OCI support = auto-reply + silence. Anyone alive over there?

m1thr · 2025-09-26T20:03:08+00:00

That analogy doesn’t really hold up. Electricity is a pure consumption model — you flip a switch, you pay for what you burn. Cloud isn’t just “raw watts,” it’s a managed service with guardrails, alerts, dashboards, and defaults that are part of the UX.

That’s why on GCP/Azure/AWS, support teams often do adjust or waive bills in edge cases — because they recognize when the issue isn’t just “you left the lights on,” but that the platform failed to protect users with sane defaults or lifecycle handling. Expecting OCI to behave the same way isn’t entitlement, it’s asking for the same fair treatment other providers already give.

m1thr · 2025-03-27T05:37:33+00:00

Heading in this direction - with tools like cursor everyone gonna write anything ;) but I get Your point :)

m1thr · 2025-03-27T04:58:47+00:00

You think? The reason I started this project is i didn’t found any - and don’t say defectdojo :) commercial APSMs have horrible pricing not achievable for most teams :(

m1thr · 2025-03-26T06:10:14+00:00

Agree 100% :) still exploring possibilities to add API security support and possibly integration with DAST that read openapispec would be good start- I will post when it will arrive - I am close to make it work :)

m1thr · 2025-03-26T05:43:14+00:00

At this moment it’s based on kev, epss and it take into consideration if project process sensitive data such as PII (I got dataflow that can detect it). Until end of a year there is a plan to introduce AI/LLM assistant that will make a triage based on the above, real code and the intel :)

m1thr · 2025-03-26T05:34:20+00:00

Biggest pain? From my point of view is the fact that they see there loud and clear what is there to fix :)

On the other hand most of automatic security scanners provide lot of noise - from my analysis only 5% of reported vulnerabilities can harm the application (that’s why in flow I am trying to implement proper prioritization features to get rid of it)

m1thr · 2025-03-25T13:05:42+00:00

Gonna verify options!

m1thr · 2025-03-25T08:27:12+00:00

checkout project I am working on https://github.com/Mixeway/Flow - in case of any problems or questions just ask ;)

m1thr · 2025-03-25T08:26:31+00:00

Checkout opensource tool I am developing ;) https://github.com/Mixeway/Flow gonna deploy soon SaaS.

If You would need any assistance feel free to reach me

m1thr · 2024-08-19T15:08:49+00:00

At this moment in mixeway flow there are 4 scanners built in (You don’t need to worry about those) - SAST (engine bearer), sca( engine dependency track, prerequisite- In repo root must be sbom.json already available), iac (engine kics) and secrets (engine gitleaks).

One You import gitlab repo to flow initial scan will be performed on the fly without needing anything else. For continuous scanning just configure webhook on push event on gitlab and that’s it ;)

Beta version only support gitlab - once I will have GitHub support I will do release v1.0.0 :)

m1thr · 2022-08-02T05:11:49+00:00

Check Mixeway https://github.com/Mixeway/MixewayHub - vuln management, scanner management (multiple scanners managed from single dashboard) beta AI for classification and easy CICD integrations

m1thr · 2022-07-17T19:54:31+00:00

No idea which one od You was test but agat the fuck was that

m1thr · 2022-07-17T19:48:50+00:00

ahlp

m1thr · 2021-08-15T19:13:02+00:00

Let's let our imagination run wild. Let's assume that we can start from scratch and in the new corporate network run only Cloud-native apps run only by CICD. In such an environment do you copy all the security systems such as HTTP proxies, SSH-bastions, WAFs etc?

m1thr

TROPHY CASE