Skyscanner built a tool which allows to visualise and audit the security of serverless assets. I'd recommend you to read the companion blog post as well, as it nicely describes different concepts related to AWS Lambda, as well as common pitfalls and vulnerabilities.

You might have already heard of it, but this time CloudMapper has been updated/redesigned to become a monitoring solution, so that it can run continuously to provide ongoing alerting and situational awareness in AWS without incurring significant cost or overhead.

This is the transcript of a presentation which covers the process of evaluating community content before incorporating it into automation playbooks, as well as the risks involved in including external dependencies and how to mitigate those risks. I particularly like this sentence: ''Another important component of relying on upstream packages is trust. If you're building infrastructure or setting up networking for an application important to your company's financial success, you better be sure you can trust the upstream maintainers''.

This post from @clintgibler is a goldmine of useful information. It covers the talks delivered at DevSecCon Seattle, from continuous compliance to secure wrapper libraries and others.

HashiCorp exploring quantum cryptography, its implications, and how to integrate these concepts within Vault.

Slides from the Capsule8 talk at Black Hat USA 2019. Definitely not for beginners, as it goes in technical depth over concepts like Container Engine Vulnerabilities, Escapes via Insecure Configurations, and Kernel Exploitation.

How to enable a least-privilege type of access to a cluster using the concept of 'impersonation', with the goal of reducing the likelihood of accidentally performing unwanted actions.

Related to the previous post, kubectl-sudo is a kubectl plugin which allows users to run Kubernetes commands with the security privileges of another user. This way it should be possible to reduce the surface of unwanted or unexpected actions, by reducing the default privileges a cluster administrator to the level of an unprivileged account, and then give them the ability to impersonate users and groups when needed.

If you haven't seen CCAT before, it is a tool for testing the security of container environments. Up to now it was AWS-specific, but this past week support for GCP (to each of the existing modules) has been added.