Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevOps

HashiCorp +Styra: Validate Terraform Infrastructure using Styra DAS and Terraform Cloud

Jan 25, 2023 By Styra In Styra
Security teams must constantly scan infrastructure for policy violations. HashiCorp’s Terraform Cloud, and Styra DAS, an OPA-based authorization management platform, work together to keep infrastructure compliant by mandating verification of Terraform configurations at provisioning.
View Video
styra

What is Service Mesh in Microservices?

Jan 25, 2023 By Chris Hendrix In Styra

The microservice architecture involves breaking the application into small interconnected services, each performing a specific task. This breakdown enables developers to work on individual services without affecting the rest of the application, leading to more agility and easier scaling. These services communicate through APIs and, as the number of services within an application increases, developers may introduce a microservice service mesh to control all the service-to-service communication.

Read Post
rezilion

Best Practices for Securing the Software Supply Chain

Jan 24, 2023 By Rezilion In Rezilion

There are several best practices for securing the software supply chain. Failing to do so is like leaving open the vault in your home containing your most valuable possessions and sensitive documents. There are an average of 203 open source dependencies per repository in today’s software supply chains. A staggering 99% of codebases contain open source code and between 85 to 97% of enterprise codebases are generated from open source, according to GitHub.

Read Post
mend

Building a Modern Application Security Strategy. Part One: Threats, Opportunities, and Challenges

Jan 24, 2023 By Adam Murray In Mend

First of a two-part series The online world is now packed with applications, so it’s unsurprising that they’re a top target for threat actors. However, traditional application security (AppSec) strategies often prove ineffective. To defend themselves against the rapidly evolving threat landscape, organizations need to build a modern AppSec strategy that addresses these fast-changing conditions.

Read Post
styra

Beyond OPA Gatekeeper: Enterprise-scale Admission Control for Kubernetes

Jan 24, 2023 By Adam Sandor In Styra

OPA Gatekeeper is the most popular solution for enforcing admission control policies on Kubernetes clusters. It was designed for policy management on a single cluster. Styra DAS (built by the creators of OPA) aims to provide the next step for enterprise companies with centralized policy management over tens or hundreds of clusters and policy use cases beyond Kubernetes. In this post, we explain how Styra DAS differs from OPA Gatekeeper and how our enterprise focus led to different design decisions.

Read Post

Automating Kubernetes Backups with CloudCasa REST APIs

Jan 23, 2023 By CloudCasa In CloudCasa
For power users who want to run their scripts from the command line or use workflow automation tools to provision their environments, watch this short tutorial on how to use the CloudCasa REST API to manage Kubernetes backups. The tutorial goes through an example of executing a CloudCasa backup job through the REST API, which requires tasks such as querying for backup job ids and invoking an action against that job through an http request.
View Video

[Webinar] How You Should Not Remediate Your Hardcoded Secrets

Jan 23, 2023 By GitGuardian In GitGuardian
If you have ever run a secrets scanner against your entire codebase, it has likely raised hundreds if not thousands of findings, leaving you wondering, "Where should I start?" Unlike other vulnerabilities, hardcoded secrets represent a threat by themselves whether your code is running or not. Attackers with access to a repository will scan it inside out for secrets, turning every occurrence into a risk you cannot ignore. Still, this does not mean that you should treat all incidents equally!
View Video
CalCom

Domain member: Digitally encrypt secure channel data

Jan 21, 2023 By John Gates In CalCom
Digitally Encrypt Secure Channel Data is a security setting used for digitally securing the data that’s transmitted over the secure data channel network. The data transmitted between the domain member and the domain controller must be encrypted and secured with the latest technology to ensure that no unauthorized user gets access to the confidential data.
Read Post
Sponsored Post
eventsentry

The Life of the Sysadmin: A Patch Tuesday Story

Jan 20, 2023 By Mariano Bruno In EventSentry

The System Administrator! AKA the Sysadmin. The keeper of the network, computers – well basically all things technology. The one who is hated for imposing complex passwords and other restrictions, but taken for granted when everything works well. They are the first to be called when “facebuuk.com” reports: “domain does not exist”.

Read Post
Subscribe to DevOps

Copyright © 2024 OpsMatters™. All rights reserved.