DevSecOps

GitGuardian’s State of Secrets Sprawl 2026 report landed with a jarring finding: 29 million secrets were detected on public GitHub in the past year alone. More alarming — credentials for AI services (OpenAI, Anthropic, Hugging Face, Cohere) surged 81% year-over-year, driven by developers rushing to integrate LLMs without applying the same discipline they’d use for database passwords. And 64% of secrets exposed in 2022 were still valid and unrevoked in 2025. ...

Why This Matters Now The AI frenzy is upon us, with companies racing to integrate machine learning models into their products and services. However, this rush has led to a significant increase in credential mismanagement and secret leaks. Just last month, GitHub experienced a major breach where thousands of repositories were exposed, including sensitive API keys and other credentials. This incident highlighted the critical need for better credential management practices in the age of AI. ...

In today’s fast-paced software development landscape, integrating security into the DevOps workflow is no longer optional—it’s a necessity. DevSecOps, the union of DevOps and security practices, ensures that security is baked into the software development lifecycle (SDLC) from the very beginning. In this article, I’ll walk you through my DevSecOps pipeline, covering the tools, processes, and best practices that help me deliver secure software from code to production. Visual Overview: ...

Visual Overview: graph LR subgraph JWT Token A[Header] --> B[Payload] --> C[Signature] end A --> D["{ alg: RS256, typ: JWT }"] B --> E["{ sub, iss, exp, iat, ... }"] C --> F["HMACSHA256(base64(header) + base64(payload), secret)"] style A fill:#667eea,color:#fff style B fill:#764ba2,color:#fff style C fill:#f093fb,color:#fff Introduction: Why IAM Matters in Kubernetes and OpenShift In the modern DevSecOps era, Identity and Access Management (IAM) is no longer a secondary concern—it is foundational. As container orchestration becomes central to enterprise cloud strategies, the ability to control who can access which resources, and under what conditions, becomes critical. ...

Setting Up a Private Self-Hosted OIDC Provider on AWS for Enhanced Authentication Visual Overview: sequenceDiagram participant User participant App as Client App participant AuthServer as Authorization Server participant Resource as Resource Server User->>App: 1. Click Login App->>AuthServer: 2. Authorization Request AuthServer->>User: 3. Login Page User->>AuthServer: 4. Authenticate AuthServer->>App: 5. Authorization Code App->>AuthServer: 6. Exchange Code for Token AuthServer->>App: 7. Access Token + Refresh Token App->>Resource: 8. API Request with Token Resource->>App: 9. Protected Resource In today’s digital landscape, securing access to cloud resources is paramount. This blog post delves into setting up a private self-hosted OpenID Connect (OIDC) provider on AWS, offering a robust solution for applications requiring secure authentication. Whether you’re managing internal tools, CI/CD pipelines, or IoT devices, this approach provides a scalable and secure authentication mechanism. ...