more) - wiz-sec-public/secure-rules-files
github.com
July 8, 2025 at 10:00 AM
Wiz is open‑sourcing baseline secure rules for popular languages/frameworks:
• Python: Flask, Django
• JavaScript: React, Node.js
• Java: Spring
• .NET
— And for all major AI assistants
github.com/wiz-sec-pub...
• Python: Flask, Django
• JavaScript: React, Node.js
• Java: Spring
• .NET
— And for all major AI assistants
github.com/wiz-sec-pub...
How to craft effective rules files
1. Make instructions clear, concise, actionable
2. Tailor rules by language or project context
3. Decompose complex guidance into atomic rules
4. Keep files under ~500 lines
1. Make instructions clear, concise, actionable
2. Tailor rules by language or project context
3. Decompose complex guidance into atomic rules
4. Keep files under ~500 lines
July 8, 2025 at 10:00 AM
How to craft effective rules files
1. Make instructions clear, concise, actionable
2. Tailor rules by language or project context
3. Decompose complex guidance into atomic rules
4. Keep files under ~500 lines
1. Make instructions clear, concise, actionable
2. Tailor rules by language or project context
3. Decompose complex guidance into atomic rules
4. Keep files under ~500 lines
Best practices show that including “secure” in prompts can reduce vulnerability density by up to ~43%, and prompting AI as a “security-aware developer” reduces vulnerabilities by ~47–56%
www.wiz.io/blog/safer-...
www.wiz.io/blog/safer-...
Secure AI Vibe Coding with Rules Files | Wiz Blog
Learn how to use open-source rules files to improve the security of AI-powered coding tools like Copilot, Claude, and Cursor.
www.wiz.io
July 8, 2025 at 10:00 AM
Best practices show that including “secure” in prompts can reduce vulnerability density by up to ~43%, and prompting AI as a “security-aware developer” reduces vulnerabilities by ~47–56%
www.wiz.io/blog/safer-...
www.wiz.io/blog/safer-...
Rules files:
Many coding assistants support rules files (e.g. Copilot
copilot-instructions.md, Claude’s CLAUDE.md, Cursor/Windsurf rules).
These files help shape AI-generated code towards specific standards.
Many coding assistants support rules files (e.g. Copilot
copilot-instructions.md, Claude’s CLAUDE.md, Cursor/Windsurf rules).
These files help shape AI-generated code towards specific standards.
Claude Code overview - Anthropic
Learn about Claude Code, the agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster through natural language commands.
CLAUDE.md
July 8, 2025 at 10:00 AM
Rules files:
Many coding assistants support rules files (e.g. Copilot
copilot-instructions.md, Claude’s CLAUDE.md, Cursor/Windsurf rules).
These files help shape AI-generated code towards specific standards.
Many coding assistants support rules files (e.g. Copilot
copilot-instructions.md, Claude’s CLAUDE.md, Cursor/Windsurf rules).
These files help shape AI-generated code towards specific standards.
Traditional security tools are still vital!
Static analysis (SAST), software composition analysis (SCA), secret scanners, and secure frameworks remain essential, whether or not AI is used. Integrating these in IDEs plus ongoing PR scans reduces risk
Static analysis (SAST), software composition analysis (SCA), secret scanners, and secure frameworks remain essential, whether or not AI is used. Integrating these in IDEs plus ongoing PR scans reduces risk
July 8, 2025 at 10:00 AM
Traditional security tools are still vital!
Static analysis (SAST), software composition analysis (SCA), secret scanners, and secure frameworks remain essential, whether or not AI is used. Integrating these in IDEs plus ongoing PR scans reduces risk
Static analysis (SAST), software composition analysis (SCA), secret scanners, and secure frameworks remain essential, whether or not AI is used. Integrating these in IDEs plus ongoing PR scans reduces risk
Reports show 25–70 % of AI generated code contains vulnerabilities.
Examples of this could be hardcoded secrets or missing auth-checks.
Examples of this could be hardcoded secrets or missing auth-checks.
July 8, 2025 at 10:00 AM
Reports show 25–70 % of AI generated code contains vulnerabilities.
Examples of this could be hardcoded secrets or missing auth-checks.
Examples of this could be hardcoded secrets or missing auth-checks.
This is my referral link in case someone wants 500 free credits 😁
Meet Manus — your AI agent with its own computer. It builds websites, writes reports, and runs research tasks, even while you sleep.
manus.im/invitation/...
Meet Manus — your AI agent with its own computer. It builds websites, writes reports, and runs research tasks, even while you sleep.
manus.im/invitation/...
Manus
Manus是一个将你的想法变为行动的通用AI助手。它在工作和生活中擅长各种任务,让你休息的同时完成一切工作。
manus.im
May 14, 2025 at 3:00 PM
This is my referral link in case someone wants 500 free credits 😁
Meet Manus — your AI agent with its own computer. It builds websites, writes reports, and runs research tasks, even while you sleep.
manus.im/invitation/...
Meet Manus — your AI agent with its own computer. It builds websites, writes reports, and runs research tasks, even while you sleep.
manus.im/invitation/...
For solo developers, this stack is a revelation. It has the potential to redefine the landscape for indie creators.
So, what's stopping you from diving in and experiencing this innovation firsthand? Embrace the change; it might just be the game-changer you've been searching for.
So, what's stopping you from diving in and experiencing this innovation firsthand? Embrace the change; it might just be the game-changer you've been searching for.
February 13, 2025 at 11:57 AM
For solo developers, this stack is a revelation. It has the potential to redefine the landscape for indie creators.
So, what's stopping you from diving in and experiencing this innovation firsthand? Embrace the change; it might just be the game-changer you've been searching for.
So, what's stopping you from diving in and experiencing this innovation firsthand? Embrace the change; it might just be the game-changer you've been searching for.
Consider this: A single codebase. Three distinct platforms. Immediate deployment.
Has anyone else delved into the Rails + Hotwire combo? Share your experiences below. I'm genuinely eager to know if you're witnessing the same transformative magic.
Has anyone else delved into the Rails + Hotwire combo? Share your experiences below. I'm genuinely eager to know if you're witnessing the same transformative magic.
February 13, 2025 at 11:57 AM
Consider this: A single codebase. Three distinct platforms. Immediate deployment.
Has anyone else delved into the Rails + Hotwire combo? Share your experiences below. I'm genuinely eager to know if you're witnessing the same transformative magic.
Has anyone else delved into the Rails + Hotwire combo? Share your experiences below. I'm genuinely eager to know if you're witnessing the same transformative magic.
I've dabbled with every fashionable framework out there. Most only increased complexity without addressing genuine issues.
But this Rails and Hotwire duo? It feels like wielding a secret weapon, a turbocharged boost for productivity and efficiency!
But this Rails and Hotwire duo? It feels like wielding a secret weapon, a turbocharged boost for productivity and efficiency!
February 13, 2025 at 11:57 AM
I've dabbled with every fashionable framework out there. Most only increased complexity without addressing genuine issues.
But this Rails and Hotwire duo? It feels like wielding a secret weapon, a turbocharged boost for productivity and efficiency!
But this Rails and Hotwire duo? It feels like wielding a secret weapon, a turbocharged boost for productivity and efficiency!
Remember those times when Rails was dismissed as outdated? Well, think again. When paired with Hotwire Native, it transforms into a powerhouse for multi-platform development. Imagine maintaining just one codebase.
February 13, 2025 at 11:57 AM
Remember those times when Rails was dismissed as outdated? Well, think again. When paired with Hotwire Native, it transforms into a powerhouse for multi-platform development. Imagine maintaining just one codebase.
What hobby could you use to make your child love learning?
The waitlist for Kids AI Genius is open now...
kidsaigenius.com/
The waitlist for Kids AI Genius is open now...
kidsaigenius.com/
February 9, 2025 at 2:53 PM
What hobby could you use to make your child love learning?
The waitlist for Kids AI Genius is open now...
kidsaigenius.com/
The waitlist for Kids AI Genius is open now...
kidsaigenius.com/
So, I prototyped a math quiz app with questions based on his interest in Fortnite. He loved it! ❤️
"If your squad has 8 med kits and uses half of them, how many med kits are left?"
What math topics do your kids struggle with? What topic would light a fire in them? 🔥
"If your squad has 8 med kits and uses half of them, how many med kits are left?"
What math topics do your kids struggle with? What topic would light a fire in them? 🔥
January 27, 2025 at 11:00 AM
So, I prototyped a math quiz app with questions based on his interest in Fortnite. He loved it! ❤️
"If your squad has 8 med kits and uses half of them, how many med kits are left?"
What math topics do your kids struggle with? What topic would light a fire in them? 🔥
"If your squad has 8 med kits and uses half of them, how many med kits are left?"
What math topics do your kids struggle with? What topic would light a fire in them? 🔥
I'm building an app to help my son love math. I want to help him practice elementary school mathematics with relatable topics. 🔢
"You start with 100 shield and lose 25 shield points in a battle. How much shield do you have left?"
"You start with 100 shield and lose 25 shield points in a battle. How much shield do you have left?"
January 27, 2025 at 11:00 AM
I'm building an app to help my son love math. I want to help him practice elementary school mathematics with relatable topics. 🔢
"You start with 100 shield and lose 25 shield points in a battle. How much shield do you have left?"
"You start with 100 shield and lose 25 shield points in a battle. How much shield do you have left?"
eg:
version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
github.com/dependabot/...
version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
github.com/dependabot/...
add support for `bun` · Issue #6528 · dependabot/dependabot-core
Is there an existing issue for this? I have searched the existing issues Feature description https://bun.sh/ is quickly gaining traction and is now my preferred npm package manager. It is faster th...
github.com
January 25, 2025 at 11:08 AM
eg:
version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
github.com/dependabot/...
version: 2
enable-beta-ecosystems: true
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
github.com/dependabot/...