Cosign
-
AWS open source newsletter #144
Feb 5, 2023 | 19 minute read
Feb 5th, 2023 - Instalment #144 Welcome to edition #144 of the AWS open source newsletter, and another week of great new open source projects for you to try out. Some of the treats in store for you this week include “dynamodb-shell”, a project that provides a cli to your favourite AWS database, “precloud” a tool to help you catch issues with your configuration before you deploy, “node-latency-for-k8s” a tool to analyse your node logs, “stepfunctions-lambda-ec2-ssm” a very nice way of using step functions to overcome the 15 minute timeout of your lambda functions, “terraform-ec2-image-builder-container-hardening-pipeline” a very cool example of how to build an EC2 image hardening pipeline using Terraform, and “cloudtrail-event-fuzzy-viewer” a tool to copy your AWS CloudTrail events and then fuzzy search them on the command line.
-
Building a software bill of materials (SBOM) using open source tools
Feb 1, 2023 | 6 minute read
This is the second post exploring how you can use open source tools to help you build a stronger defence against common software supply chain attacks. In this blog post, I look at syft, an open source CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. We will use examples and build on the previous post, Getting hands on with Sigstore Cosign on AWS.
-
Getting hands on with Sigstore Cosign on AWS
Jan 31, 2023 | 13 minute read
Getting hands on with Sigstore Cosign on AWS I am currently putting together some content around how you can use a number of open source tools to help build a stronger defence against common software supply chain attacks. In this blog post, I look at emerging tools from Sigstore, and focus in this post on Cosign, a tool that supports container image signing, verification, and storage in an Open Container Initiative (OCI) registry.
-
AWS open source news and updates #128
Sep 23, 2022 | 15 minute read
September 23rd, 2022 - Instalment #128 Welcome Welcome to the AWS open source newsletter, edition #128. I hope some of you were able to catch Derek and myself sharing a peek at this edition, and enjoyed our special guest, Gethin Webster as he walked us through the open source Cloudscape project. If you want to catch up on that event, check out the video here. This weeks opens new open source projects include “Guardian”, a command line tool that produces nice reports on your AWS environments, “cdk-scheduler”, a new construct that helps you schedule your CDK deployments, “terraform-iam-policy-validator” a script that helps you validate your Terraform scripts, “aws-cdk-golden-ami-pipeline” an example of how to build an automated pipeline to build Amazon Machine Images (AMI’s), and many more.