Posted on Oct 24 • Originally published at secutils.dev The original post was published on my blog on October 4, 2023.Hello!Earlier this week, I wrapped up the "Q3 2023 – Jul-Sep" iteration and cut a new 1.0.0-alpha.3 release of Secutils.dev. In this post, I would like to quickly walk you through the major changes since 1.0.0-alpha.2: notifications, more powerful web page Resource tracker, sharing capabilities and more. Let’s dive in!If you’ve read my previous posts or tried Secutils.dev web page resources tracker functionality, you might recall that users were required to manually trigger resource checks. With this release, you have an option to schedule automatic resources checks to be performed hourly, daily, weekly, or monthly! When you configure the web page resource tracker, you define how many resource revisions Secutils.dev should store so that you can view the diff between two consecutive revisions. Once the limit is reached, the next revision will displace the oldest one.Since previously you were supposed to manually trigger immediate resource checks, it wouldn't make much sense to send you any additional notifications about detected changes. You'll be presented with the check result in the UI as soon as the check is complete without losing context. However, the automatic scheduled resource checks change the control flow, where Secutils.dev should perform the check regularly and notify you if it detects any changes. In the latest release, you can opt in to email notifications, and Secutils.dev will email you if it detects any changes in resources.Modern web pages can contain numerous resources, and tracking changes for all of them may not be always necessary. Additionally, certain resources, like those injected by web page analytics solutions, can change with every page load, potentially leading to excessive notifications. In such cases, you'll likely want to filter out irrelevant resources or focus on specific ones.In more advanced scenarios, you might be interested in only a portion of a web page resource. For instance, there could be scripts bundling multiple third-party libraries, with changes in some libraries being more important than others. It would be convenient to have the ability to trim or "map" these resources into more meaningful resources.I explored various approaches to address these use cases in the simplest way possible, but there were always complex edge cases that required a change in direction. However, considering that the primary audience for Secutils.dev is software developers, I decided that introducing some complexity could offer much greater flexibility.As mentioned in this post, I use Playwright (with Chromium) to extract web page resources. While this choice adds complexity to implementation, security, and deployment, it grants quite a bit of flexibility. With Playwright, I can access, intercept, or modify virtually everything on the tracked web page. Notably, Playwright allows me to inject custom JavaScript scripts into a web page. Rather than inventing my own syntax/parser for custom user resource filters and mapping rules, I can provide users with the full power of modern JavaScript executed within the latest available browser. The only constraint is that users must adhere to the input and output interfaces expected by Secutils.dev.The potential applications of this approach are vast. I'm already planning to extend it to cover more utilities and use cases, such as tracking changes in page content, not just resources. Imagine a change tracker for virtually anything on the web!In today's world, it's challenging to envision a software engineer or security researcher working entirely in isolation. As software systems grow in size and complexity, collaboration becomes essential. That's one of the reasons why collaboration software is on the rise, with built-in collaboration features becoming increasingly common.While it may be too early to implement full-fledged two-way collaboration functionality in Secutils.dev, I recognize that the absence of such features could limit the tool's adoption. Therefore, I'm planning to gradually introduce collaboration-related features in each iteration, starting with the "one-way" sharing functionality released in 1.0.0-alpha.3 release. With this release, you can share created content security policies with anyone on the internet, even if they don't have a Secutils.dev account.In the future, I intend to expand this sharing functionality to include digital certificate templates and tracked web page resources.In addition to the major features mentioned above, this release also includes several smaller enhancements. These include extending the digital certificate editor to allow users to configure private key size (for RSA and DSA) and elliptic curve name (for ECDSA).As previously mentioned, while the resource tracker functionality has become more powerful, it also comes with increased security risks. Therefore, I've made security enhancements for Docker images for all Secutils.dev components, and the Web Scraper component itself. I've covered this in more detail in my Running web scraping service securely post.You can find the full change log here: changelog#1.0.0-alpha.3In the next few days, I'll be prioritizing work for the upcoming "Q4 2023 – Oct-Dec" iteration. In my next post, I'll provide more details on what I'll be focusing on during this period.That wraps up today's post, thanks for taking the time to read it!ℹ️ ASK: If you found this post helpful or interesting, please consider showing your support by starring secutils-dev/secutils GitHub repository.Also, feel free to follow me on Twitter, Mastodon, or LinkedIn.Thank you for being a part of the community!Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well Confirm For further actions, you may consider blocking this person and/or reporting abuse AnthonyCvn - Oct 15 Tim - Oct 4 Saurabh Rai - Oct 11 Vinit Shahdeo - Sep 11 Once suspended, azasypkin will not be able to comment or publish posts until their suspension is removed. Once unsuspended, azasypkin will be able to comment and publish posts again. Once unpublished, all posts by azasypkin will become hidden and only accessible to themselves. If azasypkin is not suspended, they can still re-publish their posts from their dashboard. Note: Once unpublished, this post will become invisible to the public and only accessible to Aleh Zasypkin. They can still re-publish the post if they are not suspended. Thanks for keeping DEV Community safe. Here is what you can do to flag azasypkin: azasypkin consistently posts content that violates DEV Community's code of conduct because it is harassing, offensive or spammy. Unflagging azasypkin will restore default visibility to their posts. DEV Community — A constructive and inclusive social network for software developers. With you every step of your journey. Built on Forem — the open source software that powers DEV and other inclusive communities.Made with love and Ruby on Rails. DEV Community © 2016 - 2023. We're a place where coders share, stay up-to-date and grow their careers.