Cacher is the code snippet organizer for pro developers

---
title: "pip-audit — Guide complet pour l'audit de vulnérabilités des dépendances Python"
updated: 2026-03-31
---

# pip-audit — Guide complet pour l'audit de vulnérabilités des dépendances Python

## 1. Qu'est-ce que pip-audit ?

`pip-audit` est un outil en ligne de commande qui scanne un environnement Python (ou un fichier de requirements) pour détecter les **dépendances ayant des vulnérabilités connues** (CVE publiées). Il est maintenu par la **PyPA** (Python Packaging Authority), développ

---
title: "Bandit — Guide complet pour l'analyse de sécurité statique en Python"
updated: 2026-03-31
---

# Bandit — Guide complet pour l'analyse de sécurité statique en Python

## 1. Qu'est-ce que Bandit ?

Bandit est un outil d'analyse statique de sécurité (SAST) conçu exclusivement pour Python. Il parse chaque fichier source en **Abstract Syntax Tree** (AST) via le module `ast` de la stdlib, puis exécute des plugins de détection contre les nœuds de l'arbre. Aucune exécution de code n'a lieu 

---
title: "structlog — Guide complet pour le logging structuré en Python"
updated: 2026-03-31
---

# structlog — Guide complet pour le logging structuré en Python

## 1. Pourquoi structlog ?

Le module `logging` de la stdlib produit des lignes de texte brut. Quand on cherche à corréler des événements en production, on finit par parser des chaînes avec des regex. `structlog` résout ce problème en attachant du **contexte typé** (clés/valeurs) à chaque événement de log, et en séparant strictement 

---
title: "Makefile : guide complet de la syntaxe et des bonnes pratiques"
updated: 2026-03-31
---

# Makefile : guide complet

Ce guide couvre la syntaxe de GNU Make de manière exhaustive, des fondamentaux aux patterns avancés, avec des exemples concrets orientés vers des projets Python modernes.

---

## 1. Qu'est-ce que Make ?

Make est un outil d'automatisation de tâches piloté par un fichier de configuration appelé `Makefile`. Historiquement conçu pour compiler du C/C++, il est aujourd'hui

---
title: "CI/CD : Continuous Integration, Delivery & Deployment"
updated: 2026-03-31
stack: Python, UV, GitHub Actions, Docker
---

# CI/CD : Continuous Integration, Delivery & Deployment

Ce guide couvre les trois piliers du déploiement logiciel moderne, avec des exemples concrets basés sur un projet Python géré avec UV, testé via GitHub Actions, et conteneurisé avec Docker.

---

## 1. Continuous Integration (CI)

### 1.1. Qu'est-ce que le CI ?

Le Continuous Integration est une pratique où 

---
title: Semantic Versioning avec UV et GitHub Actions
updated: 2026-03-31
---

# Semantic Versioning avec UV et GitHub Actions

Ce tutoriel couvre deux approches pour gérer le versioning sémantique d'un projet Python avec UV :

1. **Approche manuelle** : `uv version --bump` + script de release
2. **Approche automatisée** : `python-semantic-release` + GitHub Actions + Conventional Commits

Les deux reposent sur le même fondement : des messages de commit structurés (Conventional Commits) et Sem

# Basic Commands
`python -m pytest`, or, more briefly `pytest`...

Will search for 
- folders beginning with `test`, then...
- files beginning with `test`, then...
- functions beginning with `test`,
- classes beginning with `Test`,
- methods beginning with `test`

> **NOTE**
>
> Using classes can be useful to group tests.

- `pytest -q`: quiet mode
- `pytest -v`: verbose mode
- `pytest -vv`: very verbose mode

> **TRY them to compare**

# Marks
Marks work with decorators and are a mechanism to g

> Here are gathered some additional information to usefully recall about the FastAPI ecosystem

# `fastapi dev`
The `fastapi dev` CLI command is part of the `fastapi-cli` package, which is typically installed along with FastAPI itself when you use the recommended installation methods.

Here's the breakdown of what to install and why:

**To get the `fastapi` CLI command (including `fastapi dev`):**

The most common and recommended way to install FastAPI and its essential dependencies, including t

Up to 20 status codes per series where possible. This comprehensive view will give us a deeper understanding of how HTTP status codes work across different scenarios. I'll maintain the ordering from most common/fundamental to least, and provide additional context about how these codes interact.

For the 1xx (Informational) series:
| Status Code | Name | Description |
|-------------|------|-------------|
| 100 | Continue | Server received request headers, client should proceed |
| 101 | Switching

# Google Secrets Manager Setup Guide
**Foreword to define**

# 1. Enable the Secret Manager API
## 1.1. Web Console
### 1.1.1. Access the Google Cloud Console
1. Open your web browser and navigate to [https://console.cloud.google.com/](https://console.cloud.google.com/)
2. Sign in with your Google account that has access to your Google Cloud project
3. Make sure you've selected the correct project in the dropdown at the top of the page (next to "Google Cloud")

### 1.1.2. Navigate to the API Lib

## Exponential Backoff: A Gentle Introduction

Think of exponential backoff like a polite person knocking on a door - they start with gentle knocks close together, but if no one answers, they wait longer and longer between each attempt.

### The Basic Concept

**Exponential backoff** is a retry strategy where the wait time between retry attempts grows exponentially (doubles, triples, or increases by some multiplier) after each failure.

### Simple Example

Imagine you're trying to call a friend:

# Principles
## ⚠️ The Problem: SOP

Imagine your web browser is a diligent student, and it's trying to learn by reading books. 
Most of the time, this student is happy to read books from the school's own library. This is like your website loading resources (images, scripts, data) from its _own domain_ (e.g., `www.mywebsite.com` loads an image from `www.mywebsite.com/images/cat.jpg`). 
This is perfectly fine and happens all the time.

☝️ But **what if our student wants to read a book from _anoth

☝️ Basically this will answer to the following questions:
- **Who are you?**
- **What can you do?**

At the heart of securing any system, whether it's a website, an application, or even a physical building, lie two fundamental concepts: **Authentication** and **Authorization**. People often use these terms interchangeably, but they mean very different, though related, things. Getting this distinction clear from the outset is crucial.

---
# **Chapter 1: The Fundamentals**
## **1. Authentication 

Before we jump into the more modern and robust solutions, it's **helpful to understand some of the earlier methods**. 
These not only provide historical context but also **highlight the problems that newer technologies aimed to solve**. 
We'll start with one of the simplest (and most primitive by today's standards): **HTTP Basic Authentication**.

---
# **Chapter 2: Traditional Roadblocks - Early Authentication Methods**
## **2.1: HTTP Basic Authentication**

Imagine the very early days of the w

# 3. The Age of Tokens - Stateless and Flexible

While session-based authentication (often using cookies) is robust for many traditional websites, the digital landscape has evolved significantly. We now have:
- [**Single Page Applications (SPAs):**](https://www.quantummetric.com/single-page-application-spa) Web front-ends built with frameworks like React, Angular, Vue.js, which behave more like native applications running in the browser.
- [**Mobile Applications:**](https://cheatsheetseries.owas

# **Module 1: HTTP Protocol Foundations**

## **Chapter 1.1: Understanding the HTTP Protocol**

### **What is HTTP and Why It Matters**

HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the web. As a Python developer working with APIs, every time your code makes a request to an API or serves data through FastAPI, you're using HTTP.

Think of HTTP as a **conversation protocol** between clients and servers:
- **Client** (browser, Python script, mobile app) asks questio