Indexing Elastic docs, blogs, etc. into Elasticsearch is simple with the Elastic web crawler, Elastic Crawler. This guide will walk you through the steps to configure the Elastic web crawler to push content from Elastic’s documentation site into your Elasticsearch instance. Note this can be done for other sites as well.

This is a quick getting up and running wth Google Gemini and Cycode’s MCP server. Assumes MacOS.

Both Grype and Trivy are popular software composition analysis (SCA) tools used predominantly to report on CVEs within container images. However, they can be used in other ways. This post will outline how to scan for CVEs (+GHSAs) and output those results to CSV. Both tools support templates as a way to output the scanning results, this is what we’ll leverage to output results to CSV. Assumes MacOS.

Sharing some highlights and notes from CISA’s SBOM-a-rama I virtually attended. Talks categorized into 3 - Governments & Industry, CISA Working Groups, and Discussion

Previously I said threat modelling was a big theme at the conference, but I think embracing failure would be another. Lots of presenters shared their failures and how they learned from them and grew their programs from those lessons learned. This is something I’ve really got behind recently. Another thought I had when people presented especially around solutions was what’s the role of the product/application security team?