How to fix the top 10 insecure defaults in AWS

DevSecOps quickly becomes a reality in many software development organizations. Those companies put security in the front seat and acknowledge it is an important factor to take into account. Knowledge increases...
Gitlab 14

Gitlab 14 – what’s new and improved

In today's DevOps-dominated world, robust CI/CD pipelines are critical for every stage in your Software Delivery pipeline. The right tools for your developer teams are essential to make this happen. A...
Weakest link

Practical guidelines to secure your APIs

In an API first approach, your software applications expose and consume their data through (REST) APIs. Those applications do not use legacy & fixed connections to external systems anymore. Instead, they...
Sonatype Nexus build smarter, fix faster, be secure

Sonatype Nexus: build smarter, fix faster, be secure

The Nexus platform: build smarter, fix faster, be secure. This article provides an overview of the Sonatype Nexus Platform. The most commonly known component in that platform probably is Repository, but there...
Tests maintenance

What is continuous testing and why does it matter?

Modern DevOps teams employ professionals which master multiple skills. Strong software development skills are one of the most important. Your team members also need to have a security mindset. And last...
SAST tool selection - integrations

SAST tool selection – tips to pick the right one for you

Every organization which treads security as a top priority needs a Static Application Security Testing (SAST) tool. Run this tool against every software application before you push out new versions to...
How to migrate Kubernetes Pod Security Policy (PSP) using OPA and Styra DAS

How to migrate Kubernetes Pod Security Policy (PSP) using OPA and Styra DAS

The Kubernetes Pod Security Policy (PSP) was one of the first reliable security controls introduced by Kubernetes. It was an Admission Controller that simply checked whether or not the Pods being...
Predictive Scaling Policy

Same-day Terraform support for EC2 Predictive Scaling Policy

AWS is always bringing out new services, enhancing current ones; they are released at a pace that would be considered impossible even a couple of years ago. While this is awesome...
Penetration Testing – think and act like an attacker

Penetration Testing – think and act like an attacker

Organizations increasingly face the pressure to strengthen the security of their systems. Data protection is a hot topic for good reasons: to protect what's most important to them. Local security scans,...
Nomad 1.1

Announcing General Availability of HashiCorp Nomad 1.1

Nomad is one of Hashicorp’s products that I feel more people should take a look at. It offers a viable alternative or even a supplement to Kubernetes in that it orchestrates...