Writing on DevSecOps, software supply chain security, homelab systems, and open source community building.https://princeasiedu.github.io/https://princeasiedu.github.io/blog/supply-chain-pipeline/https://princeasiedu.github.io/blog/supply-chain-pipeline/How I wired Syft, Grype, Cosign, and local Ollama analysis into a zero-external-dependency CI pipeline for my homelab and product work.Sat, 01 Mar 2025 00:00:00 GMThttps://princeasiedu.github.io/blog/sbom-diffing-syft-grype/https://princeasiedu.github.io/blog/sbom-diffing-syft-grype/A practical workflow for comparing build-to-build SBOM changes so vulnerability review focuses on what actually changed.Mon, 10 Feb 2025 00:00:00 GMThttps://princeasiedu.github.io/blog/netbird-vs-tailscale/https://princeasiedu.github.io/blog/netbird-vs-tailscale/Why I evaluated both approaches for secure remote access, and where self-hosted control becomes worth the extra effort.Wed, 22 Jan 2025 00:00:00 GMThttps://princeasiedu.github.io/blog/cosign-zot-signing/https://princeasiedu.github.io/blog/cosign-zot-signing/A compact pattern for signing images in CI, storing them in Zot, and enforcing verification before promotion.Thu, 12 Dec 2024 00:00:00 GMT