Blog: Fantastic Infrastructure as Code security attacks and how to find them - 2022-02-17
Technical deep-drive into IaC Security scanners on the market, newly created vulnerable demos, and a walkthrough on how to integrate MR widgets (Ultimate), and create MR comments with report tables as alternative (for all users).
The target audience is developers and DevOps engineers; bookmarking this as a learning resource, similar to the jq blog post in https://about.gitlab.com/blog/2021/04/21/devops-workflows-json-format-jq-ci-cd-lint/ (which is referenced by this blog post too).
Does not resolve #12757 (closed) but is inspired by it.
Helps achieve company OKRs in https://gitlab.com/gitlab-com/marketing/corporate_marketing/corporate-marketing/-/issues/5808+
@vsilverthorne The title and cover image are intentional; please keep them as is during the review. I've set the blog post for 2022-02-15 but that's up to your time to review and edit.
Checklist for writer
-
Link to issue added, and set to close when this MR is merged -
Due date and marketing milestone (e.g. Mktg: 2021-03-28) added for the desired publish date -
Please suggest a target keyword for your post for SEO: Infrastructure as Code (IaC) -
Please add links to three related blog posts, GitLab issues, documentation or other related content so the reader can learn more at the bottom of the post. (We will take care of the formatting.) -
If time sensitive -
Added ~"priority" label -
Mentioned @vsilverthorneto give her a heads up ASAP
-
-
Blog post file formatted correctly, including any accompanying images -
All relevant frontmatter included -
Review app checked for any formatting issues -
Reviewed by fellow team member -
If approval before publishing is required -
Any required internal or external approval for this blog post has been granted (please leave a comment with details)
-
-
Assign to @vsilverthorne OR the Editorial team member who reviewed your pitch issue for final review (If they are on PTO and your post is time sensitive, please share your MR in #content on Slack to ask for another reviewer.)
After the blog has been published:
-
Share on your social media channels - Add
?utm_medium=social&utm_campaign=blog&utm_content=advocacyto the end of the blog URL when you share on social media, for data tracking. Your link should look like this:https://about.gitlab.com/blog/20xx/xx/xx/blog-title/?utm_medium=social&utm_campaign=blog&utm_content=advocacy
- Add
-
After you've shared on your social media profiles, select one of the posts and link it in the #social_media_action Slack channel for everyone to engage with your post. The GitLab social team may engage or even share your social media post to amplify the work. - To learn more about how to use your own social media channels for GitLab, check out our team member social media guidelines here.