Topics
Every post is tagged by tool and layer of the stack. Pick one to filter the blog.
Kubernetes13 postsRBAC, Pod Security, network policies, admission control.Docker & containers7 postsImage hardening, rootless builds, runtime flags.CI/CD security16 postsPipeline hardening patterns that generalize.Jenkins1 postController hardening, credentials, shared libraries.GitLab3 postsCI templates, scanners, protected pipelines.GitHub Actions3 postsOIDC federation, environments, attestations.Terraform8 postsState security, plan scanning, drift.Ansible1 postVaulted vars, privilege escalation, idempotent ops.Vault & secrets8 postsDynamic secrets, rotation, PKI.Linux9 postsHardening, auditd, SELinux, systemd sandboxing.Bash1 postStrict mode, safe parsing, cron hygiene.Python1 postAutomation, log parsing, API glue.OpenShift1 postSCCs, routes, operators.Cloud security4 postsIAM, OIDC federation, guardrails.Detection & SIEM4 postsFalco, audit pipelines, alert quality.Supply chain2 postsSigning, SBOMs, provenance.