BoxBoat Blog

Service updates, customer stories, and tips and tricks for effective DevOps

x ?

Get Hands-On Experience with BoxBoat's Cloud Native Academy

Integrating GitHub Advanced Security with Splunk

featured.png

by Scott Jameson | Wednesday, Mar 15, 2023 | GitHub Security Splunk

Did you know you can send alerts from GitHub to Splunk? You might be thinking, why would I bother? One of the main points of Splunk is to centralize your logs and alerts. If you’re busy hopping between AWS, Azure, GitHub, GitLab and more, you’ve likely got alerts and logs coming from them all, vying for your attention and precious time. Rather than manually going into each and every monitoring tool you have in your enterprise, why not simply have them send their information to one convenient location?

BoxBoat Announces Strategic Partnership with Chainguard to Secure Software Supply Chains

featured.png

by Will Kinard | Wednesday, Feb 1, 2023 | Secure Software Supply Chain Security

Seattle, WA – BoxBoat, an IBM company, and a premier DevSecOps and digital transformation consultancy, today announced at CloudNativeSecurityCon a strategic partnership with Chainguard, the leader in delivering software supply chain security solutions by default. By combining Chainguard’s suite of security tools with BoxBoat’s IT consulting expertise, this partnership strengthens both companies’ efforts to help organizations implement new-to-the-market, threat-driven, security-focused design and development processes and tooling directly without impacting developer productivity or introducing additional complexity.

Secure Kubernetes Microservices Communication with Istio and OPA

by Zach Yonash | Wednesday, May 18, 2022 | Security Microservices SPIFFE OPA Istio

The cybersecurity landscape has been rapidly evolving in recent years. Many companies have moved well past cloud adoption and are now fully utilizing a hybrid of cloud-native and on-premises technologies, prompting the need for a variety of new security measures to ensure critical workloads aren't compromised. One of the core tenets of zero trust is workload identity. Under the zero trust mindset, verifiable identification between each of your microservices needs to be mutual (see: Mutual TLS).

The Grype Admission Controller

by Josh Knarr | Wednesday, Mar 16, 2022 | Admission Controllers Kubernetes Security

Intro Today I want to write about the grype admission controller. I wrote it. I am proud of it. I think it solves a really uncomfortable problem in DevSecOps. Security has a big problem: On one hand, security teams are responsible for making everything secure. That's their job. But on the other hand, they need to somehow do that job while not being directly involved in the production of the code.

Canary Deployments

featured.png

by Christopher Andrews | Tuesday, Mar 15, 2022 | GitLab DevOps CI/CD

In DevOps, there are a multitude of CICD deployment strategies and methodologies. Each come with their Pros and each come with some Cons - some more than others. In this edition of our Deployment Methodologies Blog Post series, we are going to cover “Canary” Deployments, otherwise known as “Incremental Rollouts”. What are Canary deployments, or Incremental Rollouts? Canary deployments are named and modeled off of the phrase “Canaries in the Cole mine”, in which a canary was taken into a coal mine to see if it would succumb to poisonous gas, giving the humans time to escape to safety (kind of mean, right?

  Page 1 of 24   Older Posts