@taleodor profile picture
Pavel Shukhman @taleodor

🇨🇦 DevSecOps expert, building ReARM #SBOM repository at @relizaio, github.com/relizaio/rearm, TEA Contributor, MCS from UIUC

Joined August 2010
  • Tweets 640
  • Following 1,355
  • Followers 1,293
27 Photos and videos
Pinned Tweet
Pavel Shukhman@taleodor
8 Apr 2021
Working (never expires) join link for our community DevOps and DataOps Discord Server: discord.gg/UTxjBf9juQ

2
1
13
Running an AI agent 🤖 fully autonomously — and not worrying about it. I recorded a demo of how ReARM makes that possible. youtube.com/watch?v=kzMzQK51… #DevSecOps #SoftwareSupplyChain #AIagents #SBOM #SupplyChainSecurity

ReARM - Governing AI Coding Agents Demo: Sessions, Signed Commits &...

In this demo Pavel Shukhman hands a single prompt to an AI coding a...

youtube.com
1
1
54
Pavel Shukhman retweeted
reliza.io@relizaio
Jun 1
🤖 AI agents are writing your code — can you tell which commits are theirs & govern what they ship? 🛡️ ReARM 26.06.5: agentic coding guardrails. Human-vs-agent commit signing policies that block at session/PR/release. 👉 rearmhq.com/news/2026-06-01-… #AIAgents #DevSecOps #DevOps

ReARM 26.06.5: Agentic Coding Guardrails and DevOps - ReARM by Reliza

We're announcing a major release of ReARM v26.06.5https://github.com/relizaio/rearm/releases/tag/26.06.5. Detailed information is available on its release v...

rearmhq.com
1
3
63
Pavel Shukhman retweeted
reliza.io@relizaio
May 19
🚀 ReARM 26.05.108 is out! A focused follow-up to last week's major 26.05.90 release. What's in it: 🔹 Programmatic VEX import 🔹 Memory optimizations 🔹 ReARM CE docker-compose fixes rearmhq.com/news/2026-05-19-… #SupplyChainSecurity #VEX #SBOM #DevSecOps #ReARM

ReARM 26.05.108: Programmatic VEX Import, Memory Optimizations, and CE Compose Fixes - ReARM by...

We're announcing a follow-up release of ReARM v26.05.108https://github.com/relizaio/rearm/releases/tag/26.05.108, building on the major 26.05.90 release/new...

rearmhq.com
1
1
70
Pavel Shukhman retweeted
reliza.io@relizaio
May 13
🚀 ReARM 26.05.90 is out. One of our biggest releases yet! 🔀 Pull Requests as a first-class entity 🔁 VEX export & import 👉 Release news: rearmhq.com/news/2026-05-13-… #ReARM #SBOM #VEX #SupplyChainSecurity #DevSecOps #ReleaseGovernance

ReARM 26.05.90: Pull Requests as a First-Class Entity, VEX Export and Import, and Faster Component...

We're excited to announce a major release of ReARM v26.05.90https://github.com/relizaio/rearm/releases/tag/26.05.90. Detailed information is available on it...

rearmhq.com
1
1
91
Pavel Shukhman retweeted
reliza.io@relizaio
May 6
The #Agentic Era is here! 🤖 🤖 🤖 Pavel Shukhman pitching ReARM at #Cybersecurity & Identity Summit Ottawa 2026 youtube.com/watch?v=e1kZY9qs…

1
1
1
30
Pavel Shukhman retweeted
reliza.io@relizaio
Apr 20
New ReARM release: 26.04.90 🎉 Visual CEL policy builder · TEA 0.4.0 with per-release CLE · Download Audit Logs · Branch Suffix Mode · Reverse Feature Set Lookup · Most Recent Releases widget. Read news release 👇 rearmhq.com/news/2026-04-20-…

ReARM 26.04.90: Visual CEL Builder, Reverse Feature Set Lookup and TEA 0.4.0 - ReARM by Reliza

We're excited to announce a major release of ReARM v26.04.90https://github.com/relizaio/rearm/releases/tag/26.04.90. Detailed information is available on it...

rearmhq.com
1
1
54
Shared my thoughts on #QA and #CyberSecurity in the #AI era at OnPod podcast youtube.com/watch?v=4K2p7eXA…
2
38
Pavel Shukhman retweeted
CycloneDX SBOM Spec (OWASP)@CycloneDX_Spec
Apr 14
Today, we're launching CycloneDX Assessors Studio (alpha). Built for maturity tracking, compliance audits, and supply chain vendor trust. Turn compliance checklists into verifiable attestations. #CycloneDX #OWASP #Compliance #GRC #OpenSource assessors.studio/

CycloneDX Assessors Studio

Operationalize CycloneDX Attestations. Perform structured assessments, gather verifiable evidence, and issue machine-readable attestations.

assessors.studio
3
8
201
It is no longer possible to apply a human-scale control model to an agent-scale development world. I put together my thoughts on the principles of release management in the #agentic era - medium.com/@taleodor/release…

Release Management in the Agentic Era

Six years ago I wrote a blog post titled “Take The Fear Out Of Git Push”. The main idea was that developers should be able to write…

medium.com
1
2
22
Time to Start Treating Dev Machines as Untrusted #CyberSecurity #SupplyChainSecurity #YubiKey worklifenotes.com/2026/03/31…

Time to Start Treating Dev Machines as Untrusted - Work & Life Notes

Shai-Hulud, Shai-Hulud 2.0, Trivy, LiteLLM, and now Axios, and many smaller compromises bring us to the realization that existing supply chains are highly

worklifenotes.com
1
1
27
Pavel Shukhman retweeted
reliza.io@relizaio
Mar 30
🚨 🚨 🚨 Following the recent Trivy and LiteLLM compromises, it has become clear that we still lack a good way to protect our CI/CD layer 🧨 rearmhq.com/blog/2026-03-29-… #SupplyChainSecurity #CICD #CyberSecurity

Using Evidence Platform as CI/CD Security Layer - ReARM by Reliza

Following the recent Trivy and LiteLLM compromises, it has become clear that we still lack a good way to protect our CI/CD layer, specifically GitHub Action...

rearmhq.com
1
2
69
Pavel Shukhman retweeted
reliza.io@relizaio
Mar 23
🚀 🚀 🚀 ReARM's latest release, 26.03.124, has just landed with support for Historical #VDR Snapshots! Audits are now even more straightforward, with clear visualization of the information available at the time each decision was made. rearmhq.com/news/2026-03-23-…

ReARM 26.03.124: Historical VDR Snapshots - ReARM by Reliza

We're excited to announce a major release of ReARM v26.03.124https://github.com/relizaio/rearm/releases/tag/26.03.124. Detailed information is available on ...

rearmhq.com
1
1
32
Pavel Shukhman retweeted
reliza.io@relizaio
Mar 11
We're excited to announce that ReARM 26.03.59 is now available! More details in our news release: rearmhq.com/news/2026-03-11-… #SBOM #CyberSecurity #Compliance

ReARM 26.03.59: More CycloneDX Usage in APIs and Better BEAR Enrichment - ReARM by Reliza

We're excited to announce a major release of ReARM v26.03.59https://github.com/relizaio/rearm/releases/tag/26.03.59. Detailed information is available on it...

rearmhq.com
1
1
41
Pavel Shukhman retweeted
CycloneDX SBOM Spec (OWASP)@CycloneDX_Spec
Mar 3
The Authoritative Guide to AI/ML-BOM from CycloneDX just dropped. Full transparency into your ML supply chain: security, compliance, data lineage, reproducibility. AI regulations are here. Be ready. #AI #AIBOM #SBOM #OWASP #CycloneDX cyclonedx.org/guides/

Guides and Resources | CycloneDX

Unlock valuable insights and practical guidance to help your organization maximize CycloneDX and reduce supply chain risk.

cyclonedx.org
3
6
170
Pavel Shukhman retweeted
reliza.io@relizaio
Feb 26
🚀 We're happy to announce that our latest ReARM release now provides enterprise-grade RBAC capabilities rearmhq.com/news/2026-02-25-… #CyberSecurity #sbom

ReARM 26.02.89: RBAC, Most Vulnerable Components and SBOM Exclusions - ReARM by Reliza

We're excited to announce a major release of ReARM Pro v26.02.89 and ReARM CE v26.02.51https://github.com/relizaio/rearm/releases/tag/26.02.51. This releas...

rearmhq.com
1
1
41
Put down some thoughts on how a perfect vulnerability management system should look like in general, and what we're doing with ReARM in particular worklifenotes.com/2026/02/09… #VulnerabilityManagement #CyberSecurity #ReARM

Towards Perfect Vulnerability Management System - Work & Life Notes

Here I would like to summarize my thoughts on what constitutes a perfect vulnerability management system, what frequently gets missed, and what elements we

worklifenotes.com
1
2
28
Pavel Shukhman retweeted
reliza.io@relizaio
Feb 2
New major version of ReARM just landed - now with VDR export support - rearmhq.com/blog/2026-02-02-… #SBOM #CyberSecurity #SupplyChainSecurity

ReARM 26.01.173: VDR Export, Finding Changelogs, and More - ReARM by Reliza

We're excited to announce a major release of ReARM Pro v26.01.173 and ReARM CE v26.01.129https://github.com/relizaio/rearm/releases/tag/26.01.129. This rel...

rearmhq.com
1
1
27
Pavel Shukhman retweeted
reliza.io@relizaio
Jan 20
Were you ever wondering how to know if a particular CVE made it to your supply chain? You can now find the answer in seconds using ReARM - youtube.com/watch?v=cAmqgIu6… #CyberSecurity #cve #security #SupplyChainSecurity

How to Search Releases by Security Findings using ReARM

Were you ever wondering how to know if a particular CVE made it to ...

youtube.com
1
1
23
Pavel Shukhman retweeted
reliza.io@relizaio
Jan 15
Dockerfile.sbom - rearmhq.com/blog/2026-01-14-… #sbom

Dockerfile.sbom - ReARM by Reliza

With the recent ReARM releasehttps://github.com/relizaio/rearm/releases/tag/26.01.34, and updated GitHub Actionshttps://github.com/relizaio/rearm-actions, a...

rearmhq.com
1
1
28
My talk about Transparency Exchange API from Open Source SecurityCon in Atlanta is now live on YouTube - youtube.com/watch?v=na30ADqK… #TEA #SBOM #CyberSecurity

Transparency Exchange API: Where To Find Product SBOM? - Pavel...

Don't miss out! Join us at our next Flagship Conference: KubeCon ...

youtube.com
1
1
1
79
Slides - slideshare.net/slideshow/ope…

1
1
31
Badge - credly.com/badges/1878db51-d…

Open Source SecurityCon NA 2025 Speaker Badge was issued by The Linux Foundation to Pavel Shukhman.

Earners of this badge are speakers, selected by the Open Source SecurityCon North America 2025 Program Committee, who have provided thought-leadership and shared best practices with attendees during...

credly.com
20
Load more