How do you ensure risky code doesn't make it to production?

Automated guardrails in the dev phase. Anchore's Chadd Owen explains how policy-as-code stops vulnerable content in its tracks so it never advances to the next stage. Dive in: https://anchore.com/blog/anchore-enterprise-and-the-dod-devsecops-reference-design/

#PolicyAsCode #ContainerSecurity

While #DockerExtensions boost developer speed, they can create a “visibility gap” by isolating telemetry. Extensions should act as bridges to centralized platforms!

In this #InfoQ article, Pragya Keshap explains how to use:
🔹 #OpenTelemetry
🔹 #PolicyAsCode
🔹 #Encryption
...to build secure pipelines and balance developer productivity with the governance needed for scalable, compliant observability!

📰 Read now: https://bit.ly/4mUn96h

#DevOps #Docker #Observability #Performance #Monitoring

⚙️ Technical Spotlight: New Session at BSides Luxembourg 2026

☁️💥 𝗖𝗟𝗢𝗨𝗗 𝗠𝗜𝗦𝗖𝗢𝗡𝗙𝗜𝗚𝗨𝗥𝗔𝗧𝗜𝗢𝗡𝗦: 𝗣𝗢𝗞𝗘 𝗣𝗢𝗞𝗘, 𝗕𝗥𝗘𝗔𝗖𝗛 – Kat Fitzgerald ( @rnbwkat ) 🔐☁️

Cloud breaches aren’t going away—they’re evolving.

Forget the classic “public bucket” mistakes. In 2026, real-world breaches are driven by over-privileged identities, risky SaaS integrations, forgotten environments, and insecure defaults in AI and Kubernetes. These aren’t obvious missteps—they’re systemic risks hiding in plain sight.

This talk breaks down the modern hierarchy of cloud misconfigurations based on recent breach data, then shifts the focus from reacting to preventing. Using Policy as Code (PaC), security becomes proactive—blocking risky deployments before they ever reach production.

You’ll also explore the Toxic Trilogy: assets that are publicly exposed, highly privileged, and critically vulnerable. When these overlap, breaches aren’t just possible—they’re predictable.

Kat Fitzgerald ( @rnbwkat )is a Chicago-based cybersecurity professional with a passion for cloud security, OSS, and creative defensive strategies. Known for blending technical depth with a unique personality (and a certain opinionated flamingo), Kat brings real-world insights into modern cloud risks and how to stop them before they start.

📱 Want to easily navigate all talks, villages, and stages?
Check out the official schedule on Hacker Tracker:
https://hackertracker.app/schedule?conf=BSIDESLUX2026

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg2026 #CloudSecurity #Misconfiguration #Kubernetes #PolicyAsCode #DevSecOps #CyberSecurity

CEL-expr-python – the Common Expression Language (CEL) in #Python is now #opensource!

CEL is a non-Turing complete embedded policy and expression language built for simplicity, speed, safety, and portability.

Learn more on #InfoQ ⇨ https://bit.ly/3NQL4pU

#SoftwareDevelopment #Google #PolicyAsCode

#Cedar - an #opensource authorisation policy language and SDK - has officially joined the Cloud Native Computing Foundation (#CNCF) as a Sandbox project!

It aims to provide a vendor-neutral standard for defining and enforcing fine-grained permissions in modern applications.

Details here 👉 https://bit.ly/3LMktJP

#DevOps #PolicyAsCode #SoftwareSecurity #Governance #InfoQ

Giới thiệu dự án mã nguồn mở Endpoint State Policy (ESP), một giải pháp "Policy as Code" giúp quản lý và thực thi chính sách endpoint một cách tự động.

#opensource #policyascode #DevOps #security #mãnguồnmở #bảomật

https://www.reddit.com/r/opensource/comments/1q005zf/endpoint_state_policy_esp_policy_as_code/

🚀 NEW on We ❤️ Open Source 🚀

Electric sheep need defenders. 🐑🔐 Brett Smith explores how SLSA helps secure the software supply chain, translating EO 14028 into a roadmap for resilient pipelines.

Read the article: https://allthingsopen.org/articles/supply-chain-robots-slsa-security

#WeLoveOpenSource #SLSA #FOSS #Cybersecurity #DevSecOps #PolicyAsCode

Zero CVEs ≠ Zero Risk.

Misconfigurations & leaked secrets can take down an image faster than any exploit.

Anchore helps teams catch both.

By @JoshSopuru → https://anchore.com/blog/beyond-the-cve-deep-container-analysis-with-anchore/

#SBOM #ContainerSecurity #PolicyAsCode #SoftwareSupplyChain

Policy failure—not zero-days—is the real weak link.

Anchore enforces what "secure" means before bad configs & secrets ever ship.

Read @JoshSopuru's Beyond the CVE: https://anchore.com/blog/beyond-the-cve-deep-container-analysis-with-anchore/

#SBOM #ContainerSecurity #PolicyAsCode #SoftwareSupplyChain