📰 Dev.to · Gerardo Castro Arica
Articles from Dev.to · Gerardo Castro Arica · 7 articles · Updated every 3 hours · View all reads
All
⚡ AI Lessons (10333)
ArXiv cs.AIDev.to · FORUM WEBDev.to AIForbes InnovationOpenAI NewsHugging Face Blog
Dev.to · Gerardo Castro Arica
2w ago
Mutable tags. 10,000 pipelines. One credential. — What the Trivy attack taught me about implicit trust
A few days ago I was designing a GitHub Actions pipeline with security scanning tools. Choosing what...
Dev.to · Gerardo Castro Arica
2w ago
I automated an AWS Security Maturity Model recommendation across 40 accounts — design decisions included
The AWS Security Maturity Model has a recommendation in Phase 1 — Quick Wins that seems trivial:...
Dev.to · Gerardo Castro Arica
2w ago
My manager asked if it could run itself. Here's how I automated iam-audit with Fargate, EventBridge and Terraform (Part 3)
A few weeks ago my manager asked me a question that seemed simple: "Can it be scheduled to arrive on...
Dev.to · Gerardo Castro Arica
3w ago
OpenClaw on AWS Lightsail — Threat Model Alignment: OWASP, MITRE ATLAS, and the Gap No Framework Anticipated (Part 3)
Part 3 of the series: In Part 1 we audited the initial OpenClaw setup on AWS Lightsail — outdated...
Dev.to · Gerardo Castro Arica
1mo ago
I Kept Auditing OpenClaw on AWS Lightsail: 53 Default Skills, No Channel Access Controls, Deletable Logs (Part 2)
Part 2 of a series: In Part 1 we audited the initial OpenClaw setup on AWS Lightsail — outdated...
Dev.to · Gerardo Castro Arica
1mo ago
The script worked. The CISO needed something else. iam-audit v2: interactive dashboard, root account detection and Docker.
From raw CSVs to a visual dashboard anyone can run with a single Docker command — and how each...
Dev.to · Gerardo Castro Arica
1mo ago
A 2018 Access Key. Still Active in Production. Here's the Python Script That Found It Across an Entire AWS Organization.
A few weeks ago I sat down to review the IAM state of a multi-account AWS Organization. It wasn't a...
DeepCamp AI