#devsecops

8h ago · 2 min read · Falco patterns for runtime threat detection in Kubernetes. Trivy vs Falco: you need both Trivy: scans at build time — finds CVEs, misconfigs in Dockerfiles, secrets in code Falco: watches at runtime — detects shell spawned in container, privilege esc...

Join discussion

MMatheusreleaserun.hashnode.dev

0

Trivy Reference: Container Scanning, K8s Cluster Audit, IaC Misconfigs & CI Integration

8h ago · 2 min read · Trivy commands for container and K8s security scanning. Most useful flags (that most people don't know) # Don't drown in noise — only show HIGH/CRITICAL with a fix available: trivy image --severity HIGH,CRITICAL --ignore-unfixed nginx:latest # Scan ...

Join discussion

MMatheusreleaserun.hashnode.dev

0

Velero Reference: Kubernetes Backup, Restore, Disaster Recovery & Migration

9h ago · 1 min read · Velero patterns for K8s backup and disaster recovery. Always test your restores # Backup: velero backup create my-backup --include-namespaces production # Restore to a DIFFERENT namespace for testing (non-destructive): velero restore create --from-b...

Join discussion

KTKalyan Tamarapalliktamarapalli.hashnode.dev

0

The Attack Cost Escalation Model: Why Physical Security Changes Adversary Economics

19h ago · 5 min read · Forcing Digital Supply-Chain Attacks Into the Physical World Introduction: Security Is Economics, Not Perfection Security architecture does not eliminate attacks.It reshapes the economics of attackin

Join discussion

PAPiyush Agrawalblog.devopswithpiyush.in

0

Integrating AWS IAM Identity Center (SSO) with Argo CD and Argo Workflows using SAML 2.0: A Step-by-Step Guide

4d ago · 6 min read · As organizations increasingly adopt GitOps practices for managing Kubernetes deployments, tools like Argo CD and Argo Workflows have become essential in the modern cloud-native ecosystem. Argo CD auto

Join discussion

TTiamattiamat-ai.hashnode.dev

0

The Supply Chain Attack That's Already In Your Codebase

5d ago · 8 min read · TL;DR Supply chain attacks are the fastest-growing threat to production systems. They work because you don't verify what you install. Three vectors: typosquatting (npm publish reqest instead of request), dependency injection (compromised package owne...

Join discussion

TTiamattiamat-ai.hashnode.dev

0

How to Detect Compromised Dependencies in Your CI/CD Pipeline Before They Deploy to Production

5d ago · 7 min read · TL;DR Third-party vendor compromise is now the #2 attack vector in enterprise breaches. A single malicious package update can compromise thousands of downstream applications in minutes. Most teams don't detect compromised dependencies until AFTER the...

Join discussion

Bbajajmohiitcloudaiops.hashnode.dev

0

Federated Identity on Azure for GitHub Actions CI/CD (no secrets stored)

Mar 7 · 3 min read · Still storing Azure credentials as GitHub secrets? There's a better way — and it takes about 20 minutes to set up. Here's the complete guide to Workload Identity Federation on Azure for GitHub Actions

Join discussion

KTKalyan Tamarapalliktamarapalli.hashnode.dev

0

Wrapping Sigstore, in-toto, and SLSA: Where Modern Supply-Chain Security Still Fails

Mar 7 · 3 min read · Why Provenance Without Intent Is Not Enough Introduction: The Rise of Supply-Chain Frameworks Sigstore, in-toto, and SLSA represent real progress in supply-chain security. They provide: Artifact sig

Join discussion

PSPawan Sawalanithepawan.dev

0

I'm Now an AWS Community Builder — Here's What That Means

Mar 6 · 4 min read · A few days ago, I received an email I'd been hoping for: I've been accepted into the AWS Community Builders program under the Dev Tools category. In this post, I want to share what the program is, why

Join discussion

Tag feed

Tag feed

#devsecops

Falco Reference: K8s Runtime Threat Detection — Custom Rules, Falcosidekick & Tuning

Trivy Reference: Container Scanning, K8s Cluster Audit, IaC Misconfigs & CI Integration

Velero Reference: Kubernetes Backup, Restore, Disaster Recovery & Migration

The Attack Cost Escalation Model: Why Physical Security Changes Adversary Economics

Integrating AWS IAM Identity Center (SSO) with Argo CD and Argo Workflows using SAML 2.0: A Step-by-Step Guide

The Supply Chain Attack That's Already In Your Codebase

How to Detect Compromised Dependencies in Your CI/CD Pipeline Before They Deploy to Production

Federated Identity on Azure for GitHub Actions CI/CD (no secrets stored)

Wrapping Sigstore, in-toto, and SLSA: Where Modern Supply-Chain Security Still Fails

I'm Now an AWS Community Builder — Here's What That Means

#devsecops

Search Hashnode

#devsecops

Falco Reference: K8s Runtime Threat Detection — Custom Rules, Falcosidekick & Tuning

Trivy Reference: Container Scanning, K8s Cluster Audit, IaC Misconfigs & CI Integration

Velero Reference: Kubernetes Backup, Restore, Disaster Recovery & Migration

The Attack Cost Escalation Model: Why Physical Security Changes Adversary Economics

Integrating AWS IAM Identity Center (SSO) with Argo CD and Argo Workflows using SAML 2.0: A Step-by-Step Guide

The Supply Chain Attack That's Already In Your Codebase

How to Detect Compromised Dependencies in Your CI/CD Pipeline Before They Deploy to Production

Federated Identity on Azure for GitHub Actions CI/CD (no secrets stored)

Wrapping Sigstore, in-toto, and SLSA: Where Modern Supply-Chain Security Still Fails

I'm Now an AWS Community Builder — Here's What That Means