CNCF SIG Security is creating a catalog of software supply chain compromises. The goal is not to catalog every known supply chain attack, but rather to capture many examples of different kinds of attack, so that we can better understand the patterns and develop best practices and tools.

Still on the topic of supply chain security, this is a nice post describing how easy it is to end up with malicious libraries in your codebase.

AWS AssumeRole accepts an optional parameter called "sts:ExternalId" which is intended to mitigate certain types of attacks. However, both the attacks that sts:ExternalId mitigates and how to properly use it are widely misunderstood, resulting in large numbers of vulnerable AWS-based applications. This post aims to describe what sts:ExternalId does, when to use it, and how to use it.

Talk that Chris Farris (@jcfarris) delivered at AWS re:Invent 2019, describing how they do security monitoring and IR on AWS.

kube-psp-advisor is a tool that makes it easier to create K8s Pod Security Policies (PSPs) from either a live K8s environment or from a single .yaml file containing a pod specification (Deployment, DaemonSet, Pod, etc).

kube-query is an extension for osquery, letting you visualize your cluster using SQL queries.

Learn how to import AWS Config rules evaluations as findings in Security Hub.

The California Consumer Privacy Act (CCPA) is a data privacy law that imposes new requirements on businesses and gives consumers in California the right to access, delete, and opt-out of the "sale" of their personal information. Google Cloud is now committed to supporting CCPA compliance across G Suite and Google Cloud products.