Supply chain Levels for Software Artifacts (SLSA) is an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain. It is inspired by Google's internal "Binary Authorization for Borg" which has been in use for the past 8+ years.

Evaluating major Policy as Code tools for usability and performance.

Using a bug in Microsoft Power Apps and Microsoft Teams tabs to steal authentication tokens, emails, Teams messages, OneDrive and SharePoint files and more.

Post looking at audit log policies and how Kubernetes uses them to generate audit logs.

An hacky way to protect Kubernetes config files against accidental or malicious change or reading.

Post explaining what Kubernetes network policies are, their fundamentals, and how to use NetworkPolicy agents.

Technical deep dive on what happens when you type "kubectl exec".

A concrete example of a full Azure DevOps pipeline (along with Terraform code) leveraging Checkov and manual approval processes.

An exploit which allowed to break out of the App Engine sandbox and get arbitrary code execution on a Google server.

HaschiCorp is making changes to Vagrant that will maintain its Ruby-based features while being ported to Go.

The Codeowners Validator project validates the GitHub CODEOWNERS file based on specified checks.

SSM Tree is a tool that provides a tree visualization of the parameters hierarchy from AWS System Manager Parameter Store.

Run your GitHub Actions locally.

Deploy an IAP-secured application to Cloud Run using Terraform.

You can now specify a new property called DeprecationTime on your Amazon Machine Images (AMIs) to indicate when the AMI will become outdated.

This post examines the types of controls you need to provide a gateway that can meet Australian Government requirements defined in the Protective Security Policy Framework (PSPF) and the challenges of using traditional deployment models to support cloud-based solutions.

AWS Key Management Service (AWS KMS) is introducing multi-Region keys, a new capability that lets you replicate keys from one Amazon Web Services (AWS) Region into another.

Google Cloud CISO Phil Venables shares his thoughts on ransomware, software supply chains, and RSA retrospectives.

You can now govern Service Principals with Azure AD Access Reviews.

How you can leverage Azure Sentinel to gain visibility into Microsoft Secure Score alongside other security data.

Microsoft's Azure Sentinel now provides a Timeline view within the Incident where alerts now display remediation steps.