Latest from the blog

November 30, 2023

Addressing 4 Critical OSS Security Challenges with Weave GitOps Assured

Explore the top 4 critical security risks in open-source software and how Weave GitOps Assured can help prevent them. Learn about the top four OSS security challenges and the solution’s comprehensive strategy for robust protection.

October 24, 2023

What is the Digital Operational Resilience Act (DORA)?

Explore the Digital Operational Resilience Act (DORA) and its significance for EU financial institutions. Dive into the five compliance pillars and learn how Weaveworks can assist in meeting DORA's requirements.

July 31, 2023

Automated Security in GitOps Pipelines with Weave Policy Engine

Discover the power of Weave Policy Engine for automated security in GitOps pipelines. Strengthen your Kubernetes applications' security and compliance with policy-as-code enforcement. Learn more.

June 26, 2023

Kubernetes Security - A Complete Guide to Securing Your Containers

Learn about Kubernetes Security, the 4Cs of Kubernetes, and nodes. Fully manage and operate Kubernetes with the help of Weave Works

December 14, 2022

Policy as code Shifts Security Left

Shift left is essential to catch issues early on in a development cycle. Policy as code extends this model to security and compliance. Learn more about it in this blog.

November 01, 2022

How Trusted Delivery Unifies Security Practices Like IAM, RBAC, & ABAC

The use of policy as code in GitOps pipelines simplifies the implementation of security practices such as RBAC, ABAC, and IAM. This post covers how policy as code can be used to define these practices declaratively and run compliance checks recurringly with Git as the single source of truth.

October 27, 2022

No More Manual Reviews — Policy as Code to the Rescue

Using policy as code is the most advanced method of implementing policy-based governance. In this post, we look at how policies are used to automate the entire workflow of security & compliance.

October 06, 2022

GitOps Cloud Security Model - An Infographic

In this GitOps cloud security model infographic, we showcase how you can fortify your CI/CD pipelines against misconfigurations and potential data breaches.

September 06, 2022

Shifting Security Left with GitOps and Trusted Delivery

What does it mean to shift security left in GitOps pipeline and how can you do so with policy as code? Let’s find out.

August 30, 2022

Secure your CI/CD pipeline with Trusted Delivery

CI/CD pipelines are integral to modern software development teams. Find out the security risks associated with CI/CD pipelines and how trusted delivery can help you mitigate them.

August 23, 2022

Guide to Hybrid Cloud Security

What is hybrid cloud security? Hybrid cloud security is about protecting data, applications, and associated workloads hosted across multiple public and private cloud environments.

August 16, 2022

How Trusted Delivery Can Protect You From Becoming The Next Tech Horror Story

Trusted delivery through policy-as-code is the best way to secure your GitOps pipeline against cyber attacks such as cloud misconfigurations. Take steps to avoid being the next news headline.

July 12, 2022

Security & IAM policies in a GitOps world

The GitOps approach is not just for deployment velocity, but to improve security of the pipeline. In this post, learn how to incorporate security and IAM policies the GitOps way.

July 03, 2022

MITRE ATT&CK Matrix for Kubernetes

What is MITRE ATT&CK Matrix? Learn about a comprehensive knowledge base of adversary tactics and techniques involved in cyber attacks.

July 03, 2022

MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques Part 3

Learn about the last three threat vectors in Kubernetes: lateral movement, collection, and impact.

July 03, 2022

MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques Part 2

Learn about the next three threat vectors in Kubernetes: defense evasion, credential access, and discovery.

July 03, 2022

MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques Part 1

Learn about the first four threat vectors in Kubernetes: initial access, execution, persistence, and privilege escalation.

June 14, 2022

Weave Policy Library: Introducing HIPAA Policies

In our latest Weave GitOps release, we added trusted application delivery and policy-as-code capabilities to Weave GitOps. Part of this release is the Weave Policy Library, which includes HIPPA compliance standards among other compliance family policies such as CIS Benchmarks and PCI DSS. Read on to learn more about the Weave Policy Library and HIPAA policies.

May 31, 2022

Security for Application Delivery shifts left with GitOps for Visual Studio Code

The VS Code extension adds a Weave GitOps button in the sidebar of your IDE that allows you to access GitOps features without switching to another dashboard. You can view GitOps components and components as well as trigger reconciliation- read our latest blog for details.

March 31, 2022

Adding Policy as Code to GitOps Pipelines

Previously we introduced the benefits of policy as code, and how it works. In this blog, we continue where we left off and dive deeper into how policy as code can be embedded into GitOps pipelines.

Next