Week 45 of 2021
React Aria: A headless UI component library
A library of React Hooks that provides accessible UI primitives for your design system. "You structure your DOM and css however you want, and react-aria provides hooks that return props to spread onto your elements to make them come alive."
How to improve your Docker containers security
"Containers are no security devices. That's why we've curated a set of easily actionable recommendations to improve your Docker containers security. Check out the one-page cheat sheet." (from Cloud Security Reading List)
Github Actions Security Best Practices
"Some of the key security concerns you should be aware of when using Github Actions. We will also cover the best practices that Salesforce Heroku follows." (from Cloud Security Reading List)
Attacking and Securing CI/CD Pipeline
"Comprehensive summary of both the attack methods often used against CI/CD pipelines and our insights in securing the CI/CD infrastructure." ATT&CK-like Threat Matrix for CI/CD Pipeline. (from Cloud Security Reading List)
Protect your open source project from supply chain attacks
tl;dr; Follow the SLSA framework and OpenSSF Scorecards rubric, and many can be implemented automatically by using the Allstar project. (from Cloud Security Reading List)
Doing a job
"Human experience shows that people, not organizations or management systems, get things done."