👀
It's alive!!! 😁 Coming soon, a completely new way to manage Governance and Policy as Code, together Zenable.io
Next-Generation Governance
External link for Zenable.io
👀
It's alive!!! 😁 Coming soon, a completely new way to manage Governance and Policy as Code, together Zenable.io
Welcome to the team, Matt! Can't wait to see what we can build together 🚀
Software engineering leadership with customer focus, empathy, quality, and scale. Full CV at the link below.
I’m happy to share that I’m starting a new position as Engineering Lead at Zenable.io!
This content isn’t available here
Access this content and more in the LinkedIn app
At Zenable we 🤟 the deaf and hard of hearing community
Thank you to everyone who came out to the sign language crash course yesterday at Cloud Native Computing Foundation (CNCF) KubeCon 🙌 We had so many people we couldn't fit them all in! Great job by the organizers and D/HH members Rob Koch Sandeep Kanabar Destiny O'Connor Jay Jackson Milad V. Andrew Davis Hazel Weakly Travis Johnson Alfonso Balderas Torres Steven Copley Victor Prechtel And thank you to everyone who joined the prior session to ask questions and see how we can all work together to make open source more accessible; really incredible conversation Keep posted for another session 🤞 in London #accessibility #deaf #hardofhearing
Wow, what a find by the JFrog team. And an impressive turnaround by the Zenable.io team to institute policy as code to ensure this could never happen to us. One of the benefits of doing things the right way is that it's incredibly simple for us to prevent problems like this in a scalable, fully automated way. We bring that same approach to your Governance. Interested in how to get Governance right, and avoid audit trouble? Grab some time with our founder, Jon Zeolla and find out how we can help. It's as easy as a quick message saying 👋
HUGE kudos to JFrog for saving the entire Python Software Foundation ecosystem from a massive compromise. They found "a GitHub PAT that provided access to the entire Python infrastructure" What was the mistake that caused this? From the blog: It seems that the original author – 1. Briefly added the authorization token to their source code 2. Ran the source code (Python script), which got compiled into a .pyc binary with the auth token 3. Removed the authorization token from the source code, but didn’t clean the .pyc 4. Pushed both the clean source code and the unclean .pyc binary into the docker image Let's take it a step further - how can you prevent this? 1. Don't copy .pyc files into your docker container. You can do this with a .dockerignore file which contains *.pyc, so even if you do write a COPY statement, the .pyc files are automatically excluded. 2. Set the env var PYTHONDONTWRITEBYTECODE=1 . This will ensure that .pyc files aren't created in the first place. This can be done both on hosts and in containers. Of course, there are other approaches to detect - like JFrog describes in their post, they have a secret scanning / static analysis solution, as do many other vendors in the space. #python #docker #supplychainsecurity
🤗
When AI tools give me a really good answer, I have this urge to thank them just like I would thank a teammate. I've done similar things with voice-activated assistants like Google Home or Alexa. In fact, I wish there was a 'manners' mode which required it. Otherwise, I'm concerned we may slowly erode our capacity for kindness towards each other (AIs and humans alike). Random thought: Is this the new Turing test? 🤔 Either way, thank you Perplexity, ChatGPT, and LLaMA. You have been very helpful to me this week.