Good morning, afternoon or evening, lovely folks,
I hope you had a fantastic start to the week. I am currently reading " the hitchhiker's guide to the galaxy". What a hilarious book! I also absolutely love the main character's positive outlook, even after the planet blows up! But enough of spoilers – let's continue with this week's top content.
Enjoy ✨
Sponsor Highlight
Rootly automates manual tasks like creating an incident channel, Jira ticket and Zoom rooms, inviting responders, creating status page updates, postmortem timelines, and more.
Want to see why companies like Canva and Grammarly are using Rootly? https://rootly.com/demo/
Learning Rego 😱
I have started to invest more time in learning Rego – once you understand the gist, it is actually not THAT bad. Also, so many companies and tools are using Rego – thus, if you want to upscale your skills, this can definitely pay off and make your life easier in the future.
Styra (the company behind the Open Policy Agent in the CNCF and Rego) has several amazing & free courses.
Once you have gone through the basics, you can use the Rego documentation to try to write your policies. Here is a tutorial that I have written for the Trivy documentation.
Kubernetes Fundamentals
Rory McCune published another tutorial on authentication in his Kubernetes Fundamentals series.
Rory McCune Senior Advocate - Security & Compliance
More security-focused...
I created a tutorial on how non-security experts can use security scanners to improve the security posture of their services.
Tutorial on embedded Linux Development
OK, this is definitely out of scope at the moment for me BUT I think there must be 1 or 2 people who are that technical & interested in more technical content – So check out these incredible, free tutorials on embedded Linux Development by Sergio Prado:
Top comment: "As someone who aims to fiddle around more with embedded and/or lower level os things in the future, this is a nice insight."
Following up on last week's newsletter
If you read my long post on the research around Vulnerability Databases, you might remember that I found it interesting how academic research aims to create new vulnerability databases over using existing ones. Along those lines, I came across this KubeCon NA 2023 presentation by Pallavi Kalapatapu that showcases, among other things, the difference between different types of SBOM and how KubeClarity combines the results of different vulnerability scanners in one dashboard.
Top meme
