GitHub Actions and GitLab CI code that you can drop in to your project to automatically, effortlessly use to SCAP scan docker images for compliance with benchmarks from CIS, PCI-DSS, STIG, and more.
Docker image digests are unique, immutable identifiers for container images. This means that two images with different contents will have different digests, even if they have the same name and tag. When you pull an image by its digest, you are guaranteed to get the exact same image every time, regardless of when or by … Continue reading Always Use Docker Image Digests
I’ve exclusively used Microsoft ergonomic keyboards (first the Natural Ergonomic 4000 then the Sculpt – both of which have been discontinued) for a long time. For a pointing device, I used the Microsoft Sculpt Ergonomic Mouse until it failed; I’m now using an Anker vertical mouse. These keyboards and mice have been great. However, I … Continue reading Looking at Some of the Most Popular Ergonomic, Mechanical Keyboards and Selecting One (Spoiler Alert: I Picked The Dactyl Manuform with Trackball)
I recently became a Google Cloud Certified Professional Cloud Architect. This certification expands on my existing extensive array of credentials including 8 AWS certifications, CISSP, and VMware Spring Professional. Which begs the question: why do I have so many certifications and why do I keep getting more? There has been much written about professional certifications … Continue reading Why Do I Keep Getting Certifications?
As 2022 draws to a close, it’s time to take a look back at some of the accomplishments I’ve made in terms of contributing to Free and Open Source Software. This year, as usual, my contributions are widely varied. I made contributions in a number of programming languages from Ruby to Java to C#. In … Continue reading 2022 Free / Open Source Software Accomplishments
Hackathons and coding challenges are intense furnaces throwing immense temporal, technical, and social heat, heat that can be used to forge one’s mettle, pushing one’s limits. It is this process of trial by fire that allows one to grow, personally and professionally. Each of these events is unique, sometimes scarring, but always rewarding. I’ve participated … Continue reading How to Win at Hackathons and Coding Challenges
The Snyk CLI is a great tool used to scan a project and report vulnerabilities discovered in it. The Snyk CLI supports a wide variety of languages and build systems, making it ideal as a generic, go-to solution for vulnerability reporting. However, it only outputs vulnerabilities discovered – it does not generate an SBOM, which … Continue reading Creating SBOMs with the Snyk CLI
Reproducible builds are big wins for security, maintainability, and sanity. If you don’t like it when nothing has changed, yet your build suddenly breaks or doesn’t produce the same output, then improving reproducibility is for you. By default, Spring Boot’s Docker/OCI image building solutions, bootBuildImage (in Gradle) and spring-boot:build-image (in Maven), do not operate reproducibly. … Continue reading Improving the Reproducibility of Spring Boot’s Docker Image Builder
I’m a big fan of linters. They detect problems earlier (also known as “shifting to the left”), and the earlier problem detection is, the more efficient remediation is. Therefore, I want to lint as much as possible. Lately, I’ve been working a lot with GitLab CI YAML which oftentimes has shell script embedded in it … Continue reading Shellcheck Scripts Embedded in GitLab CI YAML
The only constant in life is change. Heraclitus In this world of omnipresent change, effective communication is key to survival. Information that will impact others must be shared, and how that sharing is done will be the difference between success and failure. Will recipients of your message be confused, or will the message be clear? … Continue reading Crafting Effective Announcements