Blog posts

This section contains whatever I think is useful when I do computer stuff.

2025

Why Mixing CRA Criticality Levels with Internal Risk Classifications Is a Bad Idea

7 mins

Application Security AppSec CRA Governance

Implementing Kubernetes SecurityContext best practices using the Trivy VS Code extension

6 mins

Kubernetes Kubernetes SecurityContext Trivy

What is a SecurityContext in Kubernetes and Why it Matters?

5 mins

Kubernetes Kubernetes SecurityContext

2024

Threat Modeling with Rapid Risk Assessment - a low-effort and concise approach

14 mins

Application Security AppSec Threat Modeling Rapid Risk Assessment (RRA) STRIDE

DefectDojo with Trivy Operator cluster reports

5 mins

Kubernetes K8s Kind Defectdojo Trivy-Dojo-Report-Operator Trivy Owasp

A step-by-step guide to set up DefectDojo in a local Kind cluster and receive data from the Trivy Operator reports, using the trivy-dojo-report-operator.

Trivy in Kubernetes

15 mins

Kubernetes Kubernetes Trivy Trivy Operator

A step-by-step guide to setup the Trivy Operator in Kubernetes.

Trivy Infrastructure as Code (IaC) Scanning

3 mins

DevOps & CI/CD Trivy IaC Scan

Guides for applying Trivy to your project

Flux with Local Registry

5 mins

Kubernetes K8s Kind Local Registry Flux

A step-by-step guide for setting up Flux in a Kind cluster with a local registry for automatic updates of Docker images.

Kind with Local Registry for Flux

2 mins

Kubernetes K8s Kind Local Registry Flux

A script to set up Kind and a local registry, with containerd patches to make it work for Flux