Integrating GitHub Advanced Security with Splunk
by Scott Jameson
| Wednesday, Mar 15, 2023
| GitHub Security Splunk
Did you know you can send alerts from GitHub to Splunk? You might be thinking, why would I bother? One of the main points of Splunk is to centralize your logs and alerts. If you’re busy hopping between AWS, Azure, GitHub, GitLab and more, you’ve likely got alerts and logs coming from them all, vying for your attention and precious time. Rather than manually going into each and every monitoring tool you have in your enterprise, why not simply have them send their information to one convenient location?
BoxBoat Announces Strategic Partnership with Chainguard to Secure Software Supply Chains
by Will Kinard
| Wednesday, Feb 1, 2023
| Secure Software Supply Chain Security
Seattle, WA – BoxBoat, an IBM company, and a premier DevSecOps and digital transformation consultancy, today announced at CloudNativeSecurityCon a strategic partnership with Chainguard, the leader in delivering software supply chain security solutions by default. By combining Chainguard’s suite of security tools with BoxBoat’s IT consulting expertise, this partnership strengthens both companies’ efforts to help organizations implement new-to-the-market, threat-driven, security-focused design and development processes and tooling directly without impacting developer productivity or introducing additional complexity.
Secure Kubernetes Microservices Communication with Istio and OPA
by Zach Yonash
| Wednesday, May 18, 2022
| Security Microservices SPIFFE OPA Istio
The cybersecurity landscape has been rapidly evolving in recent years. Many companies have moved well past cloud adoption and are now fully utilizing a hybrid of cloud-native and on-premises technologies, prompting the need for a variety of new security measures to ensure critical workloads aren't compromised. One of the core tenets of zero trust is workload identity. Under the zero trust mindset, verifiable identification between each of your microservices needs to be mutual (see: Mutual TLS).
The Grype Admission Controller
by Josh Knarr
| Wednesday, Mar 16, 2022
| Admission Controllers Kubernetes Security
Intro Today I want to write about the grype admission controller. I wrote it. I am proud of it. I think it solves a really uncomfortable problem in DevSecOps.
Security has a big problem: On one hand, security teams are responsible for making everything secure. That's their job. But on the other hand, they need to somehow do that job while not being directly involved in the production of the code.