当前位置:首页 > 报告详情

我是如何学会不再焦虑并爱上氛围编码的.pdf

上传人: 可*** 编号:991864 2025-12-07 25页 2.58MB

1、How I Learned to Stop Worrying and Love Vibe CodingSecurity Edition Im Jon Zeolla Founder,SANS Instructor SEC540(Cloud Native),SEC545(GenAI)Open Source(CNCF,ASF,OpenSSF,)Conference Organizer Pittsburgh,PAStep 1:Build a Baseline Design your repo structure Write Instructions for your AI tools to follo

2、w Use preferred tooling for builds,tests,and deploys Implement tests Make updates easy Build pipelines for CI,CD,and security scansAI Native PythonStep 2:Spec Driven DevelopmentSpecifications:GherkinFeature:Create itemScenario:Happy path Given I have a valid JWT And a payload name:Widget,price:9.99

3、When I POST to/api/v1/items Then the response code is 201 And the body has fields id(uuid),created_at(ISO 8601)And name=Widget and price=9.99Scenario:Validation failure Given a payload name:,price:-1 When I POST to/api/v1/items Then the response code is 400 And the body explains missing/invalid fiel

4、dsScenario:Unauthorized Given no Authorization header When I POST to/api/v1/items Then the response code is 401Specifications:EARSEasy Approach to Requirements SyntaxUbiquitous requirementsState driven requirementsEvent driven requirementsOptional feature requirementsUnwanted behaviour requirementsC

5、omplex requirementsSpecifications:EARSWhen an authenticated client submits a valid JSON payload name:string,price:decimal to POST/api/v1/items,the Items API shall create the item and respond 201 Created with body id:UUID,created_at:ISO-8601,name,price.When the JSON payload is missing required fields

6、 or violates constraints(e.g.,empty name,negative price,wrong type,or max length exceeded),the Items API shall respond 400 Bad Request with a field-level error list(Problem Details JSON).When the request lacks a valid Authorization:Bearer (missing,expired,malf

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **作者介绍**:Jon Zeolla,SANS Instructor,开源贡献者,会议组织者,位于宾夕法尼亚州匹兹堡。 - **Vibe Coding方法**: - **建立基线**:设计仓库结构,编写AI工具指令,使用工具进行构建、测试和部署,实现测试,简化更新,建立CI/CD和安全性扫描的管道。 - **规范驱动开发**:使用Gherkin编写功能规格,采用EARS(Easy Approach to Requirements Syntax)进行需求描述。 - **实施防护措施**:使用Policy as Code进行安全策略管理,使用Conftest和Gossport进行配置管理,使用InSpec进行系统配置检查。 关键点: - 建立清晰的仓库结构和自动化流程。 - 使用Gherkin和EARS进行规范驱动开发。 - 实施Policy as Code和配置管理工具确保安全性和合规性。
"如何轻松实现AI编码?" "掌握Vibe编码的秘诀!" "AI原生Python,你准备好了吗?"
客服
商务合作
小程序
服务号
折叠