Engineering Blog
From the Runtimekindle engineering and security research team.
Static scanning in CI is table stakes. What happens between the merge and the exploit? The runtime layer is the gap most DevSecOps programs ignore — and the one attackers use.
A detailed walkthrough of how runtime reachability data from eBPF kernel probes maps back to CVE findings in your SBOM — and reduces triage work by 70%+.
The GPL-3.0 problem isn't theoretical — it's in production services right now. How SCA scanning finds copyleft inclusions before your legal team does.
Comparing three admission policy approaches for enforcing cosign attestation in Kubernetes. What each framework trades off, and which fits regulated deployment pipelines.
CVE scanning without layer attribution gives you a list. With it, you get a remediation plan. How Dockerfile layer-level attribution makes patching tractable on 50+ microservices.
An analysis of six documented supply chain attack patterns — build environment poisoning, typosquatted packages, unsigned artifact deployment — and a precise mapping to which SLSA provenance levels would have blocked each one.
How to generate per-service SBOMs in a K8s monorepo without merging everything into one unworkable bill of materials. CycloneDX 1.5 from CI, signed, stored.
Traditional host-based intrusion detection was designed for a world of fixed VMs. This post explains how eBPF kprobes and tracepoints give you the same visibility in ephemeral K8s pods — at kernel speed.
