lukpueh

python-tuf security assessment

There are 2 classes of interesting TUF repository compromise scenarios and corresponding audit questions:

1. Repository hosting compromised and/or MITM, signing keys safe --> "Can the attacker affect the client in any way?"

2. Repository hosting compromised and/or MITM, signing keys compromised --> "Can the attacker affect the client beyond the capability of the compromised key in

lukehinds

Deploy Chains

• docker for using kind. Make sure you docker login first if you have not done so already.
• kind will be used to set up a quick and lightweight Kubernetes cluster. Kubernetes vresion >= 1.15 is required. This was tested with v0.8.1.
• kubectl is the Kubernetes client required to interact with a Kubernetes cluster. Make sure its version is also >= 1.15.
• Additional Tekton CI/CD requirements to install:
  • Go - Make sure you have a recent version of the Go programming language installed and added to your PATH environment variable.
  • git make sure git is installed and set up to work with GitHub.
• ko version >= v0.1 is required to work with and deploy development versions of Tekton.

atoponce

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

bastman

Docker - How to cleanup (unused) resources

Once in a while, you may need to cleanup resources (containers, volumes, images, networks) ...

delete volumes

// see: https://github.com/chadoe/docker-cleanup-volumes

$ docker volume rm $(docker volume ls -qf dangling=true)

$ docker volume ls -qf dangling=true | xargs -r docker volume rm