by Ned Dickert | Apr 20, 2026 | Uncategorized
One Policy, Multiple Clouds: Avoiding Security Drift in Federal Multi-Cloud Deployments When an agency spans AWS GovCloud and Azure Government, bespoke IaC for each provider isn’t a strategy, it’s a liability waiting to surface in an audit. The Problem with...
by Ned Dickert | Apr 13, 2026 | Uncategorized
SBOMs: From “Audit Requirement” to “Actionable Data” A few years ago, the conversation was “What is an SBOM?” Now it’s “What do I do with 500 JSON files?” If you’re in GovCon, you’ve likely already crossed the compliance finish line: SBOMs are...
by Ned Dickert | Apr 6, 2026 | Uncategorized
The Benefit of Integrating GitLab and Anchore Modern CI/CD is not just about shipping your code faster, it’s about shipping secure and safe code efficiently and effectively to your customers. That’s where a GitLab + Anchore integration is a strong DevSecOps...
by Ned Dickert | Mar 30, 2026 | Uncategorized
Why A 9.8 CVSS Score May Not Matter: Reducing Risks And Unnecessary Alerts Using JFrog Xray and GitLab’s Dependency Scanning The loudest complaint in DevSecOps right now is not a lack of security data. It is too much of it. Teams are flooded with “Critical” and “High”...
by Ned Dickert | Mar 24, 2026 | Uncategorized
Beyond Distroless: Automating the Lifecycle of Hardened Base Images in High-Compliance Environments Minimal and distroless images solved one problem in cloud security: they strip out shells, package managers, and extra libraries, which reduces attack surface and...
