Latest from the blog

November 01, 2022

How Trusted Delivery Unifies Security Practices Like IAM, RBAC, & ABAC

The use of policy as code in GitOps pipelines simplifies the implementation of security practices such as RBAC, ABAC, and IAM. This post covers how policy as code can be used to define these practices declaratively and run compliance checks recurringly with Git as the single source of truth.

September 13, 2022

September Release - Weave GitOps 2022.09

Learn about the exciting new features in the Weave GitOps 2022.09 release. Accelerate software development life cycles safely, enabling multiple DevOps teams to work seamlessly together and other productivity enhancements.

August 30, 2022

Secure your CI/CD pipeline with Trusted Delivery

CI/CD pipelines are integral to modern software development teams. Find out the security risks associated with CI/CD pipelines and how trusted delivery can help you mitigate them.

August 23, 2022

Guide to Hybrid Cloud Security

What is hybrid cloud security? Hybrid cloud security is about protecting data, applications, and associated workloads hosted across multiple public and private cloud environments.

July 03, 2022

MITRE ATT&CK Matrix for Kubernetes

What is MITRE ATT&CK Matrix? Learn about a comprehensive knowledge base of adversary tactics and techniques involved in cyber attacks.

July 03, 2022

MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques Part 3

Learn about the last three threat vectors in Kubernetes: lateral movement, collection, and impact.

July 03, 2022

MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques Part 2

Learn about the next three threat vectors in Kubernetes: defense evasion, credential access, and discovery.

July 03, 2022

MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques Part 1

Learn about the first four threat vectors in Kubernetes: initial access, execution, persistence, and privilege escalation.

June 14, 2022

Weave Policy Library: Introducing HIPAA Policies

In our latest Weave GitOps release, we added trusted application delivery and policy-as-code capabilities to Weave GitOps. Part of this release is the Weave Policy Library, which includes HIPPA compliance standards among other compliance family policies such as CIS Benchmarks and PCI DSS. Read on to learn more about the Weave Policy Library and HIPAA policies.

May 31, 2022

Security for Application Delivery shifts left with GitOps for Visual Studio Code

The VS Code extension adds a Weave GitOps button in the sidebar of your IDE that allows you to access GitOps features without switching to another dashboard. You can view GitOps components and components as well as trigger reconciliation- read our latest blog for details.

April 23, 2021

What is DevSecOps and Why is it Important?

DevSecOps stands for development, security, and operations. The practice integrates security into every phase of the software development cycle.

March 30, 2021

Using Cloud-Native BuildPacks for Operational Efficiency

CNB offers a rich capability for building OCI images. Learn about layer caching practices, image inspection, and runtime rebasing.

July 15, 2020

Enforce Ingress Best Practices Using OPA

In this blog article we'll explain how to define policies that ensure that no bad Ingress definitions will be deployed to cluster.

June 25, 2020

Enforce Kubernetes Network Security Policies Using OPA

OPA is a general-purpose, platform-agnostic policy enforcement tool. Read this blog to learn about how to utilize an OPA.

June 09, 2020

Integrate OPA Into Your Kubernetes Cluster Using Kube-mgmt

We'll cover how to deploy OPA from scratch, and apply a sample policy that enforces using an Ingress hostname from a whitelist.

June 02, 2020

Integrating Open Policy Agent (OPA) With Kubernetes

Explore how to integrate OPA with Kubernetes and see some examples of the power that this integration can bring to policy enforcement.

July 12, 2017

Container Security with Dan Walsh

There are several factors to consider when securing containerized applications. Where containers are deployed, how they are isolated and which capabilities to disable are important steps to take to ensure that your dockerized applications are secure.

May 19, 2017

Adding a Service to Weave Cloud and Other Best Practices

Learn how to add a service to Weave Cloud – from naming and organization to security and monitoring, Tom Wilkie shares best practices and lessons learned.

February 20, 2016

Weave unaffected by GNU C library vulnerability CVE 2015-7547

This week a serious vulnerability (CVE 2015-7547) was announced in the GNU C library installed on most popular Linux systems, which could enable a remote code execution attack. Software that makes use of the glibc DNS resolver...

September 04, 2015

Weave & CliQr: Improving Security and Portability of Container-Based Apps

Our friends over at CliQr recently blogged about integrating Weave Net with CliQr’s CloudCenter & Application-Defined Cloud Management Platform. What’s particularly interesting about this case is the portability of Weave Net,...

Next