Gedanken und Erkenntnisse – von uns für Sie
Blog
VORGESCHLAGENER ARTIKEL
Part 5: Supply Chain – SLSA Attestation
After having explained the basics of the SLSA framework, we want to give some insights into SLSA attestations now.
What is an attestation? An attestation is a way to generate authenticated metadata about an artifact. This makes it possible for a consumer of software to find out how it was built, who built it and which build system it was built with.
NEUESTE ARTIKEL
Part 7: Supply Chain – How to work with Tekton
In the last blog post, we briefly discussed what is Tekton and how an installation can take place. In this blog post, we go a step further and show how to work with Tekton when we want to build a Supply Chain.
Part 6: Supply Chain – Introduction to Tekton
TABLE OF CONTENTWhat is Tekton?Installation What is Tekton? Tekton is an open source CI/CD tool and was initially a project of the Continuous Delivery Foundation. Kubernetes is used as the underlying platform for Tekton and can be extended by using Custom Resource...
Part 5: Supply Chain – SLSA Attestation
After having explained the basics of the SLSA framework, we want to give some insights into SLSA attestations now.
What is an attestation? An attestation is a way to generate authenticated metadata about an artifact. This makes it possible for a consumer of software to find out how it was built, who built it and which build system it was built with.
Alle Artikel
Part 7: Supply Chain – How to work with Tekton
In the last blog post, we briefly discussed what is Tekton and how an installation can take place. In this blog post, we go a step further and show how to work with Tekton when we want to build a Supply Chain.
Part 6: Supply Chain – Introduction to Tekton
TABLE OF CONTENTWhat is Tekton?Installation What is Tekton? Tekton is an open source CI/CD tool and was initially a project of the Continuous Delivery Foundation. Kubernetes is used as the underlying platform for Tekton and can be extended by using Custom Resource...
Part 5: Supply Chain – SLSA Attestation
After having explained the basics of the SLSA framework, we want to give some insights into SLSA attestations now.
What is an attestation? An attestation is a way to generate authenticated metadata about an artifact. This makes it possible for a consumer of software to find out how it was built, who built it and which build system it was built with.
Part 4: Supply Chain – SLSA Level & Tracks
In the last blog post, we talked about the SLSA terminology. Now it is time to focus on SLSA level and tracks.
Within the SLSA framework, there are levels and tracks. Depending on them, it possible to incrementally harden and improve different areas of the supply chain.
Part 3: Supply Chain – Introducing the SLSA framework
In the last blog, we showed different frameworks for supply chains including the Secure Software Development Framework (SDDF), In-toto Attestation Framework and Supply Chain Level for Software Artefacts.
Part 2: Supply Chain – Frameworks & Tools
Secure Software Development Framework The Secure Software Development Framework (SSDF) is a framework published by the National Institute of Standards and Technology (NIST) and includes software development practices based on established security practices that make the software development life cycle more secure.
Part 1: Supply Chain – Overview
Software supply chains are comparable to a supply chain in the real world. Very few companies, whether food or automobile manufacturers, produce all the components required for the end product by themselves – hence it is the same with software supply chains.
Platform Engineering For Cloud-Native Organizations
Motivation & IntroductionWithin the last years, enterprises have already migrated large portions of their workload to the cloud – whether it is a private, public or hybrid cloud. However, many companies still fail to grasp all the benefits of cloud computing....
NSX 4.0.1.x Stateful Active/Active T0 Drawbacks – Is there room for improvement?
Since Version 4.0.1 there is the possibility to create an active/active T0 allowing stateful operations. In principle this is implemented in a way, that a specific flow will always be treated by one Edgenode based on an edge node internal hashing algorithm.
Circumventing NSX Gateway Firewall Setting Without any Security Privileges
Short Description: By defining Firewall:Bypass (or changing this field from internal to public address or vice versa) on NAT-rule someone having only networking privileges can circumvent any security rules defined in the gateway firewall. Let’s assume as...
VMware vSphere Permission Propagation Issue
IntroductionEnd of last year we encountered an issue with vSphere Permissions working in a different way than we expected. A customer wanted a quite simple Permissions implementation for his environment. Users in a specific group (Tier1Admins) should be able to...
How to create a Tanzu Kubernetes Cluster using vRealize Automation
Purpose of this articleIn our environment we are currently using VMware Tanzu in combination with vSphere 7. As we do not use the cloud-based product Tanzu Mission Control to roll out new Tanzu Kubernetes cluster, it should be possible to automatically deploy and, in...
vRealize Automation and the REST API
In the course of a customer project, I was able to gain experience in the migration from vRealize Automation 7 (vRA7) to vRealize Automation 8 (vRA8), now renamed VMware Aria Automation. Part of the migration involved transferring Blueprints from vRA7 to Cloud...
Tanzu Vanguard Community
The Tanzu Vanguard community is a group of experts and thought leaders in the field of modern application development. They come from a variety of backgrounds, including software development, IT operations, and business leadership. The community is focused on the use...
Cisco präsentiert Managed Service Strategie
Cisco sieht Managed Services als das wichtigste Einkaufsmodell von IT-Leistungen der Zukunft. Der Trend zeichnet sich klar ab: im Jahr 2021 registriert der Hersteller einen Zuwachs von 31% beim Vertrieb seiner Managed Services für Partner. Unter dem Projektnamen Cisco...
vRetreat Event im Februar 2022 – Teil 2: Cohesity
Im zweiten Teil des vRetreat Events stand eine Präsentation des Herstellers Cohesity auf dem Plan. Cohesity ist ein Hersteller, der sich allgemein gesprochen auf die Verwaltung von Daten spezialisiert hat und darauf aufbauend Applikationen anbietet. Konkret...
vRetreat Event im Februar 2022 – Teil 1: Progress Software
Auf Twitter bin ich auf die Veranstaltungsreihe „vRetreat“ gestossen, die von Patrick Redknap, einem Urgestein der VMware-Szene organisiert wird. Zu einem vRetreat kommen mehrere Blogger zusammen und bilden sich zu aktuellen Themen, präsentiert von Herstellern,...
vRealize Automation 8: How to automatically configure resources after deployment with Subscriptions
In this blog post, I want to explain the process of automatically configuring your resources after, or during your vRealize Automation deployment. vRealize Automation offers the Subscription function, through which a vRealize Orchestration Workflow or an ABX...