DevSecOps automation patterns for enterprise-grade GitHub workflows. Battle-tested GitHub App configurations, secure content distribution, and policy enforcement at scale.https://adaptive-enforcement-lab.com/ https://github.com/adaptive-enforcement-lab/adaptive-enforcement-lab-comen Mon, 08 Jun 2026 01:23:32 -0000 Mon, 08 Jun 2026 01:23:32 -0000 1440 MkDocs RSS plugin - v1.19.0 None https://adaptive-enforcement-lab.com/ Mark Cheret Culture DevOps Security When security stops being the bottleneck. The culture playbook that made security everyone's job (and nobody's blocker). https://adaptive-enforcement-lab.com/blog/2026/01/07/security-team-became-invisible/ Wed, 07 Jan 2026 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2026/01/07/security-team-became-invisible/#__commentshttps://adaptive-enforcement-lab.com/blog/2026/01/07/security-team-became-invisible/ Mark Cheret Kubernetes Reliability Testing When chaos engineering finds the incident before production does. The pod deletion that validated our operational resilience. https://adaptive-enforcement-lab.com/blog/2026/01/06/chaos-proved-we-were-ready/ Tue, 06 Jan 2026 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2026/01/06/chaos-proved-we-were-ready/#__commentshttps://adaptive-enforcement-lab.com/blog/2026/01/06/chaos-proved-we-were-ready/ Mark Cheret Cloud Security GCP Kubernetes When you delete the last JSON key file from production. The Workload Identity migration that eliminated credential leaks forever. https://adaptive-enforcement-lab.com/blog/2026/01/05/last-service-account-key/ Mon, 05 Jan 2026 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2026/01/05/last-service-account-key/#__commentshttps://adaptive-enforcement-lab.com/blog/2026/01/05/last-service-account-key/ Mark Cheret Architecture Kubernetes Security When container escape meets defense in depth. The secure-by-design patterns that contained the breach before it started. https://adaptive-enforcement-lab.com/blog/2026/01/04/architecture-couldnt-be-breached/ Sun, 04 Jan 2026 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2026/01/04/architecture-couldnt-be-breached/#__commentshttps://adaptive-enforcement-lab.com/blog/2026/01/04/architecture-couldnt-be-breached/ Mark Cheret DevOps Risk Management Security When CVSS 9.8 doesn't mean drop everything. The risk framework that taught engineers to think, not panic. https://adaptive-enforcement-lab.com/blog/2026/01/03/cve-that-didnt-matter/ Sat, 03 Jan 2026 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2026/01/03/cve-that-didnt-matter/#__commentshttps://adaptive-enforcement-lab.com/blog/2026/01/03/cve-that-didnt-matter/ Mark Cheret Cloud Security GCP Kubernetes When penetration testers give up after 3 days. The GKE hardening guide that turned a cluster into a fortress. https://adaptive-enforcement-lab.com/blog/2026/01/02/gke-cluster-nobody-could-break/ Fri, 02 Jan 2026 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2026/01/02/gke-cluster-nobody-could-break/#__commentshttps://adaptive-enforcement-lab.com/blog/2026/01/02/gke-cluster-nobody-could-break/ Mark Cheret Incident Response Kubernetes Operations When production breaks at 3am and muscle memory takes over. The incident playbook that turned chaos into checklist. https://adaptive-enforcement-lab.com/blog/2026/01/01/3am-incident-followed-playbook/ Thu, 01 Jan 2026 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2026/01/01/3am-incident-followed-playbook/#__commentshttps://adaptive-enforcement-lab.com/blog/2026/01/01/3am-incident-followed-playbook/ Mark Cheret Automation Kubernetes Policy-as-Code When every team needs pod security policies but nobody wants to write YAML. The template library that turns policy enforcement into fill-in-the-blanks. https://adaptive-enforcement-lab.com/blog/2025/12/31/policy-wrote-itself/ Wed, 31 Dec 2025 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2025/12/31/policy-wrote-itself/#__commentshttps://adaptive-enforcement-lab.com/blog/2025/12/31/policy-wrote-itself/ Mark Cheret Compliance SDLC Security When auditors ask "how do you know?" and you have receipts. The SDLC hardening checklist that turned compliance from panic to process. https://adaptive-enforcement-lab.com/blog/2025/12/30/checklist-passed-audit/ Tue, 30 Dec 2025 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2025/12/30/checklist-passed-audit/#__commentshttps://adaptive-enforcement-lab.com/blog/2025/12/30/checklist-passed-audit/ Mark Cheret DevOps Documentation Patterns Building documentation about zero-downtime migrations while learning the hard way that shortcuts create technical debt. A meta-journey. https://adaptive-enforcement-lab.com/blog/2025/12/29/strangling-your-documentation/ Mon, 29 Dec 2025 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2025/12/29/strangling-your-documentation/#__commentshttps://adaptive-enforcement-lab.com/blog/2025/12/29/strangling-your-documentation/ Mark Cheret Engineering Patterns Go Kubernetes When kubectl isn't enough and shell scripts become unmaintainable. The architecture decisions that make CLIs testable, deployable, and debuggable. https://adaptive-enforcement-lab.com/blog/2025/12/28/cli-replaced-47-shell-scripts/ Sun, 28 Dec 2025 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2025/12/28/cli-replaced-47-shell-scripts/#__commentshttps://adaptive-enforcement-lab.com/blog/2025/12/28/cli-replaced-47-shell-scripts/ Mark Cheret Automation DevSecOps Kubernetes When 5 queued workflows process identical data, you have a waste problem. Pre-execution cleanup eliminated 70% of resource waste in production. https://adaptive-enforcement-lab.com/blog/2025/12/27/queue-deleted-itself-argo-workflows/ Sat, 27 Dec 2025 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2025/12/27/queue-deleted-itself-argo-workflows/#__commentshttps://adaptive-enforcement-lab.com/blog/2025/12/27/queue-deleted-itself-argo-workflows/ Mark Cheret CI/CD Code Quality DevSecOps Components configured. Codecov showed "No report uploaded." Paths looked correct. Glob patterns vs regex syntax. https://adaptive-enforcement-lab.com/blog/2025/12/26/regex-that-fixed-everything/ Fri, 26 Dec 2025 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2025/12/26/regex-that-fixed-everything/#__commentshttps://adaptive-enforcement-lab.com/blog/2025/12/26/regex-that-fixed-everything/ Mark Cheret CI/CD DevSecOps GitHub Actions Codecov worked in CI. Failed in release. Same token, different context. One missing line broke everything. https://adaptive-enforcement-lab.com/blog/2025/12/25/one-line-secrets-inherit/ Thu, 25 Dec 2025 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2025/12/25/one-line-secrets-inherit/#__commentshttps://adaptive-enforcement-lab.com/blog/2025/12/25/one-line-secrets-inherit/ Mark Cheret DevSecOps Kubernetes Performance Argo workflows hitting API limits. 100+ calls per execution. The volume mount pattern that dropped it to zero. https://adaptive-enforcement-lab.com/blog/2025/12/24/configmap-cache-zero-api/ Wed, 24 Dec 2025 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2025/12/24/configmap-cache-zero-api/#__commentshttps://adaptive-enforcement-lab.com/blog/2025/12/24/configmap-cache-zero-api/ Mark Cheret DevSecOps Release Engineering Supply Chain Security SLSA provenance generated successfully. Verification failed. Version tags contradicted security advice. The exception that had to be documented. https://adaptive-enforcement-lab.com/blog/2025/12/23/file-wouldnt-verify/ Tue, 23 Dec 2025 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2025/12/23/file-wouldnt-verify/#__commentshttps://adaptive-enforcement-lab.com/blog/2025/12/23/file-wouldnt-verify/ Mark Cheret DevSecOps Developer Tools Go Security teams love exotic tools. Go offers go test. Boring standard tools caught real vulnerabilities. OpenSSF compliance with zero custom infrastructure. https://adaptive-enforcement-lab.com/blog/2025/12/22/go-boring-security-tooling/ Mon, 22 Dec 2025 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2025/12/22/go-boring-security-tooling/#__commentshttps://adaptive-enforcement-lab.com/blog/2025/12/22/go-boring-security-tooling/ Mark Cheret DevSecOps Quality Assurance Testing Started at 0% coverage. OpenSSF Passing has no requirement. We targeted 95% (above Gold's 90%). Hit a wall at 85%. Refactoring broke through. 99% became the security signal. https://adaptive-enforcement-lab.com/blog/2025/12/21/coverage-as-security-signal/ Sun, 21 Dec 2025 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2025/12/21/coverage-as-security-signal/#__commentshttps://adaptive-enforcement-lab.com/blog/2025/12/21/coverage-as-security-signal/ Mark Cheret DevSecOps Open Source Supply Chain Security 16 Token-Permissions alerts appeared overnight. The workflows looked fine. The problem was invisible. https://adaptive-enforcement-lab.com/blog/2025/12/20/sixteen-alerts-overnight/ Sat, 20 Dec 2025 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2025/12/20/sixteen-alerts-overnight/#__commentshttps://adaptive-enforcement-lab.com/blog/2025/12/20/sixteen-alerts-overnight/ Mark Cheret Go Quality Assurance Testing 85% coverage. Comprehensive tests. Couldn't go higher. The blocker wasn't tests. It was code. https://adaptive-enforcement-lab.com/blog/2025/12/19/wall-at-eighty-five-percent/ Fri, 19 Dec 2025 00:00:00 +0000 Adaptive Enforcement Labhttps://adaptive-enforcement-lab.com/blog/2025/12/19/wall-at-eighty-five-percent/#__commentshttps://adaptive-enforcement-lab.com/blog/2025/12/19/wall-at-eighty-five-percent/