security 45

• Using AI to open pull requests for dependency bumps Oct 30, 2025
• Container runtime fun time! Oct 16, 2025
• Container host shenanigans Sep 23, 2025
• Am I in a container or a microVM? Jul 19, 2025
• Signing and verifying multi-architecture containers with Sigstore Jul 3, 2025
• Following the 'golden image' road: best practices and pitfalls Jun 30, 2025
• What's a container, anyways? Jun 26, 2025
• A gentle introduction to container security Jun 16, 2025
• Inspecting pull requests to understand behavior changes May 30, 2025
• Searching for secrets in container images Apr 15, 2025
• Breaking up with GitHub Personal Access Tokens Mar 31, 2025
• Zero Trust is built on software Mar 9, 2025
• Shrinking container images (part 4) - trying out some slimmer apps Jan 13, 2025
• Shrinking container images (part 3) - squash it Jan 9, 2025
• Shrinking container images (part 2) - tidying up your builds Jan 8, 2025
• Shrinking container images (part 1) - the Where and Why of big containers Jan 6, 2025
• Signing artifacts, attesting builds, and why you should do both Dec 12, 2024
• Corporate proxies, meddler-in-the-middle attacks, and git Sep 5, 2024
• DevOps has always been about Secure by Design software Aug 22, 2024
• Securing Devcontainers (part 3) - Docker-in-Docker Aug 2, 2024
• Securing Devcontainers (part 2) - multi-service applications with Docker Compose Jul 30, 2024
• Securing Devcontainers (part 1) - a simple setup with Ruby and Jekyll Jul 24, 2024
• Static analysis scans of a container's filesystem Jul 21, 2024
• Why develop when you have to audit Jul 15, 2024
• Explaining why a code change happened during an audit Jul 12, 2024
• Where git can set compliance controls Jul 5, 2024
• How git understands time Jun 30, 2024
• Tips for auditing changes in git Jun 29, 2024
• Understanding identity in git repositories Jun 24, 2024
• Git configurations in a code audit Jun 17, 2024
• Surviving your first code audit, or Whodunnit? A git repo mystery. Jun 12, 2024
• Pi-hole configuration for the lazy and slightly paranoid Apr 8, 2024
• Checking capabilities changes at PR Apr 4, 2024
• Organization costs of the xz backdoor Mar 31, 2024
• A gentle introduction to container escapes and no-clump gravy Mar 24, 2024
• Building a secure Jekyll container Mar 7, 2024
• Flipper Zero saves the holidays (and other personal fun) Jan 17, 2024
• Adding CodeQL to your (compiled) container build Dec 14, 2023
• Please stop saying 'Just use Firecracker' - do this instead Jul 21, 2023
• Threat Modeling the GitHub Actions ecosystem Jul 3, 2023
• Scanning your code on every single push May 15, 2023
• Stop putting application security alerts in ticket systems Apr 14, 2023
• Managing an enterprise-wide application security team on GitHub Mar 22, 2023
• Securing Self-Hosted GitHub Actions with Kubernetes and Actions-Runner-Controller Feb 1, 2023
• Dependabot on Red Hat Enterprise Linux using Docker Oct 18, 2022