Running your workloads on Kubernetes(k8s) is becoming a de facto standard for many companies building software. The usual steps involve building software, running tests, building a container, hopefully doing some security scanning in the process, pushing to the registry, and deploying.
Occamslabs sharing insights about cloud securtiy
A vulnerability is usually an unintended software bug that opens an attack angle for a malicious actor. The good thing about an open-source project is, that the bigger the project, the more eyes are on it. The more likely these vulnerabilities will surface and be fixed fast. In smaller or dormant projects, this is usually not the case.
A supply chain attack is when one or more of the dependencies in your application have been compromised, and some “bad code “is running on your systems and applications that is intended to harm you. These kinds of attacks are becoming more common and more sophisticated.
When writing software you want to avoid introducing functional bugs or security issues.