DigitalOcean

Hardening Your CI/CD: Terraform, Docker, and Kubernetes Security

As I continue this series on CI/CD pipeline security, it is time to now work on securely building and deploying our application. This post picks up where my Build Secure Python Pipelines: Adding Tests and Hooks in Action post left off. In this post, we’ll continue our pipeline development by adding a container build and deployment to Kubernetes. In addition to this, we’ll add some security components to the build and deployment process....

Cribl Splunk_HEC Datasource: The Ultimate Guide for Kubernetes Log Ingestion

After writing my From Scattered to Splunk: Bringing Order to Your Kubernetes Logs post, a buddy of mine Danny Ansell (oh by the way he does work for Cribl and used to work for Splunk) suggested that I could always import my logs into Cribl as well. I’m madly in love with Splunk and do so love one of their tag lines Splunk Rhymes with Drunk, but I’m always on the hunt for kicking the tires on new technology....

From Reactive to Proactive: Transforming Security with Tetragon

I previously blogged about Starboard and How to Install and Use Starboard to Protect Your Kubernetes Cluster. These articles were focused more on vulnerability and configuration management. Now, I wanted to focus my attention on runtime security observability using Tetragon. Getting Started With Tetragon The first step is to install it. The Tetragon website recommends using Helm 3 to deploy it so that’s what we’ll do. I’m deploying with just the default values for now...

From Vulnerability to Visibility: Demystifying Starboard Infrastructure Scan Reports

In previous posts,How to Install and Use Starboard to Protect Your Kubernetes Cluster and Enhancing Kubernetes Security and Compliance with Starboard Audit Reports: A Practical Guide, I started working through the different security reports available from the Starboard security scanner. The next step is to begin reviewing starboard Infrastructure Scans for security insights. Getting an Infrastructure Report After installing Starboard, I waited for it to run and generate all kinds of reports....

Automate Your Database Changes with a CI/CD Pipeline

I first started talking about building a database CI/DI pipeline in my previous post, How to Build a CI/CD Pipeline for Your Database. That previous post was focused more on the infrastructure that would be managed by the DevOps team. Now I want to focus on efficient database management with CI/CD. In this post, I’m going to setup a very simple repo that will make use of my deployed database. This new repo is going to leverage a popular tool called Liquibase to implement our changes to the database....