@mattbrownsec

Trivy Operator: The Scanner That Leaves Receipts

16h ago · 15 min read · I’ve been working through a bigger Kubernetes security stack, and I wanted to come back to one of the simpler pieces: scanning. Not runtime blocking. Not admission control. Just scanning. Trivy Operat

Deploying OSS Kubernetes Security Console

1d ago · 10 min read · The first post laid out the idea: Kubernetes security tools already produce a lot of useful data, but most of it lands in separate places. Trivy Operator writes vulnerability and configuration finding

Building an OSS Kubernetes Security Console with MCP

May 28 · 12 min read · A single Kubernetes security finding is rarely the whole story. That is true whether the signal comes from runtime detection, vulnerability scanning, posture assessment, or admission control. “Shell

From Capabilities to AppArmor: Layering Linux Runtime Security

Apr 27 · 10 min read · Over the past year I have written ad nauseum about Linux security primitives. And of course quite a bit of time has been dedicated to how these connect into Kubernetes. Some of the cooler aspects incl

Distroless Removes the Shell, Not the Risk

Apr 20 · 12 min read · I've been hearing a fair bit lately about distroless images. As I started digging into them, it became clear the idea is not new. In fact, there is a great talk that covers the concept well, and it is