How the Security team of Lyft achieved egress network traffic filtering for all their services.

The Assetnote security research team found vulnerabilities in static site generators (such as GatsbyJS and NextJS) and associated platforms (Netlify and GatsbyJS Cloud), which enabled SSRF.

Post looking at how the Slack team uses Terraform to build their infrastructure.

The Orca Research team has discovered CosMiss, a vulnerability in Microsoft Azure Cosmos DB where authentication checks were missing from Cosmos DB Notebooks.

This document covers topics related to protecting a cluster from accidental or malicious access and provides recommendations on overall security.

How YNAP used AWS Lambda functions to reduce the disaster recovery time for HashiCorp Vault to mere seconds.

An example of how you could learn about Kubernetes security and architecture by reviewing reports from Chekov.

Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database, normalizing entity identities and mapping standard relationships between them.

This action fetches secrets from Secret Manager and makes them available to later build steps via outputs.

Static checker for GitHub Actions workflow files.

A tool for Kubernetes to show differences between running state and version controlled configuration.

Helm plugin which performs backup/restore of releases in a namespace to/from a file.

How USAA's Public Cloud Security team facilitated collaboration and interactions with external vendors and AWS workloads securely by creating a scalable solution to scan S3 objects for virus and malware prior to releasing objects downstream.

How developers can get access to allow-listed resources in their virtual private cloud (VPC) directly from their workstation, by tunnelling VPN over SSH, which, in turn, is tunneled over Session Manager.

How to control outbound access to a given domain in a granular way, by resolving the domain name inside of an AWS Lambda function, and updating a Network Firewall rule variable with the results of the DNS query.

How to use Amazon Cognito to perform fine-grained authorization, which provides additional details about an authenticated user by using claims that are added to the identity token.

How to use Cloud Build's support for per-trigger service accounts to apply the principle of least privilege to builds that push images to Artifact Registry.

Cloud Workstations is a remote, managed, and secure IDE solution for developers entering Public Preview.

Microsoft announced the general availability of Azure Payment HSM, a BareMetal Infrastructure as a service (IaaS) that enables customers to have native access to payment HSM in the Azure cloud.

Create confidential VMs using Ephemeral OS disks for your stateless workloads.

Azure Storage now supports customer-managed keys using a key vault on a different Azure Active Directory tenant.