security 29

• Signing artifacts, attesting builds, and why you should do both Dec 12, 2024
• Corporate proxies, meddler-in-the-middle attacks, and git Sep 5, 2024
• DevOps has always been about Secure by Design software Aug 22, 2024
• Securing Devcontainers (part 3) - Docker-in-Docker Aug 2, 2024
• Securing Devcontainers (part 2) - multi-service applications with Docker Compose Jul 30, 2024
• Securing Devcontainers (part 1) - a simple setup with Ruby and Jekyll Jul 24, 2024
• Static analysis scans of a container's filesystem Jul 21, 2024
• Why develop when you have to audit Jul 15, 2024
• Explaining why a code change happened during an audit Jul 12, 2024
• Where git can set compliance controls Jul 5, 2024
• How git understands time Jun 30, 2024
• Tips for auditing changes in git Jun 29, 2024
• Understanding identity in git repositories Jun 24, 2024
• Git configurations in a code audit Jun 17, 2024
• Surviving your first code audit, or Whodunnit? A git repo mystery. Jun 12, 2024
• Pi-hole configuration for the lazy and slightly paranoid Apr 8, 2024
• Checking capabilities changes at PR Apr 4, 2024
• Organization costs of the xz backdoor Mar 31, 2024
• A gentle introduction to container escapes and no-clump gravy Mar 24, 2024
• Building a secure Jekyll container Mar 7, 2024
• Flipper Zero saves the holidays (and other personal fun) Jan 17, 2024
• Adding CodeQL to your (compiled) container build Dec 14, 2023
• Please stop saying 'Just use Firecracker' - do this instead Jul 21, 2023
• Threat Modeling the GitHub Actions ecosystem Jul 3, 2023
• Scanning your code on every single push May 15, 2023
• Stop putting application security alerts in ticket systems Apr 14, 2023
• Managing an enterprise-wide application security team on GitHub Mar 22, 2023
• Securing Self-Hosted GitHub Actions with Kubernetes and Actions-Runner-Controller Feb 1, 2023
• Dependabot on Red Hat Enterprise Linux using Docker Oct 18, 2022