by Scott Jameson | Wednesday, Mar 15, 2023 | GitHub Security Splunk

Did you know you can send alerts from GitHub to Splunk? You might be thinking, why would I bother? One of the main points of Splunk is to centralize your logs and alerts. If you’re busy hopping between AWS, Azure, GitHub, GitLab and more, you’ve likely got alerts and logs coming from them all, vying for your attention and precious time. Rather than manually going into each and every monitoring tool you have in your enterprise, why not simply have them send their information to one convenient location?

by Will Kinard | Wednesday, Feb 1, 2023 | Secure Software Supply Chain Security

Seattle, WA – BoxBoat, an IBM company, and a premier DevSecOps and digital transformation consultancy, today announced at CloudNativeSecurityCon a strategic partnership with Chainguard, the leader in delivering software supply chain security solutions by default. By combining Chainguard’s suite of security tools with BoxBoat’s IT consulting expertise, this partnership strengthens both companies’ efforts to help organizations implement new-to-the-market, threat-driven, security-focused design and development processes and tooling directly without impacting developer productivity or introducing additional complexity.

by Zach Yonash | Wednesday, May 18, 2022 | Security Microservices SPIFFE OPA Istio

The cybersecurity landscape has been rapidly evolving in recent years. Many companies have moved well past cloud adoption and are now fully utilizing a hybrid of cloud-native and on-premises technologies, prompting the need for a variety of new security measures to ensure critical workloads aren't compromised. One of the core tenets of zero trust is workload identity. Under the zero trust mindset, verifiable identification between each of your microservices needs to be mutual (see: Mutual TLS).

by Josh Knarr | Wednesday, Mar 16, 2022 | Admission Controllers Kubernetes Security

Intro Today I want to write about the grype admission controller. I wrote it. I am proud of it. I think it solves a really uncomfortable problem in DevSecOps. Security has a big problem: On one hand, security teams are responsible for making everything secure. That's their job. But on the other hand, they need to somehow do that job while not being directly involved in the production of the code.

by Carly Rodriguez | Monday, Feb 7, 2022 | Education Docker Security

Containers have given the tech industry a convenient way to bundle up dependencies and code into a portable image that can run seamlessly across different computing environments. This convenience, however, can sometimes come at a cost. In order to leverage docker building capabilities within a Gitlab environment, the docker-executor must be given host privileges to run a docker-in-docker service that will allow connection to the docker daemon on the host machine.