Announcing the AKS Health Check
by Natalie Reinford, Facundo Gauna
| Wednesday, Aug 4, 2021
| Azure Kubernetes Open-Source
As we continue to work with more clients and different types of organizations, we continue to see a trend - the lack of time. Organizations are often racing to get a project “live” or struggle to keep up with the demand of infrastructure deployments across the enterprise. The same is true for Kubernetes. And with this rush, organizations don't have the time to become familiar with the vast amount of documentation and recommended best practices.
Unpacking the CNCF Software Supply Chain Security Best Practices Whitepaper
by Cole Kennedy, James Bohrman
| Tuesday, Aug 3, 2021
| Security Supply Chain Security CNCF
Introduction The increasing frequency of software supply chain attacks over the past few years has seen a lot of attention directed at the open source software that secures the software build process. Although the number of successful exploits is relatively small, the ramifications of these successful exploits are often far-reaching and catastrophic, and they have the potential to entice further attacks.
Despite the increasing importance of addressing these vulnerabilities, there is still somewhat of a blind spot when it comes to processes and mitigation strategies for addressing supply chain vulnerabilities.
A New Chapter for BoxBoat
by Tim Hohman
| Thursday, Jul 29, 2021
Today, I am proud to announce that IBM has completed its acquisition of BoxBoat Technologies. We are excited to join the IBM family as part of the Global Business Services Hybrid Cloud team. For additional information on the acquisition, please visit the IBM Newsroom.
Ken, Will, Kristen, and I founded BoxBoat 5 years ago with the idea that we could help transform enterprise organizations with Docker container technology and DevOps practices.
What is an SBOM, and why should you Care??
by David Widen, Cole Kennedy
| Wednesday, May 12, 2021
Developing software is a challenging and often time-consuming task. One of the biggest reasons for this is that creating solutions for novel problems is difficult. In the real world, software engineers will break down complex problems into simpler ones, which allows them to take an iterative approach. Software Engineers accomplish this by using software libraries, and this leads to two major problems:
How can you be sure what libraries are used by the software, and
Supply Chain Security By Verification - Mitigating Supply Chain Attacks
by Cole Kennedy
| Tuesday, May 4, 2021
| Security Kubernetes
At BoxBoat, we have been helping high compliance and assurance industries adopt DevSecOps practices for the last five years. In-band compliance, security checks, and scans form the basis of a secure software delivery pipeline. However, recent supply chain attacks such as SUNBURST have highlighted the need for a new approach to supply chain security. At BoxBoat we have been working with the Cloud Native Computing Foundation sig-security on guidance on implementing an evidence based trust system for secure software delivery that mitigates against key and root credential loss.