Some best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO.

There are many things you must set up if you want your solution to be operative, secure, reliable, performant, and cost effective. And, first things first, the best time to do that is now - right from the beginning, before you start to design and engineer.

Effective vulnerability management is a cornerstone of any security program. This post explains how Palantir streamlines and automates vulnerability remediation efforts.

A 2 part series on the state of Application Security at Wise, describing their integration of security in the Software Development Lifecycle (part 1, part 2).

You may have heard about EO 14028, the "Executive Order on Improving the Nation's Cybersecurity", which mandates the establishment of minimum supply chain security standards for all software consumed by the US government. This post tries to lay it out in plain English and share steps to help you get ready to meet the timelines.

workerd is the JavaScript/Wasm runtime code that powers Cloudflare Workers, now open source under the Apache 2.0 license.

An overview of available configuration options and best practices for cluster multi-tenancy.

Post walking through the risks of using the workflow_run GitHub trigger, with concrete examples.

Post covering the steps to take in order to use Kyverno to automatically configure the annotations that enable access logs for an AWS Network Load Balancer (NLB) to be forwarded to an S3 bucket.

A step by step tutorial on how to run Tailscale in ECS.

Chainguard Images is a collection of container images designed for minimalism and security.

Badrobot is a Kubernetes Operator audit tool. It statically analyses manifests for high risk configurations such as lack of security restrictions on the deployed controller and the permissions of an associated clusterole.

View a GCP project's API/service endpoint configurations.

Permission Manager is a project that brings sanity to Kubernetes RBAC and Users management, Web UI FTW.

A short primer on Kubernetes Pod Security Standards.

Some best practices to implement before you enable Amazon Macie across all of your AWS accounts within AWS Organizations.

Post walking through the EC2 forensic module factory solution to deploy automation to build forensic kernel modules that are required for EC2 incident response automation.

Policy Controller enables the enforcement of programmable policies for Anthos clusters. It is now easier to export and visualize these metrics.

Announcing Log Analytics, a new set of features in Cloud Logging, powered by BigQuery that allows you to gain even more insights from your logs.

In the latest release, Google Cloud Deploy add supports for Cloud Run deployment and deployment verification in Preview.

Organization Policy Service is a powerful tool for creating broad security guardrails in the cloud. Learn more about how this Best Kept Security Secret works.

Post providing some explanations and tips for investigators so to be able to easily understand, in any situation, what data is available, and in which portal.

Microsoft announced the release of the Microsoft Defender for Office 365 Security Operations Guide, which gives an overview of the requirements and tasks for successfully operating Microsoft Defender for Office 365.