Even with Kubernetes’ new, longer release cycle in place, it doesn’t seem long since the last version came along with all its new features, but 1.22 is upon us. As ever, there’s an interesting mix of new features that are starting their maturation process as alpha releases and other features that are graduating to …

Digital leaders must adapt, scale, and fine-tune their operations and the solutions they provide to their customers to keep up with market demands. GitLab provides a complete DevOps platform in a single application to help developers and engineers across all industries to be successful. With many high-profile …

Trivy is a comprehensive, easy-to-use open source vulnerability scanner for container images. Since its introduction two years ago, the project has gained a broad following among open source community members. I’m excited to share that it has now become the first container image vulnerability scanner to surpass …

One of the great security benefits of the move to cloud native development is the increased use of Infrastructure as Code (IaC) to describe computing environments. Once things are described as code, we can shift left and secure our environments before they’re deployed. As a major new feature, the latest version of …

Digital transformation is fundamentally changing how organizations compete and engage with customers, even redefining traditional labor-intensive industries. A great example of this is Forum Engineering, a staffing company from Japan, which developed an AI-based Software-as-a-Service solution to stay ahead of the …

If you work with containers long enough, you already know that containers should not be considered as security boundaries. In this blog, we’ll explore how different container isolation techniques intend to provide a solution to this problem, and whether their strengths and weaknesses make them a practical choice.

One of the fundamental questions in container security, since the early days of Docker, is whether a container constitutes a security boundary. In this first part of a two-blog discussion of containers and isolation, we take a look at the security boundary question, along with key examples. Part II will continue …

Coming from a software engineering background, we built tfsec to help developers like us scan their infrastructure-as-code (IaC) templates and prevent cloud misconfigurations from being deployed. Teams at the world’s leading organizations are now leveraging tfsec to “shift left” and introduce security earlier in …

Hot on the heels of highly publicized attacks like those affecting Solarwinds and Codecov, organizations are taking a firm stance on software supply chain security. But in order to be effective at securing the slurry of artifacts that get incorporated into cloud native applications, we must first understand the …

A single vulnerability in one of the code dependencies can put an entire application at risk, yet 48% of organizations knowingly push vulnerable code into production regularly. With a heavy reliance on open source software to build applications, patching a myriad of vulnerabilities has become an extremely hard and …