There is a lot of information out there (and growing) on software supply chain security. This info covers the basics around source and build, but does it cover all of your full software supply chain lifecycle? Is your build env at runtime protected? Is your application post deploy protected at runtime? This article will not only discuss what these concepts are, but provide additional discussions around the following: Read on brave reader…

We are thrilled to announce native support of Kong Mesh, Istio and Kuma within Styra Declarative Authorization Service (DAS), enabling users to combine stellar service mesh solutions with the only authorization management platform that supports trusted cloud architecture. Styra DAS allows teams to manage policies across a broad spectrum of systems, like Kubernetes, microservices, public cloud, and more.

Authorization is a critical part of developing any application. When building an app, at some point you will want to control the data and views that a user or system has access to, and one way you can do that is by writing authorization directly into your app. However, over time this can be challenging to manage because when you make changes to your authorization policies you also need to make changes to the application.

Google Cloud is helping businesses build and deploy apps faster than ever before, but at the same time, cloud teams must consider how to implement secure DevOps practices to avoid risk. We’re partnering with Google Cloud to provide security solutions to cloud teams to simplify safeguarding cloud and containers. Today, we announced our collaboration with Google Cloud.

You’ve got a problem to solve and turned to Google Cloud Platform to build and host your solution. You create your account and are all set to brew some coffee and sit down at your workstation to architect, code, build, and deploy. Except… you aren’t. There are many knobs you must tweak and practices to put into action if you want your solution to be operative, secure, reliable, performant, and cost effective.

CVE-2021-25741 is a new vulnerability discovered in Kubernetes that allows users to create a container with subpath volume mounts to access files & directories outside of the volume, including the host filesystem. It was disclosed in September 2021 and affects kubelet, which is the node agent that runs on each Kubernetes node. In particular CVE-2021-25741 affects kubelet in these Kubernetes versions.

We’re excited to share that you can now use Snyk Container to scan container images stored in many more container registries. The latest additions include Github Container Registry, Nexus, DigitalOcean, GitLab Container Registry, and Google Artifact Registry.

Internet-facing applications are some of the most targeted workloads by threat actors. Securing this type of application is a must in order to protect your network, but this task is more complex in Kubernetes than in traditional environments, and it poses some challenges. Not only are threats magnified in a Kubernetes environment, but internet-facing applications in Kubernetes are also more vulnerable than their counterparts in traditional environments.

One of the most critical aspects of managing policy-as-code at scale is ensuring safety when deploying policy changes to production workloads. A misconfiguration or errant rule can lead to consequences such as overly permissive systems, service outages, and other forms of application or platform issues.