If your security team is concerned about supply chain risk, it's a good idea to look at your GitHub settings. GitHub describes several security features and best practices in their documentation for account security and organization security, but this post goes beyond the documentation. It's a step-by-step process for securing your GitHub organization.

How a vulnerable AWS Lambda function could be used by attackers, and some best practices to mitigate these attacks.

Some of war stories from NCC about what they have observed and been able to demonstrate on CI/CD pipeline security assessments, clearly showing why there is the saying, "they are execution engines"

A walk-through for anyone who hasn't yet created their first Google Identity domain for experimentation in GCP.

Learn how packets flow inside and outside a Kubernetes cluster. Starting from the initial web request and down to the container hosting the application.

If you use OIDC to deploy from Github Action to AWS, update the trusted thumbprint!

An intuitive, easy way to build IAM policy docs in a "constructor" pattern using Terraform.

A Private Terraform Module Registry.

Terraform for the UK Ministry of Justice AWS root account.

Scans every git push to your Github organisations to find unwanted secrets.

A repo to automatically generate and keep updated a series of Docker images through GitHub Actions.

Implement a backup strategy, Incorporate backup in DR and BCP, Automate backup operations, Implement access control mechanisms, Encrypt backup data and vault, and more.

How to leverage AWS Audit Manager to create a tailored audit framework to continuously evaluate your organization's AWS infrastructure against the relevant industry compliance requirements your organization needs to adhere to.

AWS Trusted Advisor adds 111 checks automatically ingested from AWS Security Hub's Foundational Security Best Practices.

Whitepaper providing an overview of Google's Cloud HSM architecture.

Microsoft announced an open-source project called Azure AD workload identity for Kubernetes. It leverages the public preview capability of Azure AD workload identity federation. With this project, developers can use native Kubernetes concepts of service accounts and federation to access Azure AD protected resources, such as Azure and Microsoft Graph, without needing secrets.