A Software Bill of Materials is a boring data structure that became a legal requirement. Here is what an SBOM actually is at the bit level, the SPDX versus CycloneDX split, the generation and consumption workflow that matters, and what the EU CRA and US procurement rules are actually asking for in 2026.
Devsecops
-
SBOMs and the Compliance Wave: From Acronym to Legal Obligation -
How Supply Chain Attacks Actually Work: The Anatomy of XZ, SolarWinds, and the npm Sagas Supply chain attacks do not break down the front door — they get invited in through the build systems, package registries, and maintainer trust that modern software runs on. A forensic walk through the XZ Utils backdoor, SUNBURST, and the npm registry attacks, the pattern they share, and the defenses that actually survive contact with real codebases.
-
Kubernetes Network Policies in Depth: The Complete Guide A comprehensive deep-dive into Kubernetes NetworkPolicy: the ingress/egress model, default-deny patterns, the DNS gap, namespace selectors, Cilium L7/FQDN policies, AdminNetworkPolicy, and debugging blocked traffic.
-
Runtime Security with Falco: Syscall-Level Threat Detection for Kubernetes A comprehensive guide to Falco—covering how it works at the kernel level with eBPF, writing custom detection rules, integrating with alerting pipelines, and building a complete runtime security posture for Kubernetes workloads.
-
Secure Software Development Lifecycle: Building Security Into Every Phase A practical guide to the Secure SDLC — from threat modeling and design reviews to SAST/DAST, dependency auditing, and embedding security gates into CI/CD pipelines.
-
Container Image Hardening: Distroless, Multi-Stage Builds, and Vulnerability Scanning A practical, in-depth guide to reducing your container attack surface through distroless base images, multi-stage builds, Trivy vulnerability scanning, and CI/CD integration — covering everything from Dockerfile patterns to Kubernetes securityContext settings.