Blog posts

This section contains whatever I think is useful when I do computer stuff.

2025

Why Mixing CRA Criticality Levels with Internal Risk Classifications Is a Bad Idea

7 mins

Application Security AppSec CRA Governance

The EU Cyber Resilience Act and internal security risk levels answer different questions. Keep them separate and apply them together when needed.

Implementing Kubernetes SecurityContext best practices using the Trivy VS Code extension

6 mins

Kubernetes Kubernetes SecurityContext Trivy

What is a SecurityContext in Kubernetes and Why it Matters?

5 mins

Kubernetes Kubernetes SecurityContext

2024

Threat Modeling with Rapid Risk Assessment - a low-effort and concise approach

20 mins

Application Security AppSec Threat Modeling

A practical guide to implementing threat modeling with Rapid Risk Assessment in your organization, including challenges, tailoring approaches, and example processes.

DefectDojo with Trivy Operator cluster reports

5 mins

Kubernetes K8s Kind Defectdojo Trivy-Dojo-Report-Operator Trivy Owasp

Set up DefectDojo in a local Kind cluster and automatically receive Trivy Operator scan results.

Trivy in Kubernetes

15 mins

Kubernetes Kubernetes Trivy Trivy Operator

A step-by-step guide to setup the Trivy Operator in Kubernetes.

Trivy Infrastructure as Code (IaC) Scanning

3 mins

DevOps & CI/CD Trivy IaC Scan

Guides for applying Trivy to your project

Flux with Local Registry

5 mins

Kubernetes K8s Kind Local Registry Flux

Set up Flux in a Kind cluster with a local registry for automatic Docker image updates.

Kind with Local Registry for Flux

2 mins

Kubernetes K8s Kind Local Registry Flux

A script to set up Kind and a local registry, with containerd patches to make it work for Flux