Blog posts

Blogs and News

Find valuable insights, knowledge, and inspiration for your business in our selected articles. Explore practical tips from our team of experts and fuel your company’s growth.

DevSecOps is the New DevOps

A look at transforming to DevSecOps from a technical and cultural perspective, including a deeper look some supply-chain considerations.

By Eugene Davis Fri, Jul 4, 2025

Making TDD Work for You, Part 1: When to Invest and Essential Practices

First part of a series about how to make TDD work for you.

By Houssem El Fekih Tue, Jun 10, 2025

Improve your OPA policies user-based with Gatekeeper

For Open Policy Agent (OPA), most of the policies that are written are based on Kubernetes resources. For example, the deployment of Pods should be avoided with the tag latest. But sometimes it is necessary to write more fine-grained OPA policies based on Kubernetes users, groups or service accounts. Let me give you an example so that the code and explanations can be better understood. Example of a use case Imagine you have a Jenkins job that creates Namespaces for tenants.

By Jose A. Berchez - ControlPlane Wed, May 28, 2025

Beyond Compliance: Strategic Cyber Resilience in Financial Services Under the EU’s CRA

The EU’s Cyber Resilience Act (CRA) isn’t just another regulatory hurdle; it’s a fundamental shift in how we approach digital security.

By Andrew Crawford Thu, May 8, 2025

Back to the Future: Next-Generation Cloud Native Security - A talk by Andrew Martin & Matt Jarvis

In this talk, Andrew Martin and Matt Jarvis explored the history of cloud-native computing, examined the current security landscape, and shared their predictions for the decade ahead.

By Niamh O'Loughlin Thu, May 1, 2025

Kubernetes and the UK

Kubernetes marked its 10th anniversary last year, and the CNCF commemorates a decade of remarkable success this year.

By Niamh O'Loughlin Fri, Apr 11, 2025

ControlPlane at KubeCon EU London ‘25 - Recap

A recap of ControlPlane’s activities at KubeCon EU in London

By Ashley Ward Thu, Apr 10, 2025

Flux D2 Reference Architecture – Gitless GitOps for Secure Multi-Tenancy

Introducing Gitless GitOps and the Flux Operator for secure, scalable multi-tenant Kubernetes environments.

By Niamh O'Loughlin Thu, Apr 3, 2025

ControlPlane is Heading to KubeCon EU '25 London

ControlPlane’s events and CTF at KubeCon EU in London

By Niamh O'Loughlin Tue, Mar 25, 2025

Ephemeral Environments for GitLab Merge Requests with Flux Operator

Flux Operator creates ephemeral environments for GitLab MRs. Each MR gets an automatic, dedicated preview instance for faster validation and iteration.

By Francesco Beltramini, ControlPlane Mon, Mar 17, 2025

See it, Hack It, Sort It: How Open Source Software Protects Our AI Enablers

Key insights on protecting GPU resources in cloud infrastructure, covering threat modeling, attack vectors, and practical security measures using open source tools

By Marcus Tenorio Mon, Feb 24, 2025

What is Continuous Delivery & How Does It Work?

An exploration of what Continuous Delivery is, how it differs from related concepts, and how Flux can help.

By Jack Kelly Wed, Feb 12, 2025

Securing Kubernetes Clusters: Lessons and Best Practices from the Field

Key lessons from ControlPlane’s KubeCon EU 2023 talk, covering Kubernetes threat modelling, attack techniques, and essential security measures to protect clusters.

By ControlPlane Thu, Feb 6, 2025

What is Flux CD

Flux is an open source tool used to keep Kubernetes clusters in sync with configuration artefacts, especially when that configuration needs to change regularly, like when you update your software or a dependent part of your system receives a patch. Flux has been built from the ground up to use native Kubernetes APIs and to integrate with the wider Kubernetes ecosystem tools like Prometheus. It supports multi-tenancy clusters and scales massively with support for syncing multiple Git Repositories or other sources of configuration artefacts.

By Rob Kenefeck Fri, Jan 24, 2025

Celebrating a Year of Commitment to CNCF Flux: Sustainability, Innovation, and Growth

ControlPlane supported CNCF Flux over the past year by enabling ongoing development, innovation, and community engagement.

By ControlPlane Fri, Jan 24, 2025

Streamlining Application Delivery with Flux and the Generic Helm Chart Pattern

Based on the excellent technical article written by Flux Core Maintainer and fellow ControlPlaner Stefan Prodan.

By Francesco Beltramini Wed, Jan 15, 2025

What is GitOps

This is the first in a series of articles about Flux CD, and introduces the foundational knowledge of GitOps. GitOps is a term coined by Weaveworks in 2018. It has been referred to as the best thing since Infrastructure as Code, and has also been referred to as being versioned CI/CD on top of declarative infrastructure. Much like how DevOps broke down the silos between Developers and Operations/Infrastructure Teams, GitOps merges the concerns for application deployment with infrastructure deployment.

By Rob Kenefeck Fri, Dec 13, 2024

Unlocking Delivery Success: Overcoming Framework Limitations in Regulated Environments

ControlPlane pioneers delivery success by blending Agile adaptability with Waterfall structure to overcome regulatory challenges and drive efficiency.

By ControlPlane Agile Team Tue, Dec 10, 2024

Automated Cloud Native Incident Response with Kubernetes and Service Mesh

ControlPlane is a proud member of and long-term contributor to the Fintech Open Source Foundation (FINOS), and almost a third of our firm’s consultants contribute to initiatives like the AI Readiness SIG, Common Cloud Controls, and Compliant Financial Infrastructure.

By Matt Turner & Francesco Beltramini Tue, Nov 19, 2024

Open Source in Finance Forum New York 2024 Recap

By Francesco Beltramini Tue, Nov 12, 2024

The Path to Zero CVEs: Vanquishing Cyber Threats

Addressing Common Vulnerabilities and Exposures (CVEs) is no longer optional—aiming to eliminate them is a critical priority for securing modern systems.

By Andrew Martin and Michael Lieberman Mon, Nov 11, 2024

Enterprise for Flux CD Now Available on AWS Marketplace

Our products and services are now available through our partnership with AWS

By ControlPlane Wed, Nov 6, 2024

ControlPlane at KubeCon NA '24 Salt Lake City

ControlPlane’s events and CTF at KubeCon NA in Salt Lake City

By Niamh O'Loughlin Fri, Nov 1, 2024

The Landscape Podcast: Flux with Core Maintainer Stefan Prodan

Stefan Prodan, core maintainer of Flux, discusses its role in automating Kubernetes with GitOps, enhancing security, and scaling infrastructure management

By Stefan Prodan Tue, Oct 22, 2024

Introducing the Flux Operator - GitOps on Autopilot Mode

Stefan Prodan, core maintainer of the CNCF Flux project, introduces the Flux Operator.

By Stefan Prodan Mon, Oct 14, 2024

ControlPlane Outreach: Exposing At-Risk Students to Careers in Tech

ControlPlane partnered with Spark! to empower at-risk students through workshops that introduced them to tech careers, continuous learning, and future possibilities.

By Maddie Clingan and Yannis Follias Mon, Oct 7, 2024

Future Open Source LLM Killchains! A Talk by Vicente Herrera

In The Security Ai Summit 2024, Principal Consultant Vicente Herrera explores how advanced adversaries could exploit vulnerabilities in the open-source AI ecosystem, particularly in large language models (LLMs), by targeting MLOps infrastructure, with a focus on mitigation strategies to prevent such attacks.

By ControlPlane Team Fri, Oct 4, 2024

FINOS AI Readiness Open Sourced

ControlPlane’s pivotal role in the FINOS AI Governance Framework highlights our commitment to advancing AI readiness in financial services.

By ControlPlane Tue, Oct 1, 2024

Smarter Than Your Average SBOM! A Talk by Matt Jarvis & Andrew Martin

In Kubernetes Community Day UK 2023 Snyk, Director Matt Jarvis and ControlPlane CEO Andrew Martin teamed up and deeply delved into the Software Bill of Materials (SBOMs) world

By ControlPlane Team Mon, Sep 2, 2024

FINOS AI Governance Framework

At the Secure AI Summit earlier this year, ControlPlane’s Torin van den Bulk delivered an eye-opening talk on the ‘Invisible infiltration of AI supply chains by adversarial actors’. This talk examines the importance of securing the data, models, and pipelines involved at each step of an AI supply chain.

By Torin van den Bulk Wed, Aug 14, 2024

ControlPlane at the Bleeding Edge: Ending the Pain of Periods

The ControlPlane Agile team is proudly taking steps toward breaking down awkwardness, stigma, and workplace barriers to menstrual health.

By ControlPlane Agile Team Mon, Aug 12, 2024

I'll Let Myself In: Kubernetes Privilege Escalation Tactics

ControlPlane’s talk at KubeCon Europe 2024 gave attendees an overview of Cloud-Native Penetration Test and privilege escalation tactics to make cloud native systems more secure

By Iain Smart Wed, Jul 24, 2024

The Impact of the Polyfill Supply Chain Attack

How the Polyfill supply chain attack highlights the issues with trust in open source software and what approaches can be taken to mitigate the risk.

By Kevin Ward Mon, Jul 8, 2024

Mastering the Cloud Native Wave: Security Resilience in Modern Systems

ControlPlane’s talk at InfoSec Europe 2024 gave attendees an overview of observations and techniques to make cloud native systems more resilient"

By Rob Kenefeck Fri, Jun 28, 2024

Abusing VSCode: From Malicious Extensions to Stolen Credentials (Part 2)

How malicious VSCode extensions can steal your credentials

By Fabian Kammel & Kevin Ward Wed, Jun 26, 2024

Abusing VSCode: From Malicious Extensions to Stolen Credentials (Part 1)

Attack paths for remotely compromising Visual Studio Code

By Kevin Ward & Fabian Kammel Wed, Jun 26, 2024

Open Source Dynamics in the Era of Licence Innovation

This blog post explores innovative business models for open source projects, focusing on enterprise support and subscription services, and discusses the balance between community contributions and sustainable growth.

By Andrew Martin Tue, May 28, 2024

How to create a Table Top Exercise for Cyber Incident Responders

OpenSSF and ControlPlane created, hosted and ran a tabletop exercise for Incident Responders in the format of a panellist discussion. Let’s have a look behind the scenes and uncover tips and tricks how a security team can carry out a similar exercise.

By Ian Barbour Wed, May 15, 2024

Brewing the Kubernetes Storm Center: Open Source Threat Intelligence for the Cloud Native Ecosystem

James Callaghan, principal consultant at ControlPlane, and Constanze Roedig discuss open source cloud native threat intelligence at KubeCon + CloudNativeCon Europe 2024

By James Callaghan Wed, May 8, 2024

Flux CD Architecture Overview

Stefan Prodan, core maintainer of the CNCF Flux project, provides a comprehensive overview of Flux CD architectures for multi-cluster continuous delivery

By Stefan Prodan Thu, May 2, 2024

Isovalent and ControlPlane's Joint Whitepaper

Engineers, product managers and consultants from both companies explore how Cilium can tackle the challenges of cloud native compliance

By Ollie Cuffley-Hur & Martyn Smith Thu, Apr 25, 2024

The Lowdown on Locked Namespaces

Marco De Benedictis, senior consultant at ControlPlane, discusses how Kubernetes namespaces have grown from an optional feature to a security boundary at KubeCon + CloudNativeCon Europe 2024

By Marco De Benedictis Mon, Apr 15, 2024

Zero Trust Training Courses with the Linux Foundation

ControlPlane has authored two Zero Trust training courses for the Linux Foundation

By ControlPlane Wed, Apr 3, 2024

ControlPlane at KubeCon EU Paris ‘24 - Recap

A recap of ControlPlane’s activities at KubeCon EU in Paris

By Ashley Ward Thu, Mar 28, 2024

The Envoy Gateway End User Threat Model, in collaboration with the Linux Foundation

ControlPlane has collaborated with the Linux Foundation to threat model Envoy Gateway and generate an End User guide

By ControlPlane Wed, Mar 27, 2024

Flux CD: D1 Reference Architecture

ControlPlane’s commitment to supporting the Flux Project continues, providing a model and a guide for multi-cluster, multi-tenant environments

By Andrea Martino Wed, Mar 27, 2024

ControlPlane at KubeCon EU '24 Paris

ControlPlane’s talks and events schedule for KubeCon EU in Paris

By Niamh O'Loughlin Thu, Mar 14, 2024

Container Security Basics at Securi-Tay 2024

ControlPlane’s principal consultant, Iain Smart, talks about Container and Kubernetes Security at Abertay Hackers’ Securi-Tay 2024

By Iain Smart Mon, Mar 4, 2024

NIST Special Publication 800-204D calls for GitOps approaches

Exploring how NIST’s latest publication underscores the necessity of integrating GitOps strategies in software supply chain security within DevSecOps CI/CD pipelines

By Andrew Martin Sun, Mar 3, 2024

Bringing light to risks lurking in the black boxes of AI models

ControlPlane’s principal consultant, Vicente Herrera, talks about AI Security at OpenUK’s “State of Open Con 2024”

By Vicente Herrera Fri, Feb 16, 2024

ControlPlane backs the CNCF Flux Project by Employing Maintainers

ControlPlane’s support for the CNCF Flux project ensures the sustainability and security of critical systems through open source maintenance and innovative enterprise solutions

By Andrew Martin Thu, Feb 15, 2024

ControlPlane and Scott Logic Collaborate on Scottish Government Identity and Payments Systems

Collaborative efforts between ControlPlane and Scott Logic on the Scottish Government identity and payment systems: security architectures, platform integrations, and project assurance

By Andrew Martin Thu, Feb 15, 2024

Tangible Value with ControlPlane Enterprise for Flux CD

ControlPlane Enterprise elevates Flux CD with enhanced security, support, and compliance, catering to diverse needs in Kubernetes deployments

By ControlPlane Mon, Feb 12, 2024

AI Software Development Lifecycle on Kubernetes

AI software’s evolution on Kubernetes: current methodologies, potential future developments, and inherent risks

By ControlPlane Tue, Jan 30, 2024

ControlPlane at OpenSSF and Open Source Summit Japan, 2023

ControlPlane’s journey to Japan and an overview of some of the talks presented

By Jack Kelly Fri, Jan 26, 2024

Navigating Cloud Security and Automation with Eficode

Talking to Eficode about Cloud Native Security Challenges

By Andrew Martin Thu, Jan 18, 2024

Play the 2023 CNCF CTF Scenarios with the Revamped Simulator

The public release of the 2023 CNCF CTF Scenarios is here! In this blog post, we’ll walk you through the revamped simulator and how to get started with the challenges.

By Kevin Ward Fri, Jan 12, 2024

Cloud Native and Kubernetes Security Predictions 2024

A look into the tumultuous waters of cloud and Kubernetes security in 2024

By Andrew Martin Thu, Jan 11, 2024

Andrew Martin on "Nerding Out With Viktor" — Security, Penetration Testing, and Threat Modelling

The inaugral “Nerding Out With Viktor” podcast with ControlPlane CEO, Andrew Martin

By Niamh O'Loughlin Thu, Jan 4, 2024

Unveiling the Future of CI/CD Security: A Deep Dive into Advanced Practices

The “Advanced CI/CD Security” workshop we ran at DevOpsCon 2023 in Munich provided a deep dive into the latest practices shaping the future of cloud security

By Fabian Kammel Mon, Dec 18, 2023

Conference Recap: ControlPlane at KubeCon NA '23 Chicago

Reflecting upon our experience at KubeCon North America 2023

By Jasmine Andine Mon, Nov 27, 2023

ControlPlane at KubeCon NA '23 Chicago

Where to find ControlPlane talks and events at KubeCon North America 2023 in Chicago

By Jasmine Andine Mon, Nov 6, 2023

Take Zero Trust to the Next Level with Confidential Virtual Machines

SPIFFE and confidential computing are two security projects that minimize the level of implicit trust a user needs to place into a computing system. We will show how to combine these approaches to minimize the trust we need to place in public cloud services

By Fabian Kammel Tue, Aug 29, 2023

Blogs and News

We value your privacy