Best practices

A collection of 40 posts

Lessons from Lapsus - CISO on Building a comprehensive secrets management program

Lessons from Lapsus - CISO on Building a comprehensive secrets management program

Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.

How to Handle Secrets in Terraform

How to Handle Secrets in Terraform

DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.

How to Handle Secrets in Kubernetes

How to Handle Secrets in Kubernetes

This blog post covers creating, storing, and using secrets in Kubernetes, encryption, RBAC, and auditing. It introduces Kubernetes External Secrets and best practices to enhance security. Let's dive in!

How to Handle AWS Secrets

How to Handle AWS Secrets

In this blog post, we'll cover some best practices for managing AWS secrets when using the AWS SDK in Python.

How to Handle Secrets in Jenkins

How to Handle Secrets in Jenkins

DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.

Best Practices for Managing and Storing Secrets Including API Keys and Other Credentials [cheat sheet included]

Best Practices for Managing and Storing Secrets Including API Keys and Other Credentials [cheat sheet included]

We have compiled a list of some of the best practices to prevent API key leakage and keep secrets and credentials safe. Secrets management doesn’t have a one-size-fits-all approach, so this list considers multiple perspectives so you can be informed in deciding to or not to implement strategies.

How to Handle Secrets in Docker

How to Handle Secrets in Docker

DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.

How to Handle Secrets in Python

How to Handle Secrets in Python

DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.

How To Secure Your CI/CD Pipeline

How To Secure Your CI/CD Pipeline

After CircleCI breach, it is a good moment for any team relying on CI/CD infrastructure to review their pipeline security as there are some steps they can take to be proactive.

The Ultimate Guide to GitHub Backups

The Ultimate Guide to GitHub Backups

In such a fast-developing world, it becomes more and more important to make sure the source code and its metadata are backed up in case of an emergency. Learn everything you need to know about how to backup a GitHub repository.

Best practices for managing developer teams in GitHub Orgs

Best practices for managing developer teams in GitHub Orgs

Are you looking for ways to manage your developer team better? GitHub Orgs is a great way to keep track of repositories, branches, and collaborators all in one place. In this article, we'll share some best practices for managing developer teams in GitHub Orgs.

How to make security policies a team effort

How to make security policies a team effort

Mark Bichon from Bearer, the SAST solution for mapping sensitive data flows, shares some essential tips to create security policies that don't feel like a development slowdown.

AWS IAM Security Best Practices

AWS IAM Security Best Practices

Identity and access management is a pillar of security. With the advent of the cloud, it got a lot more complicated. Here is a recap of the best practices to put in place to secure AWS IAM.

9 Extraordinary Terraform Best Practices That Will Rock Your Infrastructure

9 Extraordinary Terraform Best Practices That Will Rock Your Infrastructure

This "best practices" article aims to tell you something you haven't read a hundred times. This article won't give you the answer to everything because there isn't one right answer that fits all. It aims to make you think about your unique situation and make the best decisions in accordance.

Securing Containers with Seccomp: Part 2

Securing Containers with Seccomp: Part 2

This tutorial will guide you through the setup of a GitHub Action generating a Seccomp filter for your application, a cutting-edge security feature for hardening containerized workloads.

Mackenzie Jackson, GitGuardian: “code security needs to be a layered approach”

Mackenzie Jackson, GitGuardian: “code security needs to be a layered approach”

Security should be something that companies implement into the software development lifecycle as early as possible. It should be a consideration at every step of development, from design and through to deployment and every incremental change made thereafter.

arrow-down