Hardening Your CI/CD: Terraform, Docker, and Kubernetes Security

As I continue this series on CI/CD pipeline security, it is time to now work on securely building and deploying our application. This post picks up where my Build Secure Python Pipelines: Adding Tests and Hooks in Action post left off. In this post, we’ll continue our pipeline development by adding a container build and deployment to Kubernetes. In addition to this, we’ll add some security components to the build and deployment process. ...

March 1, 2024 · 11 min · Scott

Getting Started with Secure CI/CD: Essential Practices for Beginners

I think it’s time to focus on a few key practices for beginners to implement secure CI/CD. I’ve been building the idea on the idea of a CI/CD pipeline in a bunch of the below posts: Securing Your CI/CD Pipeline: A Beginner’s Guide to Implementing Essential Security Measures Automate Your Database Changes with a CI/CD Pipeline How to Build a CI/CD Pipeline for Your Database Infrastructure as Code with Terraform and GitHub Actions: A Kubernetes Case Study Adding pre-commit Hooks to Python Repo Writing Tests For Your Python Project All of these articles are a scattering of topics based upon some of the daily randomness that I’ve faced in my work life. After looking at all of these articles, I realized that they are a good basis for building out a secure CI/CD pipeline but the steps aren’t connected very well. ...

February 4, 2024 · 7 min · Scott

Benchmarking Your Rego Policies

Yes, I’ve been on a Rego kick lately. I posted Kickstart Your Journey With Rego as a way for others to get onboard as well. As with any language, it’s always good to know the impact of your logic. After gaining an understanding of the language and flow, it only makes sense to begin benchmarking your Rego policies to understand the impact of awesome policies. Introduction to Benchmarking Your Rego Policies In the delightful world of policy and security, Rego is the belle of the ball. It’s the language of choice for crafting policy in Open Policy Agent (OPA). Like a skilled magician pulling rabbits out of hats, OPA uses Rego to create abracadabra moments, transforming complex policy language into straightforward, executable rules. ...

July 6, 2023 · 5 min · Scott

Testing Python AWS calls with Moto

In my previous Writing Tests For Your Python Project, I started writing tests for my Python code but then ran out of options because I had completed all tests that didn’t involve calls to the AWS API. Now we’ll begin testing Python AWS calls with Moto. You can view some additional details about Moto in their documentation. You will want to also review the list of Implemented Services in the Moto documentation to make sure you the API endpoints and methods are supported. The good news is that there are very few unsupported methods. The bad news is that they do not support the describe_export_tasks for the logs endpoint and we use that in our code. Because of this not being supported we’ll not create a test for it in this example. ...

January 27, 2023 · 9 min · Scott

Writing Tests For Your Python Project

I began this little trip with the post Exporting CloudWatch Logs to S3 that provided example code to get logs from Cloud Watch to S3. From there, the code got prettier with Adding pre-commit Hooks to Python Repo. The next logical step is to make sure the code functions exactly like we’d expect. This can be done by writing tests to make sure our code functions like we’d expect. I’ve highlighted a number of reasons why you should create tests in the article Top 5 Reasons to Build Tests for Your Code. ...

January 20, 2023 · 5 min · Scott