Thumbnail image

BRINGING FIRST-CLASS SUPPORT TO SBOMS AND ATTESTATIONS FOR CONSTELLATION CONTAINERS

In a previous post, we explored how to generate a Software Bill of Materials (SBOM) and subsequently scan them for vulnerabilities. In this post, we show you how SBOMs can be signed and then stored in the same container registry as the scanned image. This improves security & discoverability!

Read more
Thu, Oct 27, 2022 SBOMSoftware Bill Of MaterialConfidential ComputingConstellationSigstore
Thumbnail image

MY FAVORITE TOOLS TO KEEP A ZERO VULNERABILITIES POSTURE FOR CONSTELLATION

In our last post, we explored how Software Bill of Materials (SBOMs) provide us with a transparent view of all dependencies in Constellation. In this post, we explore how we can use this information to continuously monitor vulnerabilities and upgrade to patched versions as soon as they are available.

Read more
Mon, Oct 10, 2022 Software Bill Of MaterialConfidential ComputingConfidential KubernetesSoftwareCybersecurity
Thumbnail image

GENERATING SBOMS FOR CONFIDENTIAL KUBERNETES IS EASIER THAN YOU THINK!

Constellation is an infrastructure product and includes several different components:

Read more
Mon, Oct 3, 2022 Software Bill Of MaterialConfidential ComputingConfidential KubernetesSBOM
Thumbnail image

VERIFY COSIGN SIGNATURES IN GO USING SIGSTORE/SIGSTORE

After integrating cosign into the release process of Constellation’s CLI, I also wanted to improve the supply chain security of our metadata that are used for attestation.

Read more
Tue, Jul 26, 2022 SigstoreCosignGolangGo
Thumbnail image

WHAT CAN CONFIDENTIAL COMPUTING DO FOR THE KUBERNETES COMMUNITY?

This is a summary of the talk I gave at the Kubernetes Community Days (KCD) Berlin 2022. Both, the slides and a recording are available.

Read more
Tue, Jul 12, 2022 KubernetesConstellationEdgeless Systems
Thumbnail image

POSTMORTEM: UNRAID FLASH DEVICE FAILURE

Status: Complete, action items in progress.

Summary: unRAID’s OS Flash Device failed undetected for 14 days, preventing server to successfully reboot, taking all internal services down, including pfSense VM which prevented home network from accessing internet.

Read more
Sun, Jan 23, 2022
Thumbnail image

CONFIGURE DNS:NET AS ISP ON PFSENSE ROUTER

Since DNS:NET provides support only for a limited number of supported routers, and pfSense is not on that list, I will share my configuration here.

Read more
Wed, Jan 5, 2022 pfsensedns:netvlanrouter
Thumbnail image

CONTROL VIRTUALBOX VMS VIA BATCH

VirtualBox GUI is slow for repetitive tasks such as starting & stopping virtual machines. In addition, some tasks such as starting VMs headless is not possible at all.

Read more
Tue, Dec 28, 2021 virtual boxwindowsbatch
Thumbnail image

TRAEFIK 2 AS DOCKER REVERSE PROXY ON UNRAID

Hosting multiple containers on unRAID, and keeping track of their port mappings can become quite annoying. Using a reverse proxy as a single point of entry will allow us to hide this from the user, and use easy to remember DNS records instead.

Read more
Sat, Jan 23, 2021 dockertraefikunraidreverse proxy