Open sourcing an automated process to get Neo4J and Cartography up and running in a Kubernetes cluster, using HashiCorp Vault as a secrets management engine.

Blog providing details on new data sources, cloud changes, container techniques and more additions to ATT&CK v9.

Post explaining the basic concepts for integrating your own Response Engine into K8S with the stack Falco + Falcosidekick + OpenFaaS.

It's recommended to store sensitive data of cloud native applications using a built-in secrets object type rather than Kubernetes Configmaps.

Guide describing HashiCorp's recommended Terraform practices and how to adopt them.

Cheat sheet aiming to provide an easy to use list of common security mistakes and good practices that will help you secure your Docker containers.

How to monitor AWS SQS with Prometheus, leveraging the data offered by CloudWatch exporting the metrics to Prometheus using the YACE exporter (Yet Another CloudWatch Exporter).

Secrets management is an important indicator of security maturity. This blog gives 10 pointers on how to do secrets management well.

How to use Helm and Helm Charts to create reproducible security in Kubernetes deployments, with a particular emphasis on user management with RBAC, secrets management, and chain of custody and provenance files.

Another excellent threat model exercise conducted by Trail of Bits, this time on ArgoCD.

A tool focused on analysing and attacking Docker images.

Mirror images into your own registry and swap image references automatically.

Helps you to export your cluster's kube-bench reports to remote targets like multiple Amazon S3 buckets, Azure blob storage, etc. in one-go with ease.

Different backup and restore strategies to meet the DR needs for your workload.

How to deploy a demo AWS Network Firewall within your AWS account to interact, first-hand, with its rules engine.

Configuration as Data is an emerging cloud infrastructure management paradigm that allows developers to declare the desired state of their applications and infrastructure, without specifying the precise actions or steps for how to achieve it. Config Connector is the tool that allows you to express configuration as data in Google Cloud. There is also a sample repo.

Google launched an updated version of their Google Cloud security foundations guide and corresponding Terraform blueprint scripts, which provide step-by-step guidance for creating a secured landing zone into which you can configure and deploy your Google Cloud workloads.

There are a variety of authentication methods that service accounts can employ, and it's important to use the right one based on your needs.

Whitepaper describing what a cloud transformation means for risk, compliance, and audit functions, and how to best position those programs for success in the cloud world.

Google announced the Preview release of the GKE Gateway controller, GCP's implementation of the Gateway API. Over a year in the making, the GKE Gateway controller manages internal and external HTTP/S load balancing for a GKE cluster or a fleet of GKE clusters.