This week's articles
Modernizing LinkedIn’s Static Application Security Testing Capabilities to protect our members
LinkedIn has modernized its Static Application Security Testing (SAST) capabilities to enhance security for its members by analyzing source code for vulnerabilities early in the development lifecycle. They rebuilt their SAST pipeline natively on GitHub Actions, integrating CodeQL and Semgrep scanners, and they also deviated from the default "paved path" approach.
#build
#ci/cd
#strategy
Hardened Images for Everyone
Docker made their Docker Hardened Images (DHI), a secure, minimal, production-ready set of images, freely available and open source to everyone who builds software.
#containers
#supply-chain
#build
#announcement
BadPods Series: Everything Allowed on AWS EKS
How to exploit misconfigured Kubernetes pods on AWS EKS using BishopFox's BadPods "everything-allowed" manifest. Shows container escape via chroot, lateral movement using nsenter, and cloud credential theft via IMDS.
#aws
#kubernetes
#containers
#attack
|