Kondukto AppSec Orchestration & Correlation Platform
We are Kondukto, this is where AppSec meets DevOps.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
DevOps
Open Policy Agent in Practice: From Angular to OPA in Chef Automate
From the Open Policy Agent Summit at KubeCon, Michael Sorens from Chef discusses how OPA provides granular authorization within applications:
Open Policy Agent at Scale: How Pinterest Manages Policy Distribution
From the Open Policy Agent Summit at KubeCon, Jeremy Krach and Will Fu discuss how OPA policies are authored, distributed, and utilized at Pinterest (service mesh, kafka, internal tools). They also cover lessons learned in the process.
TripAdvisor: Building a Testing Framework for Integrating Open Policy Agent into Kubernetes
From the Open Policy Agent Summit at KubeCon, Luke Massa from TripAdvisor discusses how he leveraged OPA’s API and unit test framework. The example shown is a system in which you write k8s admission policy alongside some mock changes to the cluster, some of which should be accepted and some of which should not be, and then run code that tells you whether your policy matches your expectation.
Deploying Open Policy Agent at Atlassian
From the Open Policy Agent Summit at KubeCon, Chris Stivers and Nicholas Higgins from Atlassian walk through their journey building a global authorization platform with Open Policy Agent and the help of Fluentd, S3, CDN's, Amazon Kinesis, and many more.
Open Policy Agent for Policy-enabled Kubernetes and CICD
From the Open Policy Agent Summit at KubeCon, Jiummy Ray from CapitalOne discusses how you can satisfy compliance, governance, and security requirements effectively with OPA.
PSA: Beware of Exposing Ports in Docker
Docker is an awesome technology, and it’s prevalent in nearly every software developer’s workflow. It is useful for creating identical environments and sharing them between development, testing, production, and others. It’s a great way to ship a reliable software environment between systems or even to customers. However, like with any technology, one must know how to be secure when using it.
Modern compliance with Sysdig Secure DevOps Platform
Authorization to Operate (ATO) in a day and on-going authorization are compliance nirvana. The ATO is the authorizing official’s statement that they accept the risk associated with the system running in production environments using live business data. The idea that all of the information necessary to make a risk decision is at hand and can be consumed by decision makers is what every compliance program is trying to achieve.
Technado, Episode 128: CyberArmor's Shauli Rozen
With the short week for the Thanksgiving holiday in the US, the Technado team decided to have a little fun by looking back at some of the dumbest tech headlines from 2019. Romanian witches online, flat-earthers, and fake food for virtual dogs - what a time to be alive. Then, Shauli Rozen joined all the way from Israel to talk about a zero-trust environment in DevOps. IT skills & certification training that’s effective & engaging. Binge-worthy learning for IT teams & individuals with 4000+ hours of on-demand video courses led by top-rated trainers. New content added daily.
Announcing Datadog Security Monitoring
With the growing complexity and velocity of security threats in dynamic, cloud-native environments, it’s more important than ever for security teams to have the same visibility into their infrastructure, network, and applications that developers and operations do. Conversely, as developers and operations become responsible for securing their services, they need their monitoring platform to help surface possible threats.