This week's articles
69 Ways to F*** Up Your Deploy
This post is a cursed compendium of 69 ways to f*** up your deploy. It is the irreverent Grimms Brothers version of deployment scenarios.
#attack
#ci/cd
#defend
Exploring Amazon VPC Lattice
AWS has recently released VPC Lattice to General Availability. This post walks through creating a simple VPC Lattice service using CloudFormation, and takes a look at the service overall.
#aws
#explain
Docker Scout
Docker Desktop introduced Docker Scout, a tool that provides visibility into image vulnerabilities and recommendations for quick remediation.
#announcement
#containers
#defend
Two Minor Cross-Tenant Vulnerabilities in AWS App Runner
These vulnerabilities leaked configuration information across tenant boundaries. While they are both minor issues, they further demonstrate that undocumented AWS APIs have lacked the scrutiny of AWS as well as the cloud security community.
#attack
#aws
Helm completes fuzzing security audit
The fuzzing involved enrolling Helm in the OSS-Fuzz project and writing a set of fuzzers that further enriches the test coverage of Helm. In total, 38 fuzzers were written, and nine bugs were found (with eight fixed so far).
#defend
#kubernetes
Announcing SLSA v1.0 Release Candidate 2
SLSA v1.0 Release Candidate 2 has been announced. This is intended to be the final release candidate before marking v1.0 as an Approved Specification.
#announcement
#supply-chain
|