Supply-Chain

I’ve already touched the hardened images theme in the past talking how this theme is important in today’s world. Reducing the attack surface of our containers is not just a “nice to have” anymore; it is a fundamental requirement for a secure software supply chain. In an era where vulnerabilities can be exploited within hours of disclosure, starting with a secure base is half the battle. That is why the recent move by Docker is so significant. ...

I believe it’s important to start with a premise: In this article, I’ll talk about a product/service built and offered by my current employer, SIGHUP. No one from my company has asked me to publish this blog post here; these are my honest opinions about Secure Containers. Secure Containers is a paid service built by SIGHUP that provides secure, hardened, and updated container base images. Developers working with containers and images now enjoy several advantages compared to the past, such as standardization, automation, and faster release times. ...

Being able to work safely in cybersecurity requires knowledge, attention to detail, and a solid portfolio of reliable software. One of the tools I have learned about and used in recent months is Snyk. Calling Snyk a “tool” isn’t quite accurate—it’s a security platform that offers a suite of tools capable of operating on any codebase, including: Code (SAST) Open Source (SCA) Containers Infrastructure as Code Cloud In recent years, the amount of code produced has grown exponentially. The availability of countless open-source libraries and containers has accelerated development, but how can we be sure that all these resources are secure? ...