How to Handle Secrets in Python
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
Open Policy Agent with Kubernetes - Tutorial (Pt. 2)
This time, we will see how to get a deeper integration between OPA and Kubernetes with Gatekeeper and native CRD-based policies.
Open Policy Agent with Kubernetes - Tutorial (Pt. 1)
Let's get our hands dirty with policy as code and write our first OPA policies for a Kubernetes environment.
Thinking Like a Hacker: Finding Source Code Leaks on GitHub
Continuing our series about potential attack scenarios, learn how a very easy configuration mistake on GitHub can lead to a major security breach.
9 Things to Consider When Choosing an SCA Tool
Software composition analysis is an essential part of application security. Here are the important factors to consider when selecting an SCA scanner to be sure it is well-suited to your needs.
What is Policy-as-Code? An Introduction to Open Policy Agent
Learn the benefits of policy as code and start testing your policies for cloud-native environments.
Best practices for managing developer teams in GitHub Orgs
Are you looking for ways to manage your developer team better? GitHub Orgs is a great way to keep track of repositories, branches, and collaborators all in one place. In this article, we'll share some best practices for managing developer teams in GitHub Orgs.
A Brief Introduction to SBOM - Software Bill of Materials - and How to Use it with CI
Learn more about what is a Software Bills Of Materials, why use it, what are the standards and how to automate it with Continuous Integration.
Thinking Like a Hacker: Stealing Secrets with a Malicious GitHub Action
How can an attacker exploit leaked credentials? In this new series, we try to answer this question by imagining plausible attack scenarios. Fourth case: secrets are stolen with a malicious GitHub action.
Thinking Like a Hacker: Commanding a Bot Army of Compromised Twitter Accounts
How can an attacker exploit leaked credentials? In this new series, we try to answer this question by imagining plausible attack scenarios. Third case: Twitter API keys are used to pump an altcoin.
GitHub Security 101: Best Practices for Securing your Repository
DevSecOps expert and GitHub Star Sonya Moisset shared with us her tips to improve your open-source repository's security in a few simple steps.
Thinking Like a Hacker: AWS Keys in Private Repos
How can an attacker exploit leaked credentials? In this new series, we try to answer this question by imagining plausible attack scenarios. Second case: an AWS secret is found in a private repository.
