The Muggles Guide to Software Supply Chain Security
The muggles guide to software supply chain security, a short compendium.
Topic
DevSecOps
A collection of posts on DevSecOps.
Generate SBOMs for Container Images using Syft
A brief on generating SBOMs (software bill of materials) for container images using Syft.
What is SBOM?
A brief on software bill of materials, or SBOM, and why it is important to software supply chain security.
What is Sigstore?
A brief on sigstore - a new approach for signing, verifying and protecting software.
NIST SP 800-218: Secure Software Development Framework
A gist of the NIST SP 800-218 publication on Secure Software Development Framework.
Detect Leaked Secrets with TruffleHog
A brief guide on detecting leaked secrets using open-source Trufflehog.
Container Vulnerability Scanning with Trivy
A brief on container vulnerability scanning with open source Trivy.
15 Things I Learnt from Google on Shifting Left in Security
Google’s white paper on shifting left in security offers high-signal insights that you can adopt today.