2

SLSA Dip — At the Source of the Problem! | Zeno | FAUN

 1 year ago
source link: https://factory.faun.dev/newsletters/i/slsa-dip-at-the-source-of-the-problem-e7ff3681-796e-42ac-bb4f-700210b25206
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

SLSA Dip — At the Source of the Problem!

 
Zeno
 
Remarkable posts, stories, tools, tutorials and tips from the DevSecOps community!
🌐 View in your browser   |  ✍️ Publish on FAUN   |  🦄 Become a sponsor
 
 
⭐ Patrons
 
 
Advertise with FAUN
 
 
Sponsor FAUN and reach developers where they are, not where you want them to be.

Download our mediakit.
 
3636be96506a7dbf4b95c8a3b3c7003f.png
 
 
👨‍💻👩‍💻 Humans Behind Code
 
 
Susa Tünker, Product Manager @ Score: From philosophy to DevOps
 
 
This week in Humans Behind Code, we're happy to have Susa Tünker!

Susa Tünker is the project manager of Score, a developer-centric and platform-agnostic workload specification. It ensures consistent configuration between local and remote environments. And it's open source!

Read the interview to discover more about the Human and the Code!
 
e1806c4885cf9de51a14b6a4332e934f.webp
 
👉Are you the developer/founder of an Open Source project? Apply here and get featured on Humans Behind Code.
 
🔗 From the web
 
 
AWS security assessment: what scanners are missing and how threat modeling may help you?
 
 
There are many tools available today that are designed to automate security checks. But some people rely too much on tools, as if conducting an AWS security assessment is the same as formatting the scanner’s output into fancy-looking report.

This blog post focuses on what scanners are missing and why tools cannot fully replace the assessor.
 
 
 
How to implement DevSecOps in a Kubernetes cluster environment-Github Actions and Azure DevOps
 
 
Using kube-bench, Kubescape and other tools to secure a cluster.
 
 
 
Oops, I Leaked It Again — How Mitiga Found PII in Exposed Amazon RDS Snapshots
 
 
A recent Mitiga Research Team investigation found the well-regarded Amazon Relational Database Service is leaking PII via exposed RDS Snapshots.
 
 
 
AWS IAM Roles, a tale of unnecessary complexity
 
 
A highly opinionated blog post according to its writer: AWS is great but their implementation of IAM is unnecessarily complicated.
 
 
 
SLSA dip — At the Source of the problem!   ✅
 
 
This article is part of a series about the security of the software supply chain.

Each article analyzes a component of the Supply chain Levels for Software Artifacts (SLSA) model in depth, from the developer’s workstation all the way to the consumer side of the chain.
 
 
 
⭐ Supporters
 
 
Post Developers Jobs for Free on FAUN
 
 
Reach developers where they are not where you want them to be.
Post jobs for free reach thousands of developers.
 
f63f3b0d9238b8fa327ffa160fdef617.png
 
 
Join Humans Behind Code
 
 
👉 If you're a Developer or a maintainer of a widely adopted Open Source project and you think it's worth talking about it and your experiences in building it, join Humans Behind Code and get interviewed and published on faun.dev!
 
9a422e90e7739016553223f0d37e339d.png
 
 
📺 Quick Hits
 
 
AWS fixes 'confused deputy' vulnerability in AppSync after Datadog security researchers discover it.
 
 
Microsoft is rolling out fixes for problems with the Kerberos network authentication protocol on Windows Server after it was broken by November Patch Tuesday updates.
 
 
Malicious hackers are targeting long-discontinued Boa web servers to compromise energy sector organizations, including India's Tata Power. Microsoft says attackers are hacking energy grids by exploiting decades-old software.
 
 
An new Azure service aimed at protecting smaller businesses from the growing threat of distributed denial-of-service (DDoS) attacks is now in public preview, according to a post by Microsoft.
 
 
🎦 Videos
 
 
97 Things Every Cloud Engineer Should Know
 
 
Migrating to the cloud has become a "sine qua non" these days. The compact articles in 97 Things Every Cloud Engineer Should Know inspect the entirety of cloud computing, including fundamentals, architecture and migration.

You'll go through security and compliance, operations and reliability and software development. And examine networking, organizational culture, and more.
 
 
 
📚 Book picks
 
 
Multi-Cloud Strategy for Cloud Architects
 
 
Learn how to adopt and manage public clouds by leveraging BaseOps, FinOps, and DevSecOps.

What you will learn:
  • Learn how to choose the right cloud platform via various use cases
  • Understand the concepts associated with multi-cloud, including IaC, SaaS, PaaS, and CaC
  • Use the techniques and tools offered by Azure, AWS, and GCP to integrate security
  • Learn about enterprise architecture, value streams, and well-architected frameworks of Azure, AWS, and GCP
  • Use FinOps to define cost models and create transparency in cloud costs with showback and chargeback
  • Improve security with the DevSecOps maturity model
  • Explore the concepts of AIOps and GreenOps
 
1221601f81da4c98c820e88c02d41648.jpg
 
 
⚙️ Tools
 
 
deepfence/PacketStreamer
 
 
Distributed tcpdump for cloud native environments
 
 
 
RaduLupan/aws-secops
 
 
Collection of scripts for perfoming security operations in AWS
 
 
 
deepfence/ThreatMapper
 
 
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
 
 
 
Patrowl/PatrowlHears
 
 
PatrowlHears - Vulnerability Intelligence Center / Exploits
 
 
👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.
 
🤔 Did you know?
 
 
The DevSecOps market size is projected to reach USD 41.66 billion by 2030, growing at a CAGR of 30.76% from 2022 to 2030.
 
 
😂 Meme of the week
 
 
 
21988a4f230f76662463520183a22e2d.jpg
Zeno #350: SLSA Dip — At the Source of the Problem!
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.
🐾 FAUN is a world wide community of developers 👣 We help developers learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.

Important: We are gradually migrating to a new system. If you don't create an account on FAUN (here), you will stop receiving our weekly newsletter.


report

Recommend

  • 9
    • algassert.com 3 years ago
    • Cache

    [Un]popular Qubits #2: The Quantum Zeno Effect

    [Un]popular Qubits #2: The Quantum Zeno Effect 26 Oct 2015 This month, a team of scientists published a paper about an experim...

  • 8
    • www.trustnodes.com 3 years ago
    • Cache

    Did OKEx Dip Bitcoin?

    Did OKEx Dip Bitcoin? – TrustnodesOne of the biggest crypto exchange, OKEx, resumed withdrawals earlier today after weeks of suspension following one of their key personnel goin awol in China. Shortly after withdrawals were resumed,...

  • 10
    • lotabout.me 3 years ago
    • Cache

    DIP vs IoC vs DI

    Table of Contents你听过 SOLID 原则吗?了解 Spring 的控制反转(IoC)吗?知道依赖注入(Dependency Injection)和它们有什么区别吗?虽然形式多样,它们的内核却很简单。 TLDR;

  • 14
    • rachelbythebay.com 3 years ago
    • Cache

    DIP switches inside arcade cabinets

    DIP switches inside arcade cabinets Many years ago, I went to one of those weekend carnivals run by a church. It was the sort of thing where you can go for a walk, get a hot dog or a burger, grab a drink, play some dubious games,...

  • 8
    • www.trustnodes.com 3 years ago
    • Cache

    Did Futures Dip Bitcoin?

    Did Futures Dip Bitcoin? – TrustnodesDid Futures Dip Bitcoin? – TrustnodesWall Street’s bitcoin futures expire tomorrow after their biggest month in terms of volumes so far. An incredible 97,605 bitcoin equivalent contracts exchange...

  • 8
    • segmentfault.com 3 years ago
    • Cache

    DIP 依赖倒置原则

    DIP 依赖倒置原则,高层模块不要依赖低层模块。高层模块和低层模块应该通过抽象来互相依赖。除此之外,不要依赖具体实现细节,具体实现细节依赖抽象。程序要依赖于抽象接口,不要依赖于具体实现。简单的说就是要求对抽象进行编程,不要对实现进行编程,...

  • 9
    • zhuanlan.zhihu.com 3 years ago
    • Cache

    在ZENO上快速实现拉格朗日流体模拟

    在ZENO上快速实现拉格朗日流体模拟这篇文章介绍了,如何使用zeno快速实现拉格朗日流体模拟。通过简单的连连看编程,即可实现场景布置、可视化效果;通过解释性语言zfx,无需编译,即可快速实现拉格朗日流体模拟。1.ZENOZENO,是我...

  • 1
    • www.producthunt.com 1 year ago
    • Cache

    Zeno Page Builder

    Build responsive & SEO-optimized Shopify store designRanked #9 for todayZeno Page BuilderBuild responsive & SEO-optimized Shopify store design...

  • 3
    • www.producthunt.com 1 year ago
    • Cache

    With Love from Zeno - ValentinesGPT

    Support is great. Feedback is even better."What do you think we should add next to Zeno? There is still many things we can add and are happy to take user feedback over anything."

  • 4
    • www.producthunt.com 1 year ago
    • Cache

    Zeno Personalized Intelligence

    Support is great. Feedback is even better."We love your feedback and wouldn't be where we are today without you. Simply join the discussion in our discord: discord.textcortex.com"

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK