Operations | Monitoring | ITSM | DevOps | Cloud

The Cybersecurity Maturity Model Certification, or CMMC for short, is a security framework for protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations. The CMMC compliance requirements map to the set of controls laid out in the NIST SP 800-171 Rev 2 and NIST SP 800-172 families.

Explore how Docker and Cloudsmith help secure the software supply chain with SBOMs, signatures, provenance, and hardened images - enabling end-to-end visibility and trust without slowing development.

Pulling Docker images from private registries for containerised applications presents a security challenge. It requires authentication management, network access, and trust across distributed systems. Credentials must be securely handled and rotated, and image pulls can break due to network restrictions or expired tokens. All of this makes deployment and security harder.

One of the more overlooked yet critical vulnerabilities highlighted in the OWASP Top 10 for CI/CD Security Risks is Insufficient PBAC (Pipeline-Based Access Controls). Let’s unpack what PBAC is, why it's essential, and how you can leverage modern access control tools like Open Policy Agent (OPA) and Rego to mitigate these risks effectively.

MinIO is a high-performance, S3-compatible object storage server built for cloud-native applications. It’s open-source, lightweight, and incredibly fast which makes it a solution for developers who need to store and serve unstructured data like images, logs, or backups. Whether you’re building a self-hosted alternative to Amazon S3 or running MinIO as part of a local development pipeline, it fits into modern containerized environments.

Rising power consumption is now a defining issue. Emerging AI models, GPU-accelerated computing, and dense workloads are driving spiraling demand for electricity. While hyperscale data centers continue to expand, even midsize operators feel the strain of supporting power-hungry applications. Simultaneously, sustainability is moving to the forefront. Regulations like the European Union’s Energy Efficiency Directive (EED), U.S.

OpenShift delivers a lot right out of the box. And for many teams running at enterprise scale, it’s exactly what they need. The platform offers a built-in container registry, observability tools, and service mesh support. You also get integrations for GitOps, serverless, and even ML workflows. OpenShift combines powerful orchestration with developer tooling, CI/CD pipelines, and enterprise-grade security. All under one roof.

At Kosli, we believe that governance in software delivery shouldn’t be a bottleneck – it should be an extension of how your teams already work. That’s why we’re excited to introduce custom attestations in Kosli. Here’s the short version: What are custom attestations? They let you record facts about your workflows – with evidence – using controls that actually match your processes. Why does this matter? Because generic attestations can miss the mark.