View Blog Post

CloudFormation Point-of-Change Compliance: Hooks First Impressions

Intro  Security and compliance controls are an important part of the software development life cycle.  When organizations and teams move software delivery from months to hours, the processes related to compliance evaluation can become a bottleneck for delivery.  In his article, “Compliance in a DevOps Culture,” Carl Nygard outlines different approaches teams can take to Read more…

View Blog Post

Stelligent and AWS Partnership: Built on Control Tower

Built on Control Tower Mphasis Stelligent is proud to be an AWS Built on Control Tower Partner and a Management and Governance Partner! Find this blog interesting? Make sure you register and join us on Nov 17 for an AWS Control Tower Activation Day. Control Tower and BoCT Overview Cloud transformation is a large undertaking. The setup and Read more…

View Blog Post

Scaling Security as Code on AWS: A DevSecOps Model

As Enterprises adopt modern application architectures, they now find they need the capability to deliver hundreds or even thousands of distinct applications while meeting stringent security and compliance requirements. Scaling the capability to deliver software securely requires a new framework for defining, creating, and delivering infrastructure and application code and brings a new set of Read more…

View Blog Post

Security Response and Remediation Automation on AWS

Consider the following questions when it comes to the typical approach to security error detection and remediation in many enterprises today: How does security error detection occur?   When and how often does it occur?  Who is usually involved in fixing these security issues?  What is the approach to fixing these issues?  How long does it Read more…

View Blog Post

AWS re:Invent 2020 DevSecOps re:Cap

Since AWS re:Invent 2020 was 100% virtual, I got opportunities to consume more content than I typically do at the conference but this came at the cost of missing out on opportunities to meet with new people and those I typically see every year at this time. The nice thing is that more people from Read more…

View Blog Post

Using Dependabot with AWS CodeCommit

Introduction In the DevSecOps world, maintaining code dependencies is key to acquiring the latest security vulnerability updates, bug fixes, and new features.  While locking down to “known-good” revisions of dependencies may avoid potential bugs and incompatibilities during continuous integration, critical updates could be missed.  Dependabot provides an automated solution to dependency management that can be Read more…

View Blog Post

DevOps on AWS Radio: Kinnaird McQuade – Policy Sentry and Cloudsplaining, Stelligent Book Club (Episode 28)

In this episode, Kinnaird McQuade, Lead Cloud Security Engineer at Salesforce, joins us to talk about his tools Cloudsplaining and Policy Sentry. Policy Sentry provides a framework for writing IAM policies to make it easier to create least privilege policies. Cloudsplaining can help find policies that may allow more access than required. Keith Monihen joins Read more…

View Blog Post

Limiting the Blast Radius of Deployment Systems

If you are following best practices, you have adopted a multi-account strategy for your cloud applications, with different workloads spread across different accounts. Users log in to one account and assume roles in other accounts as needed. Even your build system lives in a tools account separate from all the applications it deploys. This is Read more…

View Blog Post

Is My Container Image Secure? CI/CD Container Scanning using Trend Micro Deep Security Smart Check and AWS CodePipeline

Introduction Many enterprises attempt to drive software development and delivery towards a DevOps mindset. Likewise, organizations struggle with increasing security challenges while adopting these innovative software practices. Embedding security within the deployment lifecycle is non-negotiable. Therefore, integration of security into CI/CD workflows need to be done cautiously to meet an ever-evolving technology landscape. DevSecOps is Read more…

View Blog Post

Generating Least Privileged IAM Roles for CloudFormation and Service Catalog with cfn-leaprog

CloudFormation Development Process and Privilege As a developer works through the development of a CloudFormation template, they are likely working in a “sandbox” account where they have significant “power user” privileges.  This is convenient in order to allow the developer to focus on the business needs, but what happens when the same template is converged Read more…