Publications
This document lists all the publications and resources that TAG Security has produced.
| Publication | Description | Format | Link |
|---|---|---|---|
| Cloud Native Security Controls Catalog | Mapping of Cloud Native Security Whitepaper and Software Supply Chain Best Practices Paper to NIST SP800-53r5 | Markdown | Link |
| Spreadsheet | Link | ||
| Cloud Native Security Lexicon | Standardization of terminologies specific to Cloud Native Security | Markdown | Link |
| Cloud Native Security Whitepaper | Information about building, distributing, deploying, and running secure cloud native capabilities | Markdown (v2) | Link |
| PDF (v2) | Link | ||
| Audio (v1) | Link | ||
| Translations | |||
| Portuguese (v1) | Link | ||
| Chinese (v2) | Link | ||
| Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security | Guide for assessing and understanding the security of open source software projects | Link | |
| Policy | |||
| Formal Verification for Policy Configurations | Markdown | Link | |
| Handling build-time dependency vulnerabilities | Markdown | Link | |
| Secure Defaults: Cloud Native 8 | Markdown | Link | |
| Security Assessments | Assessments of several CNCF projects | ||
| Buildpacks | Markdown | Link | |
| Cloud Custodian | Markdown | Link | |
| Harbor | Markdown | Link | |
| In-toto | Markdown | Link | |
| Keycloak | Markdown | Link | |
| Kyverno | Markdown | Link | |
| OPA | Markdown | Link | |
| Spiffe-Spire | Markdown | Link | |
| Supply Chain Security | |||
| Software Supply Chain Best Practices v2 | Markdown | Link | |
| Link | |||
| Software Supply Chain Best Practices | Markdown | Link | |
| Link | |||
| Evaluating your supply chain security | Markdown | Link | |
| Secure Software Factory | Markdown | Link | |
| Link | |||
| Catalog of Supply Chain Compromises | Markdown | Link | |
| Use Cases & Personas | List of use cases to enable secure access, policy control, and safety for users of cloud native technology | Markdown | Link |