This week's articles
SBOM + SLSA: Accelerating SBOM success with the help of SLSA
Post explaining the strengths of SBOMs and SLSA and how they fundamentally differ, and shows how SLSA principles can both support the generation of high-quality SBOMs and help consumers respond to supply chain attacks.
Increasing the security bar in Ingress-NGINX v1.2.0
The Ingress may be one of the most targeted components of Kubernetes. While its risks are well understood, it's not an easy process to tackle them, so the Kubernetes community took another approach to reduce (but not remove!) them in the current (v1.2.0) release: by isolating the NGINX service as a container inside the controller container.
Bottlerocket Security Guidance
Recommendations, details, and examples to help you create a configuration that meets your security and compliance requirements.
Intro to OCI Reference Types
What is OCI? OCI stands for Open Container Initiative. This is a group which oversees a collection of open specifications relating to containers. If you have ever run an application on Kubernetes, then you have leveraged OCI.