All Posts

Published on
November 28, 2023
Exploring the CIS benchmarks and containers
cis benchmarks containers scap security kubernetes
The Center for Internet Security (CIS) Benchmarks provide a system hardening profile for servers and applications. What parts of the benchmark apply to containers? And how do we use them?
Published on
November 21, 2023
A new metric for DevSecOps adoption
rhacs stackrox cicd build kubernetes security
Core to any DevSecOps program is measurement and metrics. How many releases did we perform this week? How did that compare with last week? What was the lead time for changes? In this article I want to introduce a new metric for DevSecOps adoption, and how we can start to measure this throughout the cloud-native application lifecycle.
Published on
October 16, 2023
RHSAs, CVEs, and RHACS (oh my)
rhsa cve security openshift stackrox containers vulnerability management
A deep dive into Red Hat Advanced Cluster Security for Kubernetes (RHACS), Red Hat Security Advisories (RHSAs), and Common Vulnerabilities and Exposures (CVEs). No mention of lions, tigers, or bears.
Published on
September 19, 2023
GTFOBins and StackRox - part II
gtfobins kubernetes security openshift stackrox containers
A couple of months ago I wrote an article on StackRox and another open source project, GTFOBins. The first article looked at identifying GTFOBins components during development, and this article looks at identifying GTFOBins execution inside containers at runtime.
Published on
August 13, 2023
Hacking OpenShift Productivity with QMK
openshift qmk developer kubernetes keyboard containers
Recently I picked up a QMK-compatible keyboard, and wanted to see how I could modify my OpenShift development workflows to suit.

All Posts

Exploring the CIS benchmarks and containers

A new metric for DevSecOps adoption

RHSAs, CVEs, and RHACS (oh my)

GTFOBins and StackRox - part II

Hacking OpenShift Productivity with QMK