IT |
気になる、記になる… |
Appleの整備済み商品情報 2022/3/28 |
https://taisy0.com/2022/03/28/155225.html
|
apple |
2022-03-28 11:48:28 |
IT |
気になる、記になる… |
2026年以降に有機ELディスプレイを採用した「iMac」が登場?? − 「MacBook Pro」への有機EL採用は2025年頃との情報も |
https://taisy0.com/2022/03/28/155220.html
|
apple |
2022-03-28 11:02:27 |
IT |
情報システムリーダーのためのIT情報専門サイト IT Leaders |
ドイツのサプライチェーン・デューデリジェンス法が企業に求めるもの:第30回 | IT Leaders |
https://it.impress.co.jp/articles/-/22907
|
ドイツのサプライチェーン・デューデリジェンス法が企業に求めるもの第回ITLeadersご存じのように近年、SDGs持続可能な開発目標やESG環境・社会・ガバナンスが注目されている。 |
2022-03-28 20:30:00 |
js |
JavaScriptタグが付けられた新着投稿 - Qiita |
【PHP】タグ機能③ |
https://qiita.com/ryouya3948/items/ea839635de0818f280b4
|
【PHP】タグ機能③下記投稿の続きで、タグ機能に登録機能DB接続を実装します。 |
2022-03-28 20:51:45 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
新しいメンバーがジョインしたときのAWSトレーニング/ハンズオン |
https://qiita.com/shu85t/items/00564e29ff8a87e1dbae
|
ググれば動く方法や解説は出てきますが、加えて公式ドキュメントをベースにしたり立ち返って、仕組みや設定パラメータの意味を理解し、どのようなオプションがあるか把握して使うことも重要と考えています。 |
2022-03-28 20:59:47 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
ロール切り替え(スイッチロール)した時のアクセス許可は累積されない(ドキュメントを読むことの重要性も) |
https://qiita.com/st10/items/70474715a176dc751943
|
|
2022-03-28 20:24:34 |
Git |
Gitタグが付けられた新着投稿 - Qiita |
git ブランチ名を変更! |
https://qiita.com/mochi93kou/items/3e0b98ebbcefabfa81ab
|
参考文献 |
2022-03-28 20:32:23 |
技術ブログ |
Developers.IO |
AWS Secrets Managerでシークレットが正常にローテーションできなかった時の対応方法 |
https://dev.classmethod.jp/articles/what-to-do-when-secrets-cannot-be-rotated-successfully-in-aws-secrets-manager/
|
awssecretsmanager |
2022-03-28 11:45:09 |
技術ブログ |
Developers.IO |
Galaxy Tab S8 Ultraを使用した感想(iPadを選ばなかった理由 ) |
https://dev.classmethod.jp/articles/review-galaxytabs8ultra/
|
galaxytabsultra |
2022-03-28 11:06:11 |
海外TECH |
MakeUseOf |
Spotify Car Thing vs. Android Auto: Is Car Thing Worth the Money? |
https://www.makeuseof.com/spotify-car-thing-vs-android-auto/
|
thing |
2022-03-28 11:15:13 |
海外TECH |
DEV Community |
Do mocha tests run in parallel? JavaScript Test Automation Tutorial | Part V |
https://dev.to/lambdatest/do-mocha-tests-run-in-parallel-javascript-test-automation-tutorial-part-v-5eg4
|
Do mocha tests run in parallel JavaScript Test Automation Tutorial Part VThis video explains how to run the parallel test with mocha Start FREE TestingIt is Part V of the JavaScript Test Automation LambdaTest Tutorial series In this video Ryan Howard ryantestsstuff an engineer explains parallel testing with mocha You will also learn how you can run mocha end to end tests in parallel This video also answers Does mocha run tests in parallel How to run the mocha test Does Mocha run tests in order How to conduct parallel testing |
2022-03-28 11:57:51 |
海外TECH |
DEV Community |
Open source API Security testing tools |
https://dev.to/noablst/open-source-api-security-testing-tools-15i1
|
Open source API Security testing toolsBefore I dive into the world of open source API testing tools it s important to differentiate between API security testing tools and website security testing Before I go on with this article don t forget to star our open source API Security tool API security testing tools are different from website security testing in a few ️key ways First API security testing tools are designed to test APIs while website security testing tools are designed to test web applications This means that API security testing tools focus on testing the functionality of the API while website security testing focuses on testing the security of the web application Second API security testing tools often use automated testing to test APIs while website security testing tools typically use manual testing This is because automated testing can be better at testing the functionality of an API but manual testing is usually better at finding security flaws in a web app Third API security testing tools typically offer more features than website security testing tools This is because APIs are more complex than web applications and so there are more potential security risks associated with them API security testing tools on the other hand tend to have more features for testing APIs like the ability to test for authentication and authorization issues session management problems and data leaks so they can be more useful for this Fourth API security testing tools are typically more expensive than website security testing tools This is because API security testing is a more specialized form of testing and so there are fewer tools available on the market As a result the few tools that are available tend to be more expensive than website security testing tools Finally API security testing tools are typically used by developers while website security testing tools are typically used by security professionals This is because developers are typically more familiar with APIs than security professionals and so they are more likely to use API security testing tools I know I ve gone a bit off road with API security and the difference between that and website security testing but it is crucial to understand that bit to move on to the next article which will be about Api testing tools that you should know about |
2022-03-28 11:54:29 |
海外TECH |
DEV Community |
Setting up a PostgreSQL database in AWS RDS and connecting it to pgAdmin. |
https://dev.to/roguecode25/setting-up-a-postgresql-database-in-aws-rds-and-connecting-it-to-pgadmin-10mb
|
Setting up a PostgreSQL database in AWS RDS and connecting it to pgAdmin IntroductionPgAdmin is a client side platform for adminstration and development of PostgreSQL database It simplifies the visualization of schemas logs and other relevant information based on SQL standards Amazon has a great relational database hosting service known as Amazon Relational Database Service RDS The article focuses on creating a PostgreSQL database in RDS and connecting it pgAdmin Creating a PostgreSQL database in AWSSetup and login to your AWS account as ROOT user Go to services choose database and select RDS You will be redirected to a dashboard as shown below Click on create database Select PostgreSQL under engine options and choose templates as shown below Use Free Tier if setting up the database for personal projects Scroll down to settings and set master username and password Copy these credentials to the clipboard as they will be used to make the pgAdmin connection Scroll down to connectivity and select Yes for public access This will allow the database to accept the connection from local setup Scroll down and click on create database The process will take a few minutes and you will be directed to the page below Copy the endpoint to the clipboard for later reference Under security click on the VPC security groups and you will be redirected to an EC console as shown below Click on security group ID and you will be redirected to the page below Under inbound rules check if there are rules for PostgreSQL that accepts TCP connections If there isn t click on edit inbound rules Click on Add rule Under type select PostgreSQL Under source select custom Under the search input select and click on Save rules The PostgreSQL database has been successfully been created and ready to accept connections from a local host Installing pgAdmin and making RDS connectionFirst we need to install pgAdmin to make the connection to our PostgreSQL database hosted in AWS RDS Here is an installation guide for installing pgAdmin on Ubuntu Mac and Windows After installing pgAdmin launch it and register a new server as shown below Under general enter server name and move to connection tab Under host name address paste the endpoint copied from AWS RDS console Enter the port set in RDS Enter the master username set on RDS under username and corresponding password Under advanced set connection timeout seconds to secs to avoid timeout during connection Leave every other configuration in its default After the connection is accepted the pgAdmin dashboard will look as follows Now you can view tables created under schemas tables ConclusionPgAdmin offers a versatile interface to view database information while AWS RDS offers a great service to host databases to the cloud for better security and ease of access |
2022-03-28 11:14:34 |
海外TECH |
DEV Community |
Consume 50% less memory with your Python objects |
https://dev.to/jeromek13/consume-50-less-memory-with-your-python-objects-3ie6
|
Consume less memory with your Python objectsBy default in Python objects have a dict attribute It s a dictionary used to access the object variables per key It is useful to allow dynamic variables creation However this flexibility can lead to creation of new object variables when misspelled Python will create a new variable with the given name With slots we can specifically declare data variables Then Python will allocate space for them in memory and skip the creation of the dict attribute It also forbids the creation of any object s variable which are not declared in the slots attribute By using slots you also decrease the memory used by your class instances Slots can also be used in dataclasses if you re using python or higher Simply add slots True to the decorator It makes a huge difference if you re creating lots of objects from dataclasses import dataclass from pympler asizeof import asizeof Dataclass with slots dataclass frozen True slots True class SmallObjectWithDataclass first name str last name str Class with slotsclass SmallObject slots first name last name def init self first name last name gt None self first name str first name self last name str last name Class with no slotsclass BiggerObject def init self first name last name gt None self first name str first name self last name str last namep SmallObjectWithDataclass Jerome K print asizeof p Output Bytesp SmallObject Jerome K print asizeof p Output Bytesp BiggerObject Jerome K print asizeof p Output BytesHope this helps and have a great DayJerome |
2022-03-28 11:11:41 |
海外TECH |
DEV Community |
Benefits Of Categorising Components By Use-Case |
https://dev.to/nayaabkhan/benefits-of-categorising-components-by-use-case-33g
|
Benefits Of Categorising Components By Use CaseOrganising things feels good If you have a design system you might have organised the components with categories Besides cleaner organisation is there something that we can get out of good categorisation It turns out there s a lot Meet the CategoriesOver the years these are the categories I ve come up This categorisation is based on use case Almost all components fall into one of these Structural These are the visible or invisible components that provide structure to your app Examples include Stack Grid and Columns Informational These components are used to display information to the users They may display this information using text icons colors and so on Examples include Badge and Tooltip Input These components are used to get information from the users and often used inside a form Examples include TextField AutoComplete CheckboxList and Select Action These components are used to perform an action immediately Examples include Button and Menu Feedback These components are used to provide a feedback as a response Examples include Toast and Progress Navigational These components are used to provide navigational aid to the users Examples include Link Breadcrumb and Pagination Let s go through the benefits of this kind of categorisation Benefit Clear DistinctionOften we find components used in a way they re not meant to be A very common one is the use of dropdowns as menu of actions Depending on your designs they may even look very similar But functionally they are different and the astute among you would already know it If you try to sort them in one of the categories we saw before they start making sense One provides a menu to input a selection but not act immediately upon it while the other provides a menu for actions that happens immediately on selection Naming is hard and cannot be decoupled from opinions In the wild often they re called select and menu respectively If you re looking to get insipred the Component Name Matrix is a great place to start Another common mistake is using a button that looks like a link to navigate to another page Or using a link that looks like a button to perform an action While it is okay to have such variants categorising them thoughtfully can help you avoid misuse and help you write clear do s and dont s Benefit Precise SemanticsA lot of components that fall in the same category share semantic traits Informational components like Badge and Alert display part of their information using colors often called the tone of the information they re displaying Similarly actions share the nature of the action being performed Once you have a category you can easily find the components that share the same semantic traits and create semantic tokens for them Benefit Correct FeaturesSimilar to how the category can surface the semantics of the components it also helps in aiding the API design and features of a component More precisely what should and should not be in the API Going back to the example of LinkButton and ButtonLink The former should support actional properties like onClick while the later should support navigational properties like href This can help you avoid common pitfalls found on the web Like in this case using a button as a link and vice versa Have you even tried opening a link in a new tab just to find out that you re looking at a button disguised as a link It is a frustrating experience ClosingI find this topic very interesting and certainly intend to write more in depth posts on it There s so much more to uncover For instance the input components Select CheckboxList and RadioList are all choice components and could be used interchangeably depending on the space available amount of choices and ability to select multiple choices Once you start seeing the patterns interesting facts emerge And I hope to keep sharing them as I discover them Cheers |
2022-03-28 11:08:20 |
海外TECH |
DEV Community |
Publish your first Web Application in AWS |
https://dev.to/lmas3009/publish-your-first-web-application-in-aws-1fj8
|
Publish your first Web Application in AWSHi I just wrote a article on how to deploy your first static web application in AWS which is of part Article Link aravindkumarvemula medium comDo connect with me to read part article If there is any mistake in my article pls comment down So that i can improve myself |
2022-03-28 11:05:08 |
海外TECH |
DEV Community |
I need help with Next.js api |
https://dev.to/ivkemilioner/i-need-help-with-nextjs-api-3bih
|
I need help with Next js apiI want to change collections string from front end How to do that |
2022-03-28 11:04:58 |
海外TECH |
DEV Community |
Book Club: "Test Driven Development: By Example" #1 |
https://dev.to/ruthmoog/book-club-test-driven-development-by-example-1-1e0l
|
Book Club quot Test Driven Development By Example quot Kent Beck s Test Driven Development By Example was released in The book aims to explain how to use TDD to write quality code that works Chapter Multi Currency MoneyBeck starts by introducing a To Do list of the behaviour needed to solve the problem I ve found doing this helpful for two reasons it helps to stay focused on just the list item you can t do this step if you don t know enough about the problem and it s helpful to find this out before you start writing any code Once you have a list and have selected which item to start with you start writing a test I have learned quite a bit about TDD in theory but in practise writing tests is hard Beck s examples use very small incremental steps TDD is not about taking teeny tiny steps it s about being able to take teeny tiny steps This can be hard in an existing codebase where there may already be test helpers doing multiple steps and working in an unfamiliar area or domain can make this harder too I usually start by writing a given when then statement in plain english and attempting to build it up bit by bit with working code Having a test that fails as you write each part of it shows you that you re developing the code as you write your test Race to green with code that works you can make it lovely later when you refactor If you discover problems along the way add them to your To Do list View my code along repo at |
2022-03-28 11:04:26 |
海外TECH |
DEV Community |
How to automatically compile Typescript files to Javascript files and run the Nodejs server automatically |
https://dev.to/codarbind/how-to-automatically-compile-typescript-files-to-javascript-files-and-run-the-nodejs-server-automatically-4n54
|
How to automatically compile Typescript files to Javascript files and run the Nodejs server automaticallyWhen I started using typescript one of the first challenges I encountered was that I have to build compile my typescript file to javascript before I can run the node server So to compile I would run npm run buildand to run the node server I would issue node index jsTo do things automatically I knew I can watch changes to my js server files by using packages like nodemon so I installed it and then set the scripts object like following in my package json file scripts build tsc p start node index js dev nodemon index ts The build property value is what would be run when we issue npm run build The start property value is what would be run when we issue npm run start You can answer for the dev right Now to automatically build your typescripts to javascript whenever you make and save changes to a typescript file there are two ways to go about itadd w flag to the build script or uncomment and then set the watch property to true in the compilerOptions object in your tsconfig json file using the the watch flag wEither of these two would keep watching for saved changes in your typescript files and thereby compile automatically setting watch to trueSo in one terminal run npm run build then open another terminal and run npm run dev If you issued npm run dev your server would run and depend on the file name attached in the dev scripts Conversely for npm run start In the case here the server would be running from index ts if I issued npm run dev Compilation from typescripts to javascripts would happen automatically because of the watch flag w or setting it to true in the tsconfig json file Server would restart automatically because we are using nodemon to handle it Just different terminals Also take these tips into consideration Nodejs server runs on javascript filesChanges to typescript has be saved and compiled build to javascriptWe need to build automaticallyand we need to start our server automaticallyYour brother in copy and paste AbdwahabTweet at me wahabind |
2022-03-28 11:04:08 |
海外TECH |
DEV Community |
Using ARMO Kubescape to scale kubernetes security adoption across an enterprise |
https://dev.to/turjachaudhuri/using-armo-kubescape-to-scale-kubernetes-security-adoption-across-an-enterprise-5gio
|
Using ARMO Kubescape to scale kubernetes security adoption across an enterpriseNote This is not an introduction to Kubernetes It is expected that the reader is already aware of what Kubernetes is and how it works Agenda Topics of discussionKubernetes is everywhere Challenges of Kubernetes security adoption at scale across enterprises Strategies to solve container security adoption challenges Conclusion Kubernetes is everywhereEnterprise visionaries and thought leaders do not agree on a lot of things but even they have kind of conceded that Kubernetes is quickly becoming the de facto standard for application delivery across the IT landscape from startups to mid sized companies to big enterprises The Cloud Native Survey organized by CNCF shows that the usage of Kubernetes is continuing to grow and isn t likely to stop Some data points of interest are of IT organizations are either evaluating or already using kubernetes million developers in the world actively use kubernetes However at the same time it is a well known fact that Kubernetes is extremely hard to implement or get right And quite frankly the hardest part of Kubernetes is getting its security right As a result Kubernetes security has become a hot topic and rightly so The State of Kubernetes security report published by RedHat really highlights a lot of challenges that are evident with the current kubernetes ecosystem Some interesting data points covered in the report are of enterprise IT companies have confirmed that kubernetes security concerns have delayed or slowed down production deployment of respondents to the survey confirmed that they have faced at least security incident in their kubernetes environment in the last months of companies have mentioned that their main concern about adopting container strategies is how to secure them and maintain a strong security posture The reason I am trying to highlight these points is to enforce the opinion that Kubernetes is hard and implementing Kubernetes security is harder It is very important that an enterprise has a clear and well understood strategy on how to handle the myriad challenges that are evident in managing security of container deployments on an orchestration platform like Kubernetes However the good thing is in Enterprise IT most problems if not all have solutions In recent past there has been a strong focus by vendors cloud service providers etc on tools practices and processes that can seamlessly mitigate the challenges associated with implementing a comprehensive container security strategy ARMO is one such company which is doing impressive work in this sector Their flagship product kubescape is one of the most comprehensive and easy to use container security solutions available in the market today What is kubescape Kubescape is a k open source tool providing a multi cloud Ks single pane of glass including risk analysis security compliance RBAC visualizer and image vulnerabilities scanning Kubescape scans Ks clusters YAML files and HELM charts detecting misconfigurations according to multiple frameworks such as the NSA CISA MITRE ATT amp CK finding software vulnerabilities and showing RBAC role based access control violations at early stages of the CI CD pipeline It calculates risk scores instantly and shows risk trends over time You can find more details about kubescape at and Why should I choose kubescape over other tools User friendly UI for streamlined scans and test management An instantly calculated risk score based on the current scanEasy access to a history of past scans Exceptions management allowing Kubernetes admins to mark acceptable risk levels Build and create customized compliance frameworks I have used it personally and it is pretty easy to get onboarded with kubescape literally in minutes Their UI is extremely elegant and intuitive and the range of controls that they have implemented as a default offering is comprehensive and includes some of the most common security controls available in the market today like MITRE NSA and so on Please find below a snapshot of their scan output that I ran on my personal cluster Challenges of Kubernetes security adoption at scale across enterprisesIn this blog I am not going through a tutorial of kubescape because there are already wonderful blog posts and YouTube videos that can guide you through the entire process step by step and quite frankly the way the tool is designed it is extremely easy to get started What I want to focus on this blog is on the challenge of how to use kubescape to scale the adoption of a standard security tool and enforce a consistent Kubernetes security posture across an enterprise To understand the solution we must first be cognizant of the problem that exists First you need to understand that enterprises are not small entities comprising of teams or people So how do we define enterprises They have multiple departments and locations Hundreds of teams and departments spread across the company possibly globally distributed Everyone has clear responsibilities and hierarchies In a big enterprise an initiative like implementing security is much more difficult and prolonged than enforcing the same controls in a small or medium sized company Mostly what happens in these cases is that due to lack of central governance controls and policies in place each team implements security controls in their kubernetes clusters in their own way resulting in divergence and chaos I call this the Kubernetes Security Divide As you can see from the above image Each team implements their own security policies There is no standardization or cohesive approach across the enterprise Every team is working in silos However the target state of the enterprises is a situation where all teams will follow a standard set of guidelines practices and patterns But it is really very hard to move from left to right across the divide So in a nutshell some of the challenges of trying to scale a kubernetes security initiative across hundreds of teams in an enterprise could be Strategies to solve container security adoption challengesHow can kubescape help Enterprise security architects can leverage kubescape as a tool to consolidate security practices across an enterprise and ensure that all teams are adhering to a standard set of security guidelines and policies Let s try to evaluate the different strategies that can be leveraged to solve these challenges In a nutshell we will discuss the below strategies to increase the adoption of a consistent security posture for containerized workloads across an enterprise leveraging kubescape by ARMO Strategy Having an enterprise wide container kubernetes security framework in place Every enterprise has their own requirements No two companies are alike The applications within the enterprise might vary but they must still follow a standard set of policies that is a must across the enterprise Kubescape makes it very easy for an enterprise to create a custom security framework that the enterprise can push to all service lines and teams as a must have Kubescape offers security frameworks out of the box as shown below At the same time it also offers pre built security controls shared across the above frameworks However an enterprise might need a custom framework of their own where they will select their own set of controls out of the pre built controls that have been provided out of the box This could be due to a recommendation from the enterprise InfoSec team or due to external regulators that have mandated those controls to the enterprise The point is there can be instances where a custom combination of the provided security controls is needed to align with the security objectives of an enterprise as shown below And the best thing is that this is pretty easy to do in Kubescape As you can see in the below image I have created a custom framework for my enterprise In this framework I only included the critical controls available So the idea could be that any cluster deployment in my enterprise must ensure that they pass the above critical controls included as part of my enterprise framework Without that I might not allow the deployments to be pushed to PROD or something along those lines The best thing about kubescape is that if I know which controls I need to include in my custom framework it takes only minutes to create a custom framework and we are good to go As of today we can select any of the available controls to be included in our custom framework but going forward there could potentially be more controls included as part of the default offering Also since the controls are categorized as Critical OR High OR Medium OR Low it is easy for a security engineer with minimal idea of kubernetes to decide which ones should be included in the custom framework So now we have a custom framework for our own enterprise in place what to do now Strategy Provide a shift left security platform with focus on enhancing developer experience Most enterprises make the wrong assumption that their security posture depends on their security teams While that is true at some level but mostly it is up to the developers to ensure how security will be implemented at the enterprise level Mostly developers do not always care for security Indeed nowadays the situation has improved a lot with individual developers being more aware of security controls than ever before but at a high level you can consider that developers are not that concerned about security as they are about developing and pushing their features into production So say a developer does all his work of creating and writing the kubernetes application source code they YAML files for deploying the application the docker file for building the image and so on At this point the developer has no clue about whether the implementation that he is doing is compliant with the custom kubernetes security framework that is enforced by the InfoSec team at an enterprise level So the developer will do the changes in his local branch push them to dev raise a PR Maybe when the CI tests will run many issues concerning insecure kubernetes implementations will get flagged which means the developer will again have to spend considerable time in fixing them again pushing code again waiting for the CI tests to finish and so on This is not at all aligned with the agile software delivery lifecycle that we want enterprise s to follow With that in mind it would be best if we could push the analysis scanning of the custom security framework to the left meaning if the developer could get a feedback of some issues at least the easy to understand static ones directly when he she is coding in his IDE that would be best This is also called Shift Left security and you can use the VSCode extension for kubescape to do the same With the VSCode extension the dev can directly scan his kubernetes YAML files during development phase utilizing the full power of kubescape without having to leave his IDE this can result in tremendous productivity increase with no more waiting for costly CI tests to run to get feedback Kubescape team has published a wonderful blog and video on how to get started with shift left security using kubescape VSCode extension you can find details at This is something that is very important to understand the security tools that you are trying to enforce at scale across your enterprise must be aligned with the developer You can see many tools in the markets with hundreds of custom controls dashboards predictive analysis etc but most of such tools are directed at the security teams and not at the developers Developer buy in is a must to ensure that your at scale adoption exercise is successful If you provide your developers with an easy to integrate tool and a clean functional user interface they will surely use your tool and fix security vulnerabilities at the source This is where from my perspective kubescape shines it has a very intuitiveand easy to use interface and at the same time it has equal focus on both local development teams and central security teams Strategy Standardization of security controls and tools across an enterpriseOne thing that is very important to ensure that at scale adoption of your security initiative using kubescape succeeds is to enforce standardization across the board In most mature enterprises k cluster deployment management and operation is not performed directly via a CSP Cloud Service Provider or via manual scripts Most enterprises have a self service catalog using which an end user can request to provision a fully functional cluster A typical self service portal might look like below Such an enterprise wide offering of standard kubernetes components like clusters namespaces etc ensures that there is a level of standardization that is pre enforced across all deployments regardless of the teams business units involved Also such offerings typically handle all cross cutting concerns which are common across all teams in the enterprise for example As you can see one of the primary cross cutting concerns is Security and this is where kubescape comes into picture All kubernetes installations cluster setups across the enterprise must include ARMO kubescape pre installed as a default This will ensure that project dev teams do no have to do this as an additional step A kubescape pre installed k cluster will go a long way in enforcing kubescape as the standard of choice for enforcing container security in the enterprise This can be easily done using the kubescape helm chart This will ensure that kubescape gets deployed in a separate namespace within the cluster So basically if the enterprise uses a custom script or process to provision new k clusters for end users based on requirement they need to add the section to install the kubescape helm chart which can be done pretty easily Once this is done kubescape will become one of the built in tools available as part of the enterprise kubernetes offering As you can see in cluster deployment using kubescape is pretty simple and easy to get started with Strategy Develop invest in a central excellence team dedicated to kubernetes security This team will be in charge of the overall security strategies policy enforcement and security posture management across the entire enterprise The members of this team should dictate the kubescape controls that will be enforced as part of the custom enterprise framework ensure that all the security standards are enforced correctly provide training an guidance on kubescape usage to different development teams evangelize kubescape adoption as a single source of truth for kubernetes security This team will be placed horizontally and interact with the different product teams belonging to the different SL s So all kubernetes security topics will be managed by this team centrally and then pushed to the different product project teams within the enterprise as shown below However this team should include representation from different enterprise teams to ensure that all parts of the enterprise and key stakeholders are onboard At the same time this team should have a strong collaboration with the vendor team in this kubescape customer success pre sales product team Only then can the security initiative at scale leveraging kubescape be successful A sample segregation structuring of this this team including different interactions could be as shown below Strategy Inject security initiatives into automation CICD practicesNo security adoption initiative can scale or be successful if it is not automated With kubescape you have pre built integrations available so that you can directly inject kubescape into CICD platforms like Jenkins and Azure DevOps The best thing about kubescape is like always the integration with other ecosystem providers and tools is extremely seamless and elegant For example you can easily integrate kubescape with Jenkins CI CD CircleCI GitLab GitHub Actions and Azure DevOps Let me show you a small example using Azure DevOps more details can be found at trigger masterpool vmImage ubuntu container jmferrer azure devops agent lateststeps script mkdir HOME local bin export PATH PATH HOME local bin curl s bin bash kubescape scan framework nsa yaml displayName Run Kubescape As you can see above just adding the appropriate script task in the pipeline will ensure that the k objects in the YAML files are scanned as part of the pipeline Once the pipeline runs you can see the results in the Azure DevOps console as logs In most enterprises there is a separate DevOps practice or COE who manage all the DevOps pipelines and CI CD processes and practices across the enterprise Sometimes these teams use standard pipeline templates to get started with a project rather than starting from scratch For example there could be a standard DevOps CICD pipeline which already includes the different security components for example SAST tools like Checkmarx Veracode Code quality tools like SonarQube and so on In such cases the kubescape task should also be added as part of the pre built integrations so that whenever any team wants to create a new CICD pipeline for cloud native or containerized applications the kubescape plugin will get activated by default and all k YAML files helm packages will be scanned by default as part of the pipeline Again the message that I want to push here is that the k security practices should be pushed as part of the enterprise wide standards so that all teams irrespective of where they are in their cloud native journey can leverage those security standards in this case ARMO kubescape ConclusionIf one does a simple google search anyone can find hundreds or even thousands of articles whitepapers blogs and tutorials on kubernetes security and approaches for implementing the same However those articles do not focus on why how an enterprise needs to harmonize the choice of a kubernetes security tool with a strategy or a set of approaches that can be followed to ensure that the tool is leveraged at scale across an enterprise in the intended way I hope the readers can focus on the below key takeaways from this article Choosing the right tool for the job is pretty important In this blog I demonstrate how you can use an awesome open source project called kubescape by ARMO and leverage it to implement and enforce a set of security standards practices patterns and principles across the entire enterprise However just having a tool is counter productive if you do not have a consistent vision and streamlined strategy to support your initiatives Always remember one thing Kubernetes is hard Kubernetes security is harder but scaling a kubernetes security initiative across an enterprise is the hardest But I hope that some of the approaches that I have laid out in this article can help in solving some of these challenges and ensure that the reader does not face the same issues problems that I had to go through when trying to implement a similar exercise in one of my past companies ReferencesSpecial thanks to Kunal Kushwaha whose video on kubescape introduced me to the kubernetes security week challenge You can find more details here Awesome blogs and tutorials at ARMOSEC blog by Ben Hirschberg Jonathan Kaftzan and Leonid Sandler at that helped me to get started with and implement kubescape Specific article I referenced Kubescape git repo which has an abundance of relevant and critical information related to the project and kubernetes security in general you can find more details at All diagrams are drawn by me using the awesome excalidraw tool |
2022-03-28 11:01:33 |
Apple |
AppleInsider - Frontpage News |
Apple rumored to be cutting iPhone SE orders following weak demand |
https://appleinsider.com/articles/22/03/28/apple-cuts-iphone-se-orders-following-weak-demand?utm_medium=rss
|
Apple rumored to be cutting iPhone SE orders following weak demandAnalyst Ming Chi Kuo says that Apple s latest iPhone SE is selling less than expected and other sources say orders are being scaled back as a result Starlight iPhone SEWith the exception of adding G support the iPhone SE has been seen as a minor update Now it appears that its similarity to the previous model plus perhaps the global situation with coronavirus lockdowns and Ukraine war is causing demand to be less than Apple expected Read more |
2022-03-28 11:53:28 |
海外TECH |
Engadget |
The Morning After: Apple TV+ is the first streaming service to win a Best Picture Oscar |
https://www.engadget.com/the-morning-after-the-first-streaming-service-to-win-the-best-picture-oscar-111506660.html?src=rss
|
The Morning After Apple TV is the first streaming service to win a Best Picture OscarAlmost precisely three years after it launched Apple TV has claimed the Best Picture Oscar for a streaming service with CODA In another historic moment Troy Kotsur became the first Deaf male actor to win an Oscar Apple paid million for the distribution rights to the film which had a limited theatrical run and is currently streaming on Apple TV ReutersIt beat Netflix s favorite in the category The Power of the Dog which picked up Best Director for Jane Campion And while Netflix registered a record nominations for this year s Oscars losing out to Apple for arguably the biggest prize probably smarts after years of campaigning for its movies and shows ーMat SmithThe biggest stories you might have missedCrunchyroll ends free ad supported simulcast streamingHitting the Books The Soviets once tasked an AI with our mutually assured destructionRussia s invasion of Ukraine has destroyed a historic computer museumGene losses allow vampire bats to live solely on a diet of blood Halo wishes it was The Mandalorian The show can t compete with modern sci fi TV Paramount Many many years in the making the interesting elements of Halo are somewhat outweighed by the show s simplistic writing stiff acting and sometimes dodgy special effects If it came out in when we first expected it to arrive it would have been more impressive But with The Mandalorian and other shows like Foundation on Apple TV there s a lot of premium sci fi TV to get into ーand that s before we even touch all the myriad Star Trek shows filling up Paramount the home of Halo Continue reading Apple may release its next iPad Pro this fallThe tablet will reportedly feature a new chip and MagSafe charging Bloomberg s Mark Gurman expects Apple will release its next generation iPad Pro sometime this fall Gurman anticipates the new tablet will feature MagSafe charging and Apple s long rumored but as yet unannounced M chip Apple only just updated the iPad Pro last year adding G Thunderbolt connectivity and its first generation Apple Silicon system on a chip Details on the M remain sparse but it has reportedly gone into production Continue reading Uber secures month London taxi licenseThe extension ends a long running spat with city regulators Following a years long dispute with the city s transit regulator Uber has earned a month license to continue operating in London Transport for London TfL said the ride hailing service had been granted a London private hire vehicle operator s license for a period of two and a half years Uber s dispute with TfL dates back to when the agency said the company wasn t “fit and proper to operate in the city and revoked its taxi license Among other issues TfL said Uber had failed to properly conduct driver background checks and report serious criminal offenses Continue reading Whistleblower says Microsoft spent millions on bribes abroadThe former employee estimates quot a minimum of million each year quot In an essay published on the whistleblower platform Lioness former Microsoft manager Yasser Elabd alleged Microsoft fired him after he alerted leadership to a workplace where many regularly engaged in bribery He further alleges that attempts to escalate his concerns resulted in retaliation within Microsoft and eventual termination from his role Elabd claims in his essay that he worked for Microsoft between and and had oversight into a quot business investment fund quot ーessentially a slush fund to quot cement longer term deals quot in the Middle East and Africa But he grew suspicious of unusual payments to seemingly unqualified partners Continue reading Ukraine is selling NFTs to support its militaryThe collection is meant to document the history of the war Ukraine s Ministry for Digital Transformation has launched an NFT collection to help fund its military The project was first announced in early March but the NFT collection of illustrations by Ukrainian and international artists called “Meta History Museum of War is now live The collection is meant to be an “NFT museum documenting the history of Russia s invasion of Ukraine The collection currently comprises NFTs documenting the events of the first three days of the war Continue reading |
2022-03-28 11:15:06 |
海外TECH |
The Apache Software Foundation Blog |
The Apache Weekly News Round-up: week ending 25 March 2022 |
https://blogs.apache.org/foundation/entry/the-apache-weekly-news-round19
|
The Apache Weekly News Round up week ending March We re wrapping up another great week with the following activities from the Apache community ASF Board nbsp management and oversight of the business affairs of the corporation in accordance with the Foundation s bylaws nbsp Next Board Meeting April Running Board calendar and minutes are available ASF Infrastructure nbsp our distributed team on three continents keeps the ASF s infrastructure running around the clock nbsp M weekly checks yield uptime at Performance checks across different service components spread over more than machines in data centers around the world View the nbsp ASF s Infrastructure Uptime site to see the most recent averages Apache Code Snapshot nbsp Over the past week Apache Committers changed lines of code over commits Top contributors in order are Jean Louis Monteiro Jianyun Cheng Sebastian Bazley Benoit Tellier and James Netherton Apache Project Announcements nbsp the latest updates by category APIs nbsp Apache APISIX released nbsp Big Data nbsp nbsp Apache Calcite Avatica released nbsp Apache SeaTunnel Incubating released nbsp nbsp Apache Kyuubi Incubating incubating released Blockchain nbsp Apache Tuweni Incubating released nbsp Content nbsp Apache POI released nbsp nbsp Apache Syncope released nbsp nbsp Apache Sling released IoT nbsp Apache IoTDB released nbsp nbsp Apache StreamPipes Incubating released Libraries nbsp nbsp Apache OpenJPA released nbsp nbsp Apache Daffodil releasedMessaging nbsp Apache Qpid Proton and Qpid Dispatch released nbsp nbsp Apache Pulsar released Search nbsp Apache Solr Operator v released nbsp nbsp Apache Lucene released Servers nbsp Apache Tomcat Native released nbsp Did You Know Did you know that improvements to Apache Drill include backward compatibility with Apache Hadoop connectors for Apache Phoenix writing to JDBC data sources support for new data file formats including Apache Iceberg and SAS files and API query improvements Did you know that Apache Calcite includes Babel support for lt gt operator SQL hints for temporal table join fixtures so that dependent projects can write parser validator and rules tests and upgrade jsonpath to fix CVE Did you know that the CloudStack European User Group will be held virtually on April nbsp Apache Community Notices nbsp Apache in nbsp By The Digits nbsp nbsp Video highlights nbsp nbsp Watch quot Trillions and Trillions Served quot the documentary on the ASF nbsp full feature nbsp min quot Apache Everywhere quot min quot Why Apache quot min nbsp “Apache Innovation min nbsp nbsp ASF Annual Report FY nbsp Press release nbsp and nbsp Report nbsp PDF nbsp The Apache Way to nbsp Sustainable Open Source Success nbsp nbsp nbsp Foundation Reports and Statements nbsp Presentations from s ApacheCon Asia and ApacheCon Home are available on the nbsp ASF YouTube channel nbsp quot Success at Apache quot focuses on the people and processes behind why the ASF quot just works quot nbsp nbsp Follow the ASF on social media nbsp TheASF on Twitter nbsp and nbsp The ASF page LinkedIn nbsp nbsp Follow the nbsp Apache Community on Facebook nbsp and nbsp Twitter nbsp nbsp Are your software solutions Powered by Apache nbsp Download amp use our quot Powered By quot logos Stay updated about The ASFFor real time updates sign up for Apache related news by sending mail to announce subscribe apache org and follow TheASF on Twitter For a broader spectrum from the Apache community Planet Apache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers |
2022-03-28 11:30:44 |
海外TECH |
CodeProject Latest Articles |
How to convert TensorFlow model and run it with OpenVINO™ Toolkit |
https://www.codeproject.com/Articles/5326994/How-to-convert-TensorFlow-model-and-run-it-with-Op
|
openvino |
2022-03-28 11:39:00 |
医療系 |
医療介護 CBnews |
遠隔診療活用へ、基本指針策定の議論開始-経済的な誘導策も「議論の射程」、医療部会 |
https://www.cbnews.jp/news/entry/20220328203353
|
個人情報 |
2022-03-28 20:55:00 |
ニュース |
BBC News - Home |
How the feel-good film Coda caused an Oscars upset |
https://www.bbc.co.uk/news/entertainment-arts-60825096?at_medium=RSS&at_campaign=KARANGA
|
family |
2022-03-28 11:33:27 |
ニュース |
BBC News - Home |
Schools White Paper includes higher maths and English targets |
https://www.bbc.co.uk/news/education-60846684?at_medium=RSS&at_campaign=KARANGA
|
poorer |
2022-03-28 11:52:14 |
ニュース |
BBC News - Home |
Sainsbury's urged to up pay to match cost of living |
https://www.bbc.co.uk/news/business-60898827?at_medium=RSS&at_campaign=KARANGA
|
ensure |
2022-03-28 11:01:51 |
ニュース |
BBC News - Home |
Taxpayer no longer majority Natwest shareholder |
https://www.bbc.co.uk/news/business-60898614?at_medium=RSS&at_campaign=KARANGA
|
natwest |
2022-03-28 11:25:23 |
ニュース |
BBC News - Home |
Why has Russia invaded Ukraine and what does Putin want? |
https://www.bbc.co.uk/news/world-europe-56720589?at_medium=RSS&at_campaign=KARANGA
|
ukraine |
2022-03-28 11:18:31 |
北海道 |
北海道新聞 |
人権保障条例の協議開始 広島・三原市、差別防止 |
https://www.hokkaido-np.co.jp/article/662308/
|
人権保障 |
2022-03-28 20:29:00 |
北海道 |
北海道新聞 |
新電力・エルピオが供給停止 4月末、契約10万件以上 |
https://www.hokkaido-np.co.jp/article/662307/
|
千葉県市川市 |
2022-03-28 20:26:00 |
北海道 |
北海道新聞 |
国内で2万9881人感染 65人死亡、新型コロナ |
https://www.hokkaido-np.co.jp/article/662306/
|
新型コロナウイルス |
2022-03-28 20:17:00 |
北海道 |
北海道新聞 |
AV出演強要は現行法対応 首相「18歳成人」巡り |
https://www.hokkaido-np.co.jp/article/662305/
|
岸田文雄 |
2022-03-28 20:16:00 |
北海道 |
北海道新聞 |
ミャンマー国軍記念日 ロシア、中国など8カ国出席 |
https://www.hokkaido-np.co.jp/article/662303/
|
森奈津子 |
2022-03-28 20:14:00 |
北海道 |
北海道新聞 |
担任が児童の給食減らす、福岡 宮若市教委「不適切」 |
https://www.hokkaido-np.co.jp/article/662301/
|
福岡宮若市 |
2022-03-28 20:09:00 |
北海道 |
北海道新聞 |
長万部の東西つないで半世紀 さらば中央跨線橋 31日「渡り納め」新幹線延伸で撤去 |
https://www.hokkaido-np.co.jp/article/662258/
|
長万部駅 |
2022-03-28 20:05:48 |
コメント
コメントを投稿