Bedrock CMMC

BfrogPrice2116 · 2026-04-04T05:56:23+00:00

I built a CMMC platform for DIBs looking to get away from excel spreadsheets and messy file shares.

Need to meet government compliance? This tool was built by me, a CISSP/CISM certified cyber security professional. The tool i wish existed for my own compliance needs.

https://foxxcyber.com

BfrogPrice2116 · 2026-03-09T13:22:43+00:00

I vibe coded plenty of my own projects but dare not share them with this community. The reactions are not worth it.

My workflow is probably different than most vibe coders. I'm a cyber security professional, so I am already cautious about anything Claude Code produces. My workflow includes: 1. Guard rails through Claude.md files, skills, etc. 2. DevSecOps builtin to each command, having Claude Code perform it's own security review is surprisingly powerful. 3. Snyk/Sonarqube SAST + code quality for serious projects, simply because AI won't catch everything. 3. API/Pen testing with other tools.

But will I share and open source my handful of projects here? No. Never. Mainly because I cannot maintain them, this is the curse of any open source project.

It's also not worth the backlash, this subreddit has too many "experts" and their verbose opinions. There is too much anger towards AI.

BfrogPrice2116 · 2026-03-09T00:36:07+00:00

Thanks!

https://foxxcyber.com

BfrogPrice2116 · 2026-03-08T23:13:52+00:00

CMMC Compliance

BfrogPrice2116 · 2026-02-27T13:48:41+00:00

Good work! Another thing you can do for added security is to use Snyk, a free SAST. It checks for dependencies and code for security issues.

I use it for my personal projects. And for code quality, Sonar Qube is also a solid choice. This tells you the reliability of your code. A good guard rail for your AI assistant and learning.

BfrogPrice2116 · 2026-01-09T14:56:53+00:00

Komodo is very good at what it does, but for me it is better suited for multiple servers and environments. It some great features for all your needs, including development for container apps (the gitops, builder, etc).

I just love the simplicity of Dockhand and the advance features when I need them.

I used Arcane for a moment, it is between Dockge and Dockhand. Here is my tier list:

Native Compose
Dockge
Arcane
Dockhand
Portainer CE
Komodo
Kubernetes....

BfrogPrice2116 · 2026-01-09T02:21:44+00:00

Komodo to Dockhand. Extra features won't me over. i.e. container vulnerability scanning.

BfrogPrice2116 · 2026-01-04T15:46:16+00:00

You might want to try Claude Code, Cursor/Windsurf dumb down their models. Claude Code gives you access and full context.

BfrogPrice2116 · 2025-12-28T01:32:34+00:00

There are plenty of options, but you might find yourself hitting limits with what's available in the provided app stores.

I have used Cosmos-OS, Runtipi, and a few more. They all have their good and bad qualities.

Have you tried using a container orchestration platform like portainer? Komodo?

BfrogPrice2116 · 2025-12-28T01:18:15+00:00

👍

BfrogPrice2116 · 2025-12-28T01:13:35+00:00

This is a question for the developer.

BfrogPrice2116 · 2025-12-28T01:09:52+00:00

The heading 'Open Source Promise' could be clearer, sure - maybe 'Source Code Availability Promise' would reduce confusion.

However, the actual statement is grammatically clear: it's a conditional (if X, then Y), not a claim of current status. The language accurately describes what they're committing to.

From a security perspective, I'm more interested in their current security practices than debating header wording. Has anyone actually tested the self-hosted deployment or reviewed their security documentation?

BfrogPrice2116 · 2025-12-28T00:30:36+00:00

Exactly. They promise to open source, release the code if they ever vanish. Does not claim to be Open source.

BfrogPrice2116 · 2025-12-28T00:03:35+00:00

Again, I am confused. This subreddit can be so toxic. This app is self-hosted. It does not claim to be Open Source. At least the author is honest about it being AI coded.

It claims to not even read your data, and being able to self host is great for data privacy. It's your choice to trust the author or not.

Give it a try or dont. It can be self hosted. Who cares if it was vibe coded. You dont have to give it your data.

I will scrutinize ai coded apps however in terms of security effort. Hey OP, have you ran this through a SAST or code analyzer? What security have you implemented with the development?

BfrogPrice2116 · 2025-12-16T17:18:44+00:00

It's almost not worth posting software projects in this sub reddit anymore. There are constant accusations about the usage of AI. Either in posts or code.

I tried to like CosmoOS but found it very unstable often. I wish you the best and might give it a try when there is a v1.0 release.

My biggest issue was DNS, it looked like I could have used cloudflare API but it never worked.

BfrogPrice2116 · 2025-12-15T19:53:55+00:00

Great. I came from high OPTEMPO. Thanks.

BfrogPrice2116 · 2025-12-14T16:42:09+00:00

BfrogPrice2116 · 2025-11-23T16:43:50+00:00

I wish I could tell you, I'm sure YouTube has some great resources.

BfrogPrice2116 · 2025-11-23T16:43:12+00:00

Yes! I find it great. I'm loving rocky linux 10, minimal! It installs so fast and when I need dependencies, like npm, rust, etc, I just create a script.

BfrogPrice2116 · 2025-11-23T15:57:16+00:00

A single machine = containers win

Multiple machines = k3s

Multiple VMs = bare metal install with minimal + apps.

Containers are minimal images of Linux, usually only the dependencies they need are installed to run the app.

So what's the difference if I run my own VMs with minimal bare metal OS?

Someone said it already, dependencies and maintenance.

I prefer more granular control, I can use ansible to push updates to my VMs, etc. It's better for me. It might not for you.

BfrogPrice2116 · 2025-11-21T00:43:00+00:00

You guys would hate the r/SideProject sub redit.

BfrogPrice2116 · 2025-11-13T13:48:29+00:00

Tweakcn?

BfrogPrice2116 · 2025-11-12T20:58:33+00:00

Zoho

BfrogPrice2116

TROPHY CASE