#DevOpsSpeakeasy at #KubeCon EU 2022 with James Strong on Supply Chain Security
James Strong, lead solution architect at Chainguard, discusses the challenges of securing software supply chains and recommendations for developers
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Building Modern Access-Control for Cloud Applications with Or Weis | SnykLIVE Recording
With the growing complexity of modern applications and microservices based architectures getting access-control right has become a huge ongoing pain-point, as companies find themselves reimplementing access-control over and over. Solutions are found in the new tool sets of policy as code, as well as the 5 best practices and open-source tools (e.g. OPA, OPAL, Zanzibar) we can use to face the challenge.
BlackHat 2022 key takeaways - Everything you need to know from BlackHat 25
Slides - BlackHat 25 was big, with hundreds of briefings, training sessions, vendor booths, and of course, parties, it is hard to get to everything. That's why this year we are covering the key trends and takeaways from the briefings of the 25th installment of BlackHat. This video covers 4 main takeaways This video covers a lot of different talks but if you want more information see links below to interesting blogs and whitepapers.
Securing Cloud Infrastructure with Teleport and AWS Identity Federation
Over the last decade, enterprises have accelerated the adoption of the cloud. According to the State of the Cloud report by Flexera, the average annual spend on cloud computing is over $62 million. As enterprises continue to invest in the cloud, AWS, the market leader in cloud computing, is growing at a rapid pace. The rise of cloud computing poses new challenges to enterprise IT. With each department migrating and managing their workloads in AWS, there is a proliferation of accounts, users and roles.
PyPi Malware Stealing Discord and Roblox Payment Info
Raul Onitza-Klugman, Senior Security Researcher at Snyk, joins Kyle to take a deep dive in to the latest set of malicious packages discovered by the Snyk Security Research team. Join us as we discuss how these findings came to be, what they mean for open source security, and some hypotheses about the future of supply chain security.
Stranger Danger: Your Java Attack Surface Just Got Bigger
Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.
A new generation of OTA updates for Linux devices with Jfrog Connect
Discover how you can update, control, monitor and secure remote Linux & IoT devices, at scale, with the click of a button.
Why You Should Get Started with the Rego Policy Language
The Rego policy language is the backbone of Open Policy Agent (OPA), the policy enforcement tool that helps simplify cloud-native development at scale. With OPA Rego policy, the result is a reduced manual authorization burden, improved accuracy, and quicker time to market. But yes, there’s a learning curve, which makes Rego a main barrier to using OPA. You might be hesitant about the time investment needed to learn a new, highly specified language.
New Integrations Just Announced: CircleCI and Travis CI
Since working on a spreadsheet, you and your team have come a long way. You’re enjoying the ease of working in TrustOps because it automates control mapping, test creation, and evidence workflows. However, you’re looking for ways to save a bit more time, so you can focus on your day job and growing list of priorities. Collecting evidence to validate compliance controls takes time and affects your team’s productivity, including HR, IT, and DevOps.
Kubernetes version 1.25 - everything you should know
Kubernetes' new version - version 1.25 - will be released on Tuesday 23rd August 2022, and it comes with 40 new enhancements in various areas and numerous bug fixes. This blog will focus on the highlighted changes from each special interest group (SIG) in the upcoming release and ensure you are confident before upgrading your clusters.