This week's articles
How Threat Actors Use GitHub
The article explains how threat actors leverage GitHub for command and control & data exfiltration, malware delivery, and supply chain attacks.
Unleashing in-toto: The API of DevSecOps
The article discusses the importance of integrating security into the DevOps process and introduces In-Toto, an open-source framework that provides a way to verify the integrity of software supply chains. It explains how In-Toto can be used as an API in DevSecOps to ensure the security and trustworthiness of software.
Terraform best practices for reliability at any scale
#aws, #build, #terraform
At scale, many Terraform state files are better than one. But how do you draw the boundaries and decide which resources belong in which state files? What are the best practices for organizing Terraform state files to maximize reliability, minimize the blast-radius of changes, and align with the design of cloud providers?