Developers guide managing risk of Coding Agents having more permissions
There are 5 types of controls in InfoSec:
- Preventative
- Detective
- Corrective
- Recovery
- Deterrent
Agents are irritating if you don’t give them access, really I don’t want the agent to be able to remove files from git but it finds a way when given the ability to add and commit.
So whilst I’m figuring out how to set up solid preventative controls AND not lose my mind with approvals I’ve set up a recovery control.
This is a shout out to rsnapshot
It is the best I am aware of for local backups and acts as a great way to have a time machine type of backup to an external drive.
I need to add it to my dotfiles now and have a nice way to check what versions of my code and config are backed up!
Have at it!