Post discussing the strengths and weaknesses of four of the most popular CI vendors (Jenkins, GitHub Actions, CircleCI and GitLab CI/CD) around common credential hygiene issues.

Post providing information about Kubernetes network attack surface, some tricks for identifying Kubernetes clusters based on their responses to basic requests, and what information is visible on the Internet relating to exposed Kubernetes services.

Document explaining the authorization model, potential security threats, and HashiCorp's recommendations for securely using Terraform Cloud.

What is SOC 2? SOC 2 is a cybersecurity compliance reporting framework that companies from all industries can use to prove security to interested third parties such as potential customers or investors. If you've been looking for SOC 2 content, look no further.

Using Sigstore, we can iteratively improve our supply chain security, starting with signed attestations and moving toward signed provenance to protect the build.

Post exploring key points in log anomaly detection with some techniques used to identify log events of interest.

Post explaining how workload identity federation on AKS works, and how to set it up.

Cross-cloud cost allocation models for Kubernetes workloads.

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

This repository can be used to configure and manage complete EKS clusters that are fully bootstrapped with the operational software that is needed to deploy and operate workloads.

AWS CloudFormation StackSets launched a new feature that allows you to deploy stack sets to selected AWS accounts in an Organizational Unit (OU) in a single operation.

AWS has released IAM Roles Anywhere, a feature that extends the capabilities of IAM roles to workloads outside AWS. This feature provides a secure way to obtain temporary AWS credentials and removes the need for long-term AWS credentials.

Announcing Google Public Sector, a new Google division that will focus on helping U.S. public sector institutions accelerate their digital transformations.

GKE Autopilot has new networking GA features: Egress NAT policy for IP masquerading and the eBPF-based Dataplane V2 for Network Policy and Network Policy Logging.

Bound service account tokens are becoming the default format in Kubernetes 1.21. This will ultimately enhance the authentication layer, but you may need to modify your applications to take advantage of the new security capabilities.

Multi-user authorization for Backup provides enhanced protection for your backup data in recovery services vaults against unauthorized critical operations.