When you run docker pull image it 🪄 magically 🪄 pulls the right architecture. Right? Hi, I’m Natalie - the technical lead for public sector at Chainguard. As noted earlier, we use Sigstore a lot! ...

The rise of software supply chain attacks, strengthened security requirements of compliance frameworks, and the speed and complexity of software development have all driven the need for enterprise ...

One of the most common (and sneaky) misconceptions I run across talking to folks using containers is what even is a container? It seems like we’re slinging around little appliances or little VMs. T...

“Let’s move to containers” promised engineering simplicity, security, and easy scaling … but there was a catch. 🙊 The simplicity and security gains were only true if containers were used as intend...

I have a very bad habit to confess. 😇 I pin my third-party GitHub Actions to a SHA.1 😇 This ensures that a specific commit is running every time. It’s widely considered a security best practice ...

After some internal brainstorming about doing “thought leadership” activities for sales pipeline generation, I was asked why I do mostly technical “non-sales” events when my job is in sales.1 Much...

🙈 Yet another place to look for secrets? It’s common to find as teams move their workloads into containers and navigate the security challenges that come from it. Yet it’s also puzzling … how doe...

Every time you reach for a long-lived secret, you are wrong. The impulse is good, but uh … having seen some of the recent shenanigans from yet another supply chain attack targeting long-lived secr...

Breaking up my website’s mono-repo had some unintended consequences. I wrote a script and Actions workflow that automatically updates my profile README whenever I published a new post. Since the ...

My website, plus a bunch of other random things, was in one mono-repo. It became a junk drawer I would definitely deal with … later. Spending the past few weeks on the road made it a great time f...