DevSecOps on SETE /tags/devsecops/ Recent content in DevSecOps on SETE Hugo de Wed, 22 Oct 2025 00:00:00 +0000 0 Vulnerabilities - Think twice about it /posts/0-vulnerabilities-think-twice/ Wed, 22 Oct 2025 00:00:00 +0000 /posts/0-vulnerabilities-think-twice/ <p><img src="/linkedin/0-vulnerabilities/1761148970190.png" alt="0 vulnerabilities"></p> <blockquote> <p>Originally published on <a href="https://www.linkedin.com/pulse/0-vulnerabilities-think-twice-gerhard-sulzberger-9my8f" class="external-link" target="_blank" rel="noopener">LinkedIn</a> on 2025-10-22.</p> </blockquote> <p>Vulnerability scans can be tricky and there are different strategies. It starts already at the datasets provided by the different OS and how they are implemented from the scan tools. For example Alpine. A lot Engineers think it is secure because 0 vulnerabilities shown at scans with tools like trivy.</p> <p>But there is <a href="http://security.alpinelinux.org" class="external-link" target="_blank" rel="noopener">security.alpinelinux.org</a> and information about potential CVEs within Alpine packages.</p> <p>And Alpine provides also information about CVEs which are already fixed within the <a href="http://secdb.alpinelinux.org" class="external-link" target="_blank" rel="noopener">secdb.alpinelinux.org</a> service.</p> vault snap to S3 in kubernetes /posts/vault-snap-to-s3-in-kubernetes/ Wed, 24 May 2023 00:00:00 +0000 /posts/vault-snap-to-s3-in-kubernetes/ <blockquote> <p><em>Originally published on <a href="https://www.linkedin.com/pulse/vault-snap-s3-kubernetes-gerhard-sulzberger" class="external-link" target="_blank" rel="noopener">LinkedIn</a> on 2023-05-24.</em></p> </blockquote> <h2 id="hashicorp-vault"> Hashicorp Vault <a class="heading-link" href="#hashicorp-vault"> <i class="fa-solid fa-link" aria-hidden="true" title="Link zu Überschrift"></i> <span class="sr-only">Link zu Überschrift</span> </a> </h2> <p>In vault-enterprise there would be an integrated solution to upload backups to S3 compatible storages. In the Open Source version of Vault this feature is missing, so I had to create some solution for this.</p> <p>Most times I use the integrated raft storage inside the vault cluster in kubernetes. Data of this StatefulSet is stored in PersistentVolumeClaims. (Where I also patched the default persistentVolumeReclaimPolicy to Retain the deletion of the StatefulSet, but that&rsquo;s a different story)</p>