This document lists all the publications and resources that TAG Security has produced.
Publication | Description | Format | Link |
---|---|---|---|
Cloud Native Security Controls Catalog | Mapping of Cloud Native Security Whitepaper and Software Supply Chain Best Practices Paper to NIST SP800-53r5 | Markdown | Link |
Spreadsheet | Link | ||
Cloud Native Security Lexicon | Standardization of terminologies specific to Cloud Native Security | Markdown | Link |
Cloud Native Security Whitepaper | Information about building, distributing, deploying, and running secure cloud native capabilities | Markdown (v2) | Link |
PDF (v2) | Link | ||
Audio (v1) | Link | ||
Translations | |||
Portuguese (v1) | Link | ||
Chinese (v2) | Link | ||
Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security | Guide for assessing and understanding the security of open source software projects | Link | |
Policy | |||
Formal Verification for Policy Configurations | Markdown | Link | |
Handling build-time dependency vulnerabilities | Markdown | Link | |
Secure Defaults: Cloud Native 8 | Markdown | Link | |
Security Assessments | Assessments of several CNCF projects | ||
Buildpacks | Markdown | Link | |
Cloud Custodian | Markdown | Link | |
Harbor | Markdown | Link | |
In-toto | Markdown | Link | |
Keycloak | Markdown | Link | |
Kyverno | Markdown | Link | |
OPA | Markdown | Link | |
Spiffe-Spire | Markdown | Link | |
Supply Chain Security | |||
Software Supply Chain Best Practices v2 | Markdown | Link | |
Software Supply Chain Best Practices | Markdown | Link | |
Link | |||
Evaluating your supply chain security | Markdown | Link | |
Secure Software Factory | Markdown | Link | |
Link | |||
Catalog of Supply Chain Compromises | Markdown | Link | |
Use Cases & Personas | List of use cases to enable secure access, policy control, and safety for users of cloud native technology | Markdown | Link |