/tags/devops/ Recent content in DevOps on Ctrl + Champagne Hugo en-us Sun, 16 Feb 2025 13:45:56 +0000 /posts/vulnscan/ Sun, 16 Feb 2025 13:45:56 +0000 /posts/vulnscan/ <h2 id="automated-vulnerability-scanning-for-dependencies--packages">Automated Vulnerability Scanning for Dependencies &amp; Packages</h2> <h3 id="do-we-need-to-explain-why">Do we need to explain why?</h3> <p>🔥💥💣🚨⚡☠️🧨</p> <p>That&rsquo;s what I thought.</p> <h3 id="configure-your-pipeline-with-snyk">Configure your pipeline with Snyk</h3> <p>There is a plethora of tools available out there for security scans and/or vulnerable dependencies - Dependabot, Trivy, sonarQube/Lint, Anchore, etc. Most of which can be integrated into your IDE or CI/CD.</p> <p>For this use case, Snyk has been selected. Snyk is able to scan code, open-source dependencies, container images, and infrastructure as code configurations to helps developers prioritize and fix security vulnerabilities. The free version comes with a max limit scans per month.</p> /posts/digitcert/ Tue, 11 Feb 2025 13:45:56 +0000 /posts/digitcert/ <h2 id="kubernetes-cert-manager-for-letsencrypt-certificates">Kubernetes cert-manager for LetsEncrypt certificates</h2> <h3 id="digital-certificates-raison-dêtre-and-usage">Digital Certificates raison d&rsquo;être and usage</h3> <p>Certificates are exchanged as part of the TLS handshake. This allows the client to ensure the entity it is trying to establish a connection with is authentically the <em>genuine</em> server.</p> <p>Note: see other posts under this tag for a few words on TLS handshakes and mentions of the attacks it protects against.</p> <p>A certificate contains: the issuer details, its expiration date, the entity&rsquo;s public key for asymmetric encryption and a signature (encrypted server&rsquo;s public key).</p>