TAG Security Publications

This document lists all the publications and resources that TAG Security has produced.

PublicationDescriptionFormatLink
Cloud Native Security Controls CatalogMapping of Cloud Native Security Whitepaper and Software Supply Chain Best Practices Paper to NIST SP800-53r5MarkdownLink
SpreadsheetLink
Cloud Native Security LexiconStandardization of terminologies specific to Cloud Native SecurityMarkdownLink
Cloud Native Security WhitepaperInformation about building, distributing, deploying, and running secure cloud native capabilitiesMarkdown (v2)Link
PDF (v2)Link
Audio (v1)Link
Translations
Portuguese (v1)Link
Chinese (v2)Link
Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source SecurityGuide for assessing and understanding the security of open source software projectsPDFLink
Policy
Formal Verification for Policy ConfigurationsMarkdownLink
Handling build-time dependency vulnerabilitiesMarkdownLink
Secure Defaults: Cloud Native 8MarkdownLink
Security AssessmentsAssessments of several CNCF projects
BuildpacksMarkdownLink
Cloud CustodianMarkdownLink
HarborMarkdownLink
In-totoMarkdownLink
KeycloakMarkdownLink
KyvernoMarkdownLink
OPAMarkdownLink
Spiffe-SpireMarkdownLink
Supply Chain Security
Software Supply Chain Best Practices v2MarkdownLink
Software Supply Chain Best PracticesMarkdownLink
PDFLink
Evaluating your supply chain securityMarkdownLink
Secure Software FactoryMarkdownLink
PDFLink
Catalog of Supply Chain CompromisesMarkdownLink
Use Cases & PersonasList of use cases to enable secure access, policy control, and safety for users of cloud native technologyMarkdownLink