This week's articles
Terraform as part of the software supply chain
Post examining the supply chain aspects of Terraform, starting with a closer look at malicious Terraform modules and providers and how you can better secure them.
#attack
#supply-chain
#terraform
Democratizing Security Detection
Security detection programs face significant scaling challenges. This post shares Palantir's learnings and suggests actionable detection strategies.
#defend
#monitor
#strategy
Purpose-based access controls at Palantir
Tracking who has access to what information and why, across thousands of datasets and users, is an intractable challenge. Here's how Palantir solved it.
#defend
#design
The State of Secrets Sprawl 2022
The 2022 State of Secrets Sprawl report measures the exposure of secrets within GitHub, Docker and internal repos and how it is evolving year to year.
#ci/cd
#supply-chain
Dealing with Multiple SBOMs
SBOMs do not need to look the same to validate the artifacts described in them. As long as the data inside is correct you should be able to do it.
#build
#supply-chain
|