#security (2019-02)
Archive: https://archive.sweetops.com/security/
2019-02-11
2019-02-12
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
finally an official fork of bitly oauth2 proxy
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
A reverse proxy that provides authentication with Google, Github or other provider - pusher/oauth2_proxy
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
with fixes for OIDC support
2019-02-13
![zadkiel avatar](https://secure.gravatar.com/avatar/ac34df8afa3827c17e9894bf6b169137.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
It works well!
![zadkiel avatar](https://secure.gravatar.com/avatar/ac34df8afa3827c17e9894bf6b169137.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
the official stable chart has been updated to reflect that: https://github.com/helm/charts/tree/master/stable/oauth2-proxy not sure https://github.com/cloudposse/charts/tree/master/incubator/oauth2-proxy is still needed (it’s out of date)
Curated applications for Kubernetes. Contribute to helm/charts development by creating an account on GitHub.
The “Cloud Posse” Distribution of Kubernetes Applications - cloudposse/charts
![pecigonzalo avatar](https://avatars.slack-edge.com/2020-02-24/954674862595_11f6ff71106151c32655_72.png)
Its a shame that buzzfeed/sso is so poorly documented
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
and doesn’t support OIDC, WebSockets or half the jazz of bitly’s proxy
![pecigonzalo avatar](https://avatars.slack-edge.com/2020-02-24/954674862595_11f6ff71106151c32655_72.png)
There is that as well
![pecigonzalo avatar](https://avatars.slack-edge.com/2020-02-24/954674862595_11f6ff71106151c32655_72.png)
because the idea of splitting the proxy part (so it can be used as sidecar) is really nice
![pecigonzalo avatar](https://avatars.slack-edge.com/2020-02-24/954674862595_11f6ff71106151c32655_72.png)
Im also looking at https://ory.sh but seems so young (oathkeeper)
Implement OAuth 2.0 and OpenID Connect in minutes with open source from ORY. Works in both new and existing systems.
2019-02-14
2019-02-18
![mbarrien avatar](https://secure.gravatar.com/avatar/a99207eb3777b2015dfd857f865b3376.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
I’ve been pretty active in getting http://github.com/pomerium/pomerium up and working, which is a fork of buzzfeed/sso with OIDC support (not my project, but have been contributing to it since I found it).
Pomerium is an identity-aware access proxy. Contribute to pomerium/pomerium development by creating an account on GitHub.
![antonbabenko avatar](https://secure.gravatar.com/avatar/fc9fce3c16a287d672ec5433430f11ca.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0011-72.png)
This is awesome! I’ve been looking for such tool because I don’t want to deal with VPN.
Pomerium is an identity-aware access proxy. Contribute to pomerium/pomerium development by creating an account on GitHub.
![pecigonzalo avatar](https://avatars.slack-edge.com/2020-02-24/954674862595_11f6ff71106151c32655_72.png)
Not sure pomerium is the full picture for zero-trust and no vpn. I particularly miss A) documentation B) where is this covered? “device state.”
2019-02-20
![Maciek Strömich avatar](https://secure.gravatar.com/avatar/98de12365b633b063e208220100d4594.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
2019-02-26
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
2019-02-27
![Maciek Strömich avatar](https://secure.gravatar.com/avatar/98de12365b633b063e208220100d4594.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
![attachment image](https://snyk.io/wp-content/uploads/the-state-op-open-source-4-small.png)
we found that 44% of docker image scans had known vulnerabilities, and for which there were newer and more secure base image available. Most vulnerabilities originate in the base image you selected. For that reason, remediation should focus on base image fixes.
![Maciek Strömich avatar](https://secure.gravatar.com/avatar/98de12365b633b063e208220100d4594.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
![attachment image](https://snyk.io/wp-content/uploads/the-state-op-open-source-2-small.png)
A good number of security vulnerabilities are discovered and fixed in non-official channels. We measured Snyk DB to uncover 67% more vulnerabilities than public databases. In 2018, new disclosures for npm grew by 47%, and Maven Central grew by 27%