Secure Coding

Aside from naming and versioning, managing sensitive assets, like credentials, is one of the more challenging aspects in technology. So, why is it so difficult? Well, to start off. What may be considered a sensitive asset to one individual or organization may not be the same as another. Also, given that there are so many different ways that sensitive assets can be managed, there is no universally accepted method available.
The challenges that encompass how sensitive assets are handled also apply to image mode, a new method that enables building and deploying Operating Systems using similar tools and approaches as any other traditional container. In this article, we will discuss the types of sensitive assets that apply to image mode for RHEL specifically and how to design appropriate workflows to incorporate secure practices within all phases, from build and deployment to runtime.

1.0.2 Maintenance Release Announcement In case you were wondering why there hasn

Find out how you can track and report on vulnerabilities across a large container registry like Quay.io using Clair, the open source container security tool.

Explore the benefits of hosted control planes, a new deployment model for Red Hat OpenShift Service on AWS based on the HyperShift open source project.

Explore Rust features that can help you write more secure code, along with techniques and tips to help make software more resilient to attacks.

Download this e-book to learn key concepts for building security into your software supply chain, along with best practices for implementation.

Learn the basics of OperatorPolicy, a new kind of resource, and how you can use it to manage Operator Lifecycle Manager resources across a fleet of clusters inside the policy framework.

Learn how Red Hat Insights can synchronize its system tags with external sources, such as Amazon Elastic Compute Cloud (EC2) and Microsoft Azure.

Join Red Hat Developer for the software and tutorials to develop cloud applications using Kubernetes, microservices, serverless and Linux.

Learn about the ComplianceAsCode project for Red Hat OpenShift, which aims to provide security and compliance content for various distributions and products.

Explore the benefits of testing Ansible content within Red Hat OpenShift Dev Spaces.

This article demonstrates how to install Ansible lint and provides examples of how it improves playbook debugging and saves time.

Discover more about Red Hat Trusted Application Pipeline, a secure and easy solution for the DevSecOps outer loop.

This article demonstrates how to install MSSQL using Ansible Vault, an Ansible Automation Platform feature, to protect sensitive information.

Learn how the FORTIFY_SOURCE feature in the GNU C library improves C code security by detecting and preventing buffer overflow, and more.

Learn how to deploy single sign-on as code using GitOps in this demonstration.

Learn about OS command injection attacks and 4 essential best practices to prevent them.

Discover how to improve application and library security at the source with _FORTIFY_SOURCE macro defined to 3 and how it impacts performance.

Valgrind can be used to track file descriptors. Learn how to find file descriptors at various stages of your program and where they were originally opened.

Learn techniques to secure applications and prevent break-ins and data theft.

Discover why the Linux kernel returns an errno code using SystemTap and how to use the whythefail.stp script in this demonstration.

Learn about static application security testing (SAST) and how it improves software security.

Discover key elements of building security into your software development process such as managing access in part 9 of the Node.js reference architecture series.

Online events and regional events held around the world with Red Hat's Developer Advocates.

Service bindings, the kube-service-bindings npm package, and the Red Hat OpenShift UI make it easier to connect securely to a database on Kubernetes.