Security scanning of your code with Trivy

By Ian Homer - 07 Aug 2025

Security vulnerabilities in your codebase need to be dealt with. Trivy is an open source tool that is straightforward to set up.

Read more

Automate Let's Encrypt certificates with the Caddy web server

By Ian Homer - 16 Jun 2024

I was setting up a small internal network with a few hosted services and I wanted these services to route through virtual hosts so I could start configuring some good semantic host names for each of these services. Naturally, these services also needed to be delivered over https with trusted certificates.

Read more

Under the covers of SOPS for codifying CI/CD and IaC secrets

By Ian Homer - 10 Jun 2024

SOPS (Secrets OPerationS) is a command line tool that encrypts and decrypts files in a way that allows you to codify CI/CD and dev processes that require secrets. In an encrypted form, secrets can be stored in a Git repository, with appropriate access control, in the knowledge that it is hard to decrypt the secrets without the authorisation to decrypt. Codifying of secrets and SOPS tooling, helps make rotation of secrets easier, and hence encourages us to become better at timely rotations, in turn de-risking exposure of historical secrets.

Read more