What’s New?

The Open Policy Agent

(OPA, pronounced “oh-pa”) is an open source, general-purpose policy engine that unifies policy enforcement across the stack. OPA provides a high-level declarative language that lets you specify policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more. Policy enablement empowers users to read, write, and manage these rules without needing specialized development or operational expertise. When your users can implement policies without recompiling your source code, then your service is policy enabled.
Learn more at https://www.openpolicyagent.org/docs/v0.12.2/#policy-enablement

RDS on Graviton2 (ARM Architecture)

Our RDS instances are now ready to take the ARM advantage using Graviton2 on AWS. Instances can easily be matched to your workload to benefit for best price performance.

• M6g - Best price performance for general-purpose workloads with balanced compute, memory, and networking

• T4g - Best price performance for burstable general-purpose workloads

• C6g - Best price performance for compute-intensive workloads

• R6g - Best price performance for workloads that process large data sets in memory

Up to 40% better price performance over comparable current generation x86-based instances for a wide variety of workloads, including application servers, micro-services, high-performance computing, electronic design automation, gaming, open-source databases, and in-memory caches. The AWS Graviton2 processors also provide enhanced performance for video encoding workloads, hardware acceleration for compression workloads, and support for CPU-based machine learning inference. They deliver 7x more performance, 4x more compute cores, 5x faster memory, and 2x larger caches.

Find the Graviton details at https://aws.amazon.com/ec2/graviton/

Infection Monkey Breach and Attack Simulation

We have extended our BAS toolchain to include the open source Infection Monkey. We use it to assess the resiliency of private and public cloud environments to post-breach attacks and lateral movement.

It provides attack and detection capabilities. Attacks such as Sambacry, Shellshock, ElasticGroovy, Struts2 and more with detection for Credential Analysis, Alerts on cross segment traffic, Tunneling and others.

Infection Monkey is also able to provide Actionable Secure Insights to further harden the system and can run on numerous platforms. Automated testing of security on a regular basis provides a proactive approach to ever increasing attack vectors.

Let the monkey guide you at https://www.guardicore.com/infectionmonkey/

Useful Reading

• Kubernetes API specs: When you want to know the intricate inner workings of K8s the Kubernetes API specs is your friend. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/

• TFenv makes managing multiple Terraform cli versions trivial, a must have for any infrastructure toolkit. https://github.com/tfutils/tfenv

• Love GitOps? Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. https://argoproj.github.io/argo-cd/

• The OWASP DevSecOps Guideline focuses on explaining how we can implement a secure pipeline using best practices and introduces relevant tool sets. https://owasp.org/www-project-devsecops-guideline/

Fun Stuff

• RNA-Seq pipeline
  For the data science adventurers out there, this should get your juices flowing. The example shows how to put together a RNAseq pipeline with basic functionality. It maps a collection of read-pairs to a given reference genome and outputs the respective transcript model. https://www.nextflow.io/example4.html

• Skype Bot controls Jenkins
  Make your life easier and have fun doing it by using Docker to control Jenkins with a Skype Bot! https://eljoujat.github.io/2015/07/09/jenkinsbot.html