Infra Magician Logo
harshit.cloud Senior SRE
Back to tags

#supply-chain

every dependency you didn't write, audit, or notice — until one of them notices you.

3 blog posts.

Blog posts

Lazy SRE's guide to secure systems, part 3: the unsexy list
Identity, network, default creds, attestation, audit logs — the controls that close most of the gap Parts 1 and 2 left.
Lazy SRE's guide to secure systems, part 2: the actions you didn't pin
Hardening GitHub Actions for small teams. SHA pinning, OIDC, cooldowns, and the trigger Future You at 3am should not touch.
Lazy SRE's guide to secure systems, part 1: the dependencies you didn't read
Startup-grade defense against npm supply-chain attacks, for Future You at 3am. Chainjacking, postinstall scripts, smallest install, most leverage.

Related tags

#ai#ai-gateway#ai-tooling#akamai#anime#audit-logs#automation#aws
#supply-chain