A brief on dev containers, pre-configured Docker containers for fully featured development environments.
A brief on OWASP WrongSecrets, an intentionally vulnerable web app focused on secret management hygiene.
This post describes a logical model to improve trust and transparency in software supply chain security.
A brief on the software supply chain, and its associated threats and vulnerabilities.
A brief guide to generating IaC templates, bash scripts and config files with AIaC.
A brief guide to deploying Hoppscotch, an open-source alternative to Postman API client, on Railway.
A brief guide to dockerizing a Node.js application with a Google distroless container image.
A brief guide to passwordless SSH login with FIDO2-compliant YubiKey hardware security key.
A step-by-step guide on creating an immutable ledger and storing transparency logs with Sigstore Rekor.
A step-by-step guide on signing code and software artifacts with Sigstore Cosign.