#explain, #falco, #kubernetes

Learn and practice with Falco in your Browser.

#aws, #build, #opa

Recent updates to the project aim to better integrate OPA with serverless architectures and other infrastructure with intermittent compute.

#ci/cd, #defend

What can happen (secrets stolen, repo backdoored), and how to protect yourself with open source Semgrep rules.

#build, #defend, #gcp

An opinionated list of common organization policies you should use in Google Cloud.

#azure, #defend

What do you do when you're handed a pile of new-to-you Azure accounts to secure?

#build, #gcp, #gke

Post explaining details of Mercari's multitenant Kubernetes architecture, and the issues they faced while migrating from on-premise deployments to containers on GCP by using Google Kubernetes Engine (GKE).

#azure, #explain, #iam

A table for reviewing service authentication and authorization security in Azure, especially cross-service security.

#build, #vault

How to use an external, high-entropy data key generated with the HashiCorp Vault Transit secrets engine.

#iam, #kubernetes

How to setup role-based access control in Kubernetes, so to restricts access to valuable resources based on the role the user holds.

Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query.

A terminal UI (TUI) for HashiCorp Nomad.

CLI tool to visualise CloudFormation/SAM/CDK stacks as visjs networks or draw.io diagrams.

Cartographer is a Kubernetes native Choreographer. It allows users to configure K8s resources into re-usable Supply Chains that can be used to define all of the stages that an Application Workload must go through to get to an environment.

A summary of So You Inherited an AWS Account: Many engineers have found themselves in the unenviable position of being handed the keys to an AWS environment with absolutely no explanation of its contents, documentation, or training.

Bottlerocket is an open source Linux-based operating system from Amazon that was purpose built for running containers with a strong emphasis on security. The result is an operating system that comes with a variety of built-in controls for creating a secure environment for running containerized workloads.

AWS Backup Audit Manager now allows you to generate reports to track the compliance of your defined data protection policies in AWS Backup.

AWS Firewall Manager now enables you to configure logging for your AWS Network Firewalls provisioned using a Firewall Manager policy.

AWS recently released the Ransomware Risk Management on AWS Using the NIST Cyber Security Framework (CSF) whitepaper. This whitepaper aligns the National Institute of Standards and Technology (NIST) recommendations for security controls that are related to ransomware risk management, for workloads built on AWS.

If you use both AWS Security Hub and Jira Service Management, you can use the new AWS Service Management Connector for Jira Service Management to create an automated, bidirectional integration between these two products that keeps your Security Hub findings and Jira issues in sync.

New features bring increased transparency, improved interoperability, and greater automation to Google Cloud KMS.

Google announced the public preview of Cloud Armor bot management with reCAPTCHA Enterprise. This new set of capabilities is centered around a new deep integration between reCAPTCHA Enterprise and Cloud Armor.

Google announced a new capability that makes it easier than ever to monitor your Google Kubernetes Engine (GKE) deployments: GKE workload metrics.

New sovereign controls can help Cloud customers in the EU meet digital sovereignty requirements.

Microsoft announced the "Unusual Mass Downgrade AIP Label" anomaly simulator, the first in a series of simulators for Azure Sentinel Anomalies.

How Microsoft is handling supply chain disruptions.

Azure DDoS Protection Standard provides enhanced DDoS mitigation features to defend against DDoS attacks. It is automatically tuned to protect all public IP addresses in virtual networks.