CloudStuff

As I continue this series on CI/CD pipeline security, it is time to now work on securely building and deploying our application. This post picks up where my Build Secure Python Pipelines: Adding Tests and Hooks in Action post left off. In this post, we’ll continue our pipeline development by adding a container build and deployment to Kubernetes. In addition to this, we’ll add some security components to the build and deployment process....

After writing my From Scattered to Splunk: Bringing Order to Your Kubernetes Logs post, a buddy of mine Danny Ansell (oh by the way he does work for Cribl and used to work for Splunk) suggested that I could always import my logs into Cribl as well. I’m madly in love with Splunk and do so love one of their tag lines Splunk Rhymes with Drunk, but I’m always on the hunt for kicking the tires on new technology....

I think it’s time to focus on a few key practices for beginners to implement secure CI/CD. I’ve been building the idea on the idea of a CI/CD pipeline in a bunch of the below posts: Securing Your CI/CD Pipeline: A Beginner’s Guide to Implementing Essential Security Measures Automate Your Database Changes with a CI/CD Pipeline How to Build a CI/CD Pipeline for Your Database Infrastructure as Code with Terraform and GitHub Actions: A Kubernetes Case Study Adding pre-commit Hooks to Python Repo Writing Tests For Your Python Project All of these articles are a scattering of topics based upon some of the daily randomness that I’ve faced in my work life....

In my How to Install and Use Starboard to Protect Your Kubernetes Cluster post, I first installed Starboard and reviewed a vulnerability scan report. After reviewing the results, I then tried to action some of the vulnerabilities in my MySQL deployment. In addition to vulnerability scans, Starboard can also conduct configuration audits of your Kubernetes deployment. I wanted to review those next and walk through a Kubernetes audit report action plan....

If you take a look at this blog, you’ll see that I’ve begun to tinker with devops quite a bit. If you’ve ever taken the trouble to look me up on LinkedIn, you’ll also see that I’ve had a little history doing security stuff. Given my love of security, the next logical step of my devops journey was to start to look into securing the CI/CD pipeline. My previous posts were some ways that I was able to make my own personal infrastructure easier to maintain while at the same time learning various devops tools....