Blog

Essays and field notes from security-focused software engineering work.

Building a self-hosted supply chain security pipeline
Mar 1, 2025

How I wired Syft, Grype, Cosign, and local Ollama analysis into a zero-external-dependency CI pipeline for my homelab and product work.

DevSecOpssupply chainWoodpecker CI

→
Using SBOM diffing with Syft and Grype to catch dependency drift
Feb 10, 2025

A practical workflow for comparing build-to-build SBOM changes so vulnerability review focuses on what actually changed.

SBOMSyftGrype

→
NetBird vs Tailscale for zero-trust networking in a homelab
Jan 22, 2025

Why I evaluated both approaches for secure remote access, and where self-hosted control becomes worth the extra effort.

zero-trust networkinghomelabDevSecOps

→
Signing and verifying OCI artifacts with Cosign and Zot
Dec 12, 2024

A compact pattern for signing images in CI, storing them in Zot, and enforcing verification before promotion.

Cosignartifact signingZot

→