Signing Container Images for Trust Assurance
Hii 馃憢, I am sure you want peace of mind too, haha
Well, there is no way you would be discussing container supply chain security without talking about the signing of container images.
Hii 馃憢, I am sure you want peace of mind too, haha
Well, there is no way you would be discussing container supply chain security without talking about the signing of container images.
You probably handling your manifest and deployment secrets in kube like this
Yeah, being doing the CI/CD implementations via github workflow lately and I am also trapped in the process of making commits to trigger the workflows or better still making empty commits, haha.
Almost everyone knows how to use .gitignore, the git file that helps in keeping sensitive files like .env out of the tracking, commit, and pushing process, and also unwanted folders like node_modules and all.
But do you know secrets, hardcoded credentials, and API aren't easy to deal with using a .gitignore file? you don't want to keep your config.js or config.go file out of the commit process, these are essential files to your project.
For someone who just started writing Go, I have no idea about //go:embed feature which came with the released version: 1.16.
A project I was working on recently led to discoveries.
Documentation is a vital part of any open source project or software.
It is the entry point or a fall back option for users of any open source project or software to read usage, installation instructions, to fix issues and learn more about the project.
Before we start, I will like to say, All these programs listed are not mandatory for you to contribute to open source.
But you can contribute to open source even if you don't get selected for these programs, you can always contribute to open source programs anytime you want.
I joined the OSCA Africa Open Source Challenge 2021 which Started on the 16th of August 2021.
Having your Linux environment set, is also one of the essentials to getting your assignments done in any pentesting, security class or day to day work.
So I started participating in bug bounty not so long and after a lot of read ups and web app practice, I found a stored XSS on quite a big education platform which i was using for learning web development last year.