A MAP for Kubernetes supply chain security
Guest post originally published on the Nirmata blog by Jim Bugwadia The sharp increase in software supply chain attacks has made securing the build and delivery of software a critical topic. But what does this mean…
Trusting SBOMs in the software supply chain: Syft now creates attestations using Sigstore
Guest post originally published on the Anchore blog by Dan Luhring With the recent release of Syft v0.40.0, you can now create signed SBOM attestations directly in Syft. This is made possible by Project Sigstore, which makes signing…
The future of Kubernetes – and why developers should look beyond Kubernetes in 2022
Guest post originally published on Eficode’s blog by Michael Vittrup Larsen Kubernetes is ubiquitous in container orchestration, and its popularity has yet to weaken. This does, however, not mean that evolution in the container orchestration space…
Flux Security: Image Provenance
Guest post originally published on Flux’s blog by Daniel Holbach Next up in our blog series about Flux Security is how and why we use signatures for the Flux CLI and all its controller images and…
Project post originally published on Flux’s blog by Daniel Holbach Flux – built with security in mind You don’t get to re-architect a successful project very often, but we did about two years ago. The Flux…
End User guest post by Ratnadeep Debnath, Site Reliability Engineer at Zapier At Zapier, RabbitMQ is at the heart of Zap processing. We enqueue messages to RabbitMQ for each step in a Zap. These messages get…
Discover how GitLab uses Falco to detect abnormal behavior in code dependencies
Project post originally published on the Falco Blog by Nate Magee and Vicente J. Jiménez Miras GitLab leverages Falco to detect software supply chain attacks with Package Hunter GitLab covers the entire software development lifecycle in a…
Guest post originally published on Flux’s blog by Daniel Holbach As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which…
Kubernetes main attack vectors tree: an explainer guide
Guest post originally published on Magalix’s blog by Andrew Zola Kubernetes is a leader in container orchestration. According to Statista, as much as 46% of respondents in a recent survey stated that they used Kubernetes for automating…
Guest post by Second State and FutureWei This work is supported by Second State and FutureWei based on Open Source projects WasmEdge and seL4. Application containers, such as Docker, are a key driving force behind the…