DevSecOps Weekly Newsletter, Zeno. Curated DevSecOps news, tutorials, tools and more!
🌐 View in your browser   |  ✍️ Publish on FAUN   |  🦄 Become a sponsor
 
Allow loading remote contents and showing images to get the best out of this email.
Zeno
 
 
 
 
🔔 Announcement

We're thrilled to announce Humans Behind Code!

Humans Behind Code (HBC) is a project by FAUN, where developers meet other developers and learn about the people behind the tools, libraries, frameworks, and other projects they use to build their applications.

We interview developers and ask them about their projects, their motivations, their struggles, and their successes. It's about sharing knowledge and helping each other grow.

👉 If you're a Developer or a maintainer of a widely adopted Open Source project and you think it's worth talking about it and your experiences in building it, join Humans Behind Code!

Best,
Aymen from FAUN.

If you have any questions, just hit the reply button!
 
 
⭐ Patrons
 
faun.dev faun.dev
 
Advertise with FAUN
 
 
Sponsor FAUN and reach developers where they are, not where you want them to be.

Download our mediakit.
 
 

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

 
🐾 Stories From FAUNers
 
faun.dev faun.dev
 
A Remote Code Execution in JXPath Library (CVE-2022-41852)
 
 
On 6th October 2022 new CVE was released for critical vulnerability with the identifier CVE-2022-41852. This vulnerability affects a Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability.

According to NIST the vulnerability score is 9.8 CRITICAL with CVSS:

Currently, there is no official fix for this vulnerability, but we might have a solution that should protect the application, however, it will disable the use of functions in all XPaths completely.

Check out this article to understand if you're vulnerable and understand the vulnerability using a PoC.

By @tutorialboy24
 
 

👉 Create your FAUN Page if it's not done yet and start sharing your blog posts, news, and tools on FAUN Developer Community, collect badges and more!
 

 
🔗 Stories, Tutorials & Articles
 
insights.sei.cmu.edu insights.sei.cmu.edu
 
A Technical DevSecOps Adoption Framework   ✅
 
 
This blog post describes a new DevSecOps adoption framework (created by Vanessa Jackson and Lyndsi Hughes) that guides the planning and implementation of a roadmap to functional CI/CD pipeline capabilities.
 
 
techmindfactory.com techmindfactory.com
 
Detect and respond to security events in Azure with Microsoft Sentinel
 
 
This article presents how to detect and respond to different security events in Azure and DevOps platforms using Microsoft Sentinel
 
 
vez.mrsk.me vez.mrsk.me
 
Linux Security Hardening and Other Tweaks   ✅
 
 
A collection of kernel and userland settings one can change to improve the security and usability of a Linux system. Targeted at Arch, but should work for other distros too.
 
 
www.darkreading.com www.darkreading.com
 
Top 10 Kubernetes Security Risks Every DevSecOps Pro Should Know   ✅
 
 
The mission to run any containerized application on any infrastructure makes security a challenge on Kubernetes.
 
 
adilshehzad786.medium.com adilshehzad786.medium.com
 
How to Find Secrets that are Accidentally Committed to GIT
 
 
Secrets that can be exploded to the internet include Slack tokens, Database credentials, cloud access, secret keys and developer tokens.

When a secret makes its way to a Git repository, it stays there forever, sitting in one or more of your commits, waiting to be found and used against you. Developers often forget that Git-based repository history is never deleted.

Many tools in the market can scan your repository, or commits before pushing, to ensure that no secrets are stored or pushed to the remote origin.
 
 
 
📺 Quick Hits
 
 
CloudTruth raises $5.25 million to solve cloud configuration issues for Software Developers and CloudOps teams.
  • CloudTruth, a unified configuration management company, announced it has raised $5.25 million in seed funding led by Glasswing Ventures and Gutbrain Ventures, with additional funding from Stage 1 Ventures and York IE. 
  • CloudTruth unifies access and visibility into companies’ infrastructure, application, and secrets configuration data. CloudTruth’s API, CLI, and GUI enable companies to manage their parameters, templates, environment variables, and secrets from one central location.
 
 
Progress survey reveals the factors driving the adoption and evolution of DevSecOps over the next two years.
  • Progress, a provider of application development and infrastructure software, announced the results of its 2022 survey, “DevSecOps: Simplifying Complexity in a Changing World.”
  • More than 600 IT, security, application development and DevOps decision makers globally shared insights into the level of DevSecOps maturity and challenges faced across their organizations. 
  • 17% of organizations still considered themselves at an exploratory and proof-of-concept stage in respect to DevSecOps
  • 86% experienced challenges in their current approaches to security and 51% admitted that they didn’t fully understand how security fits into DevSecOps.
  • 71% agreed that culture was the biggest barrier to DevSecOps progress.
 
 
⭐ Sponsors
 
nordvpn.sjv.io nordvpn.sjv.io
 
Best VPN Deal
 
 
NordVPN 68% Black Friday discount is here!

👉 Access anything online without restrictions
👉 Add extra layers of security to your digital life
👉 Get the best online protection tools along with your NordVPN service.
👉 Get 3 months FREE with the 2-year plan
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
⭐ Supporters
 
faun.dev faun.dev
 
Post Developers Jobs for Free on FAUN
 
 
FAUN's Job Board offers an exceptional platform to connect with skilled developers, DevOps professionals, and software engineers who are eager to contribute to the success of your organization.

Post your job openings on FAUN's Job Board today and watch your talent pool grow.

Get started now .
 
 
internxt.com internxt.com
 
70% off on the 2TB Internxt Annual Plan
 
 
✅ Encrypted file storage and sharing
✅ Access your files from any device
✅ Get access to all our services

Discount available until December 5th.
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
⚙️ Tools, Apps & Software
 
github.com github.com
 
DovAmir/awesome-design-patterns
 
 
A curated list of software and architecture related design patterns.
 
 
github.com github.com
 
rebataur/djkube
 
 
Tool for Django Developers to setup full stack EKS Kubernetes with all necessary tools including DevSecOps in 40 minutes
 
 
github.com github.com
 
jube-home/jube
 
 
Jube is open-source transaction and event monitoring software. Jube implements real-time data wrangling, artificial intelligence, decision making and case management. Jube is particularly strong when implemented in fraud and abuse detection use cases.
 
 
github.com github.com
 
Twingate-Labs/tg-ip-lookup
 
 
Lookup an IP address to find out which public cloud it originates from
 
 

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

 
😂 Meme of the week
 
 
 
 
❤️ Thanks for reading
 
 
👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends! You can also donate to help us keep this newsletter going.

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

ℹ️ Have a question or feedback?
Feel free to reply to this email. We'd love to hear from you!

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.
 

Zeno #347: Top 10 Kubernetes Security Risks Every DevSecOps Pro Should Know
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.
🐾 FAUN is a world wide community of developers 👣 We help developers learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.

Important: We are gradually migrating to a new system. If you don't create an account on FAUN (here), you will stop receiving our weekly newsletter.