Security

Kubernetes 1.33 was released on April 23, 2025, and, as usual, introduces a host of fixes and new features. Be sure to check out the release notes; I assure you, you won’t be disappointed! As the Team Leader of a DevSecOps group, I tend to focus on security features. In this article, I want to highlight the new pod support for user namespaces. This feature isn’t entirely new—it was first introduced as an Alpha feature (UserNamespacesSupport) in Kubernetes 1.28. However, as of version 1.33, it is enabled by default, and there’s no longer any need to set a Kubernetes feature flag. ...

Today, I want to share with you a new initiative by OpenSSF called the Open Source Project Security Baseline. The TL;DR: This initiative consists of a series of checks that project maintainers must have in place in their software repositories to demonstrate a strong security posture. The baseline is divided into three well defined levels. I find this to be an interesting and practical initiative, easy to apply for improving and certifying a project’s security level. ...

It’s been a couple of years since I moved to Galway, and I’m still absolutely thrilled with my decision! Over the past few months, I’ve had the chance to meet some awesome people at a local security meetup called BurbSec. It was a fantastic experience—sharing ideas, meeting new faces, and of course, enjoying a few beers! ;-) Now, some of these folks are organizing a security conference called BSIDES Galway, happening on February 22nd, 2025! ...

I believe it’s important to start with a premise: In this article, I’ll talk about a product/service built and offered by my current employer, SIGHUP. No one from my company has asked me to publish this blog post here; these are my honest opinions about Secure Containers. Secure Containers is a paid service built by SIGHUP that provides secure, hardened, and updated container base images. Developers working with containers and images now enjoy several advantages compared to the past, such as standardization, automation, and faster release times. ...

Hello there! How are you? I’m really good! As you may have seen on my social media, starting from the 16th of May, I’ve begun a new position as Senior DevSecOps at SIGHUP. I’m really excited about this new opportunity, and I’m writing this post because it will also have an effect on this blog’s focus. The topics will shift from previous subjects to cloud-native infrastructure security, starting with tools like CyberArk Conjur. The previous content on this blog will remain here forever. I believe it could be helpful for some time, and I also want to honor my HCL Ambassador role. ...