Linkbase

07.05.2022

• GitHub CLI extension to display a dashboard of PRs and issues - configurable with a beautiful UI
• GitOps Article Series from Giant Swarm
• The secret gems behind building container images, Enter: BuildKit & Docker Buildx
• Dagger - A portable devkit for CI/CD pipelines
• Automated Dependency Updates for Flux using Renovate
• Terraform: Up & Running, 3rd edition Early Release is now available! How Terraform changed with 1.1?
• Visualize Flux with ArgoCD
• Announcing AWS Lambda Function URLs: Built-in HTTPS Endpoints for Single-Function Microservices
• Cado Discovers Denonia: The First Malware Specifically Targeting Lambda
• Incident report: From CLI to console, chasing an attacker in AWS
• Slides and code samples for training, tutorials, and workshops about Docker, containers, and Kubernetes
• Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services
• A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges
• Introducing AWS Blueprints for Crossplane
• Migrating from Cluster Autoscaler To Karpenter
• ArgoCD Best Practices You Should Know
• Getting Started With Kyverno
• Security List - Curated lists of tools, tips and resources for protecting digital security and privacy
• Android App Hacking Workshop From Google
• Docker Slim - generate smaller images
• Parca - Continuous profiling for analysis of CPU and memory usage, down to the line number and throughout time
• How to get started with OrgFormation - managing AWS Organization
• Go - when to use generic
• A Deep Dive into Golang for OpenFaaS Functions
• Testing your Infrastructure as Code using Terratest
• Security Overview of AWS Fargate
• Where’s my stuff on GCP?
• Implementing Cloud Governance as a Code using Cloud Custodian
• Warpgate - Smart SSH bastion that works with any SSH client
• Bootstrapping clusters with EKS Blueprints
• Go, Generics, and Concurrency
• The Go Programming Language and Environment
• Certified Kubernetes Security Specialist (CKS) 2022 Exam Guide

12.04.2022

• Digital Forensics & Incident Response on Kubernetes
• What to look for when reviewing a company’s infrastructure
• Diff that understands syntax
• Compose with Markdown in Google Docs on web - after 16 years
• Managing Pod Scheduling Constraints and Groupless Node Upgrades with Karpenter in Amazon EKS
• Kubectl plugin for detecting Dockershim usage which is being removed
• Kubernetes Infrastructure the GitOps Way
• Charm - we build tools to make the command line glamorous
• Kaar - Kubernetes Application Archive
• SA-Hunter - correlates serviceaccounts, pods and nodes to the permissions granted to them via rolebindings and clusterrolesbindings
• A curated checklist of 300+ tips for protecting digital security and privacy in 2022
• The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts
• TruffleHog v3 - improved secrets detection
• Find and fight image theft
• PacketStreamer - distributed tcpdump for cloud native environments
• Kubernetes native testing with TestKube

06.04.2022

• Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
• Learn anything with Mind-Maps
• Lazygit
• Hacking The Cloud - CICD/GitLab/AWS/CTF
• How To Burp Good
• Network Infrastructure Security Guidance by NSA
• Magic Eraser - remove unwanted things from images in seconds
• AWS - Automated Incident Response and Forensics Framework
• BotKube - messaging bot for monitoring and debugging Kubernetes clusters
• AWS Controllers for Kubernetes (ACK) lets you define and use AWS service resources directly from Kubernetes
• Kubernetes Security through GitOps Best Practices: ArgoCD and Starboard
• Your pocket-sized cloud with a Raspberry Pi
• 10 Must-Have Kubernetes Tools
• Why We Selected Thanos for Long Term Metrics Storage
• How We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source Projects
• Fantastic AWS Hacks and Where to Find Them
• Access Undenied - Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps

22.03.2022

• 10 real stories, how CI/CD was hacked
• Threat matrix for CI/CD, how can they attack you on each stage
• Notify on AWS manual actions taken by monitoring CloudTrail
• Monitoring Kubernetes x509 certificates with Prometheus
• How to integrate AWS IAM and Google Workspace
• Starboard - Kubernetes-native Security Toolkit
• Operator to provision Wireguard VPN in a Kubernetes Cluster
• Container Security Checklist
• Identify privilege escalation paths within and across different clouds
• Awesome collection of awesome security hardening guides, tools and other resources

17.02.2022

Free Labs To Learn Cloud Pentesting:

• Flaws
• Flaws2
• Serverless Goat
• AWS S3 CTF Challenge
• AWS Vulnerable Lambda
• Lambhack
• IAM Vulnerable
• CloudGoat
• Attacking CloudGoat 2
• Damn Vulnerable Cloud Application
• Damn Vulnerable Serverless Application
• Sadcloud
• Breaking and Pwning Apps and Servers on AWS and Azure - Free Training Courseware and Labs

Others:

• Manage many Git repositories with sanity
• A GitOps Terraform controller for Kubernetes
• An implementation of infrastructure-as-code scanning using dynamic tooling. However, by deploying IaC (Terraform HCL in this case) against an instance of LocalStack, then pointing the tools at LocalStack, we can still perform scanning/testing to identify risks before they make it to production infrastructure
• Terraform + GitHub + AWS + OIDC
• Access Kubernetes via OIDC e.g. Keycloak
• OpsGenie in Grafana
• Validate GihubAction YAMLs
• AWS ECR Docker Credentials Helper
• A command-line pager for JSON data. User friendly JQ
• k9 for Docker
• Kubernetes Security Training Platform
• ValidKube combines the best open-source tools to help ensure Kubernetes YAML best practices, hygiene & security
• Hello World GitOps
• Incident Analysis 101
• The Delivery Hero Reliability Manifesto
• Startup Guide To Incident Management

31.01.2022

• IaaC security scanning, why, flaws, etc.
• Free workshops for AWS security services
• EKS + Crossplane + Flux on AWS
• Watchexec - simple, standalone tool that watches a path and runs a command whenever it detects modifications
• Swimm - Documentation as a Code
• Focalboard is an open source, self-hosted alternative to Trello, Notion, and Asana
• Self-hosted infrastructure, fully automated from empty disk to operating services
• The definitive guide to Secure Shell (SSH) tunneling, port redirection, and bending traffic like a boss
• DevOps The Hard Way - AWS
• IAM on EKS done right
• Comparing two methods for integrating Vault with Kubernetes

30.12.2021

• This page lists security mistakes by cloud service providers (AWS, GCP, and Azure)
• Kubernetes autoscaler, that aims to scale using machine learning
• DevOps Guru for RDS
• AWS re:Invent summary on one page
• Awesome Kubernetes Security
• Falco on Kubernetes - basics
• Zero Trust Architecture (Envoy, SPIRE, OPA)
• How To Make IAM Right
• GCP & Terraform - short-lived credentials
• Honest AWS Dashboard
• Improve your security posture on Windows/MacOS using prepared scripts
• SNARE, a Netflix automated security solution
• CloudQuery policies gives you a powerful way to automate, customize, codify, and run your cloud security & compliance continuously with HCL and SQL
• Argo vs Flux
• What happens after Kubernetes upgrade to 1.24 (Dockershim removal)
• Istio + OIDC
• Go, lessons learned
• Thoughts on how to structure Go code
• The Busy Developer’s Guide to Go Profiling, Tracing and Observability
• Rundown on Netflix SRE practices
• Upcoming trends in DevOps and SRE
• The API traffic viewer for Kubernetes, think TCPDump for Kubernetes
• Pleco - automatically removes Cloud managed services and Kubernetes resources based on tags with TTL
• Chezmoi - dotfile manager