Blog Posts

Vulnerability Management in CI/CD: Balancing SLAs and Developer Velocity (Part 1: Dependency Scanning with OSV-Scanner)

Part 1 of the Vulnerability Management Series — how to manage dependency vulnerabilities with OSV-Scanner and ih-github while meeting SLAs and keeping developer velocity high.

Read More

Upgrading Terraform Modules to AWS Provider v6 with Confidence

When HashiCorp releases a new major version of the AWS Terraform provider, engineering teams often brace themselves. Major upgrades bring new features and bug fixes, but they also come with breaking changes. A module that “just worked” under v5 might fail or drift silently under v6.

Read More

Implementing Compliant Secrets with AWS Secrets Manager

I had a conversation with a colleague other day, and he asked who has access to a specific password. We use AWS Secrets Manager to store secret data and AWS Identity and Access Management to control access to it. Seemingly simple question, it was difficult to answer. I started off with describing how an IAM role can have particular permissions on a particular secret, etc. Pretty soon, I realized, that to answer what roles can read a secret, one would need to parse every available IAM policy.

Read More