#general - April 2026 | Slack Archive

Slackbot2 months ago

This message was deleted.

Gabriel Ewekaabout 2 months ago

Hey everyone 👋
That whole Claude Code npm leak last week really got my attention basically one small packaging mistake ended up exposing a huge amount of source code, and attackers started taking advantage of it almost immediately by uploading malicious versions of packages and impersonating internal ones. Pretty crazy how fast that escalated.
It made me realize how many pipelines just build and ship code without really checking if what’s being deployed is safe or verified.
So I’ve been experimenting with a setup in my homelab where I:
• generate a list of everything inside my builds (SBOMs)
• sign my container images using Cosign
• add some basic verification rules using Kyverno so only trusted images can run
I’m also looking into SLSA, but still wrapping my head around that part.
Not sure yet how much this would actually help in a real-world incident like that, but it’s been a really good learning experience so far.
Would love to hear how others are thinking about this or handling it in practice — still learning here 🙏

Gabriel Ewekaabout 2 months ago

basically the goal is simple, make sure every container image that runs in production can answer three questions: what's inside it, who built it, and was it tampered with. If it can't answer all three, it doesn't get in

DEabout 2 months ago

Hello everyone, a problem we are having is that CODEOWNERS protect filenames, example *elasticache* for the dba-team to approve. However, we need to have some sort of codeowners based on TF plans and resources affected. Does Atmos or AtmosPro provide this functionality? (ie. if a plan touches a PRD database, we need dba-team to approve)

Priyanshu Raturiabout 2 months ago

hello

Mauricio Batistaabout 2 months ago

Hi, Any recommendations for getting into Toptal? I'm trying to join the platform—do you think I should start networking daily?

Slackbotabout 1 month ago

This message was deleted.

JSabout 1 month ago

hi guys, somebody knows if is possible learn AWS (how build a IA Landing-Zone) on a Free Tier (Using OpenSearch, BedRock, AppFlow, Amazon Q?) I need learn it, I'm a self-taught student

JSabout 1 month ago

I need to learn in depth EKS too, but I need to practice with new Gateway API on EKS and if I learn with k8s on my local computer, the real problems I can't learn well (production) and AWS is very expensive for me (not a company)

shannon agarwalabout 1 month ago

Hi is the weekly call still happening? I don't see it on my calendar anymore.

shannon agarwalabout 1 month ago

I re-joined, thanks!

shannon agarwalabout 1 month ago

Anyone out there can suggest a reliable open source SAST?