Benchmarking is the process of evaluating the performance of a database system by comparing it to industry standards or other systems. It is an important step in understanding the strengths and weaknesses of a database and identifying areas for improvement. …

Use Trivy tool to scan containers for vulnerabilities in GitHub Actions A simple CI/CD pipeline You’ve learned about CI/CD systems using GitLab and Jenkins. Both are good systems, but they also have different features and use cases. We will look into another CI/CD system named GitHub Actions that debuted on 13 November 2019. …

AWS Config custom rules can be used for a wide variety of scenarios when AWS-managed rules don’t fit your use case. Custom rules rely on an AWS Lambda function to evaluate resource configuration. You will be exposed to how to create a custom rule using pre-written code for a Lambda…

ECS Exec in action via the AWS CDK workflow with Your Container You can communicate with containers directly via Amazon ECS Exec without having to handle SSH keys, open incoming ports, or communicate with the host container operating system. To perform commands in or access a shell for a container running on an Amazon EC2 instance or on an AWS Fargate, utilize…

Snapshots are used for data migration between clusters or for cluster recovery. Snapshots must be manually started. Standard S3 fees apply and these snapshots are kept in your own Amazon S3 bucket. You could transfer to an OpenSearch Service domain using a snapshot from a self-managed OpenSearch cluster. In the…

Trivy is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and language-specific packages (Bundler, Composer, npm, yarn, etc.). In addition, Trivy scans Infrastructure as Code (IaC) files…

Before I begin, I’d want to express my gratitude to Aditya Nama, without whom I would not have been able to write this blog. You could read his articles here or follow him on Twitter This tutorial introduces the basics of Vega. We’ll look at a bar chart and deconstruct…

Qualys researchers discovered CVE-2021–4034 (called “pwnkit”) and announced it in January 2022; the technical security advice for this issue can be read here. Since its initial release in 2009, the “Policy Toolkit” (or Polkit) package has had a vulnerability that allows any unprivileged attacker to gain full administrative access to…

What is a Vulnerability Scan? A computer system consists of many dynamic processes, their libraries, auxiliary files, and configuration data. From time to time (and in most cases in practice), software creation, installation, or configuration methods make your system vulnerable to attack. An EC2 instance or ECR repository on AWS (or any other cloud platform)…