Agent Skills provide an opportunity to scale engineering, but also opens potential new attack surfaces, as highlighted in a previous blog post1 I wrote for the Platform Engineering community. In this tutorial, we'll discuss how devs can securely cons...
Liran Tal of Snyk published a really useful Github repo called “Awesome npm security best practices1”. In this repo, Liran discusses structural constraints within the CLI toolchain, highlighting many practical, architectural shifts away from npm’s hi...
Instead of a Dockerfile, we write YAML-based files for apko1. This file tells apko exactly which repositories to trust and which packages to materialise into the image.
mkdir apko-demo && cd apko-demo && cat ...
I’m working in software supply chain security, with a specific focus on secure Kubernetes deployments. In a DevOps capacity, I’m focused specifically on ensuring that my container images have as few software vulnerabilities as possible. I believe Wol...
Since its inception in 2013, OWASP Dependency-Track1 has been at the forefront of analysing Software Bill of Materials SBOM for cybersecurity risk identification and reduction. Dependency-Track allows organisations and governments to operationalise S...
I started working on a bash script called exploit-check.sh1 some time ago. The script does a bunch of odd jobs, but one specific task is to query a known vulnerability CVE ID to get a description of the vulnerability and more importantly tie it back ...