In June 2024, we uncovered a security issue related to the AWS Cloud Development Kit (CDK), an open-source project. This discovery adds to the six other vulnerabilities we discovered within AWS services.  The impact of this issue could, in certain scenarios (outlined in the blog), allow an attacker to gain administrative access to a target AWS account,…

Long time no see, Aqua Nautilus researchers have identified a new campaign in the making by TeamTNT, a notorious hacking group. In this campaign, TeamTNT appears to be returning to its roots while preparing for a large-scale attack on cloud native environments. The group is currently targeting exposed Docker daemons to deploy Sliver malware, a…

Project Description Supply chain security is a rising concern in the current software era. Securing the software supply chain encompasses vulnerability remediation and the implementation of controls throughout the software development process. Due to massive increase in attacks on software supply chain and the diversity of its types, Jenkins X has to make efforts to…

Introduction Before going through Software Bill Of Materials (SBOMs), we need to set the ground for a rising concern in the software industry which is Software Supply Chain Security. Like traditional industries, deploying a piece of a software artifact goes through multiple stages composed of collecting source code components, libraries, tools, and processes used in…

Prerequisite If you don’t understand what is Software Bill of Materials (SBOM), please read this blog post first. Different SBOM formats comparison The National Telecommunications and Information Administration (NTIA) in the U.S. defined minimum requirements for SBOM formats: Identifying the supplier of the software component. Identifying the details about the version of the component. Including…

Prerequisite Before you read this, you have to understand what are SBOMs and what are different formats of SBOMs Different SBOM generation tools comparison If you got this far, you already realize the importance of SBOM generation, and also it should meet certain requirements to achieve its purpose. Due to various requirements depending on what…

Since the dawn of Jenkins X 3 the default last step of reconciling the state of the files in your cluster repository to your cluster has been to execute kubectl apply. You can find more details about this here. There are some drawbacks with kubectl apply though. The one that made me start looking for…

Background A standard part of the Jenkins X pipelines since a long time is the execution of jx changelog create that takes the commit messages between the release currently being created and the previous one and creates a change log from these. The change log is then stored as a release note in GitHub or…

Google has announced that container registry will be shut down some time after March 18, 2025. For GKE clusters created with version 1.12.0 or later of terraform-google-jx it’s unlikely that anything needs to be done, but for older clusters you should upgrade your cluster while considering our advice regarding migration from container registry to artifact…

We are excited to announce that Jenkins X will be participating in Hacktoberfest again this year! Hacktoberfest is a month-long global celebration of open source software. All backgrounds and skill levels are encouraged to participate in Hacktoberfest and join a global community of open source contributors. Learn more about Hacktoberfest and sign up here. Contribute…