security 37
- Inspecting pull requests to understand behavior changes
- Searching for secrets in container images
- Breaking up with GitHub Personal Access Tokens
- Zero Trust is built on software
- Shrinking container images (part 4) - trying out some slimmer apps
- Shrinking container images (part 3) - squash it
- Shrinking container images (part 2) - tidying up your builds
- Shrinking container images (part 1) - the Where and Why of big containers
- Signing artifacts, attesting builds, and why you should do both
- Corporate proxies, meddler-in-the-middle attacks, and git
- DevOps has always been about Secure by Design software
- Securing Devcontainers (part 3) - Docker-in-Docker
- Securing Devcontainers (part 2) - multi-service applications with Docker Compose
- Securing Devcontainers (part 1) - a simple setup with Ruby and Jekyll
- Static analysis scans of a container's filesystem
- Why develop when you have to audit
- Explaining why a code change happened during an audit
- Where git can set compliance controls
- How git understands time
- Tips for auditing changes in git
- Understanding identity in git repositories
- Git configurations in a code audit
- Surviving your first code audit, or Whodunnit? A git repo mystery.
- Pi-hole configuration for the lazy and slightly paranoid
- Checking capabilities changes at PR
- Organization costs of the xz backdoor
- A gentle introduction to container escapes and no-clump gravy
- Building a secure Jekyll container
- Flipper Zero saves the holidays (and other personal fun)
- Adding CodeQL to your (compiled) container build
- Please stop saying 'Just use Firecracker' - do this instead
- Threat Modeling the GitHub Actions ecosystem
- Scanning your code on every single push
- Stop putting application security alerts in ticket systems
- Managing an enterprise-wide application security team on GitHub
- Securing Self-Hosted GitHub Actions with Kubernetes and Actions-Runner-Controller
- Dependabot on Red Hat Enterprise Linux using Docker