Projects

A fully static Astro 6 site deployed on Cloudflare Pages, combining a professional portfolio with a live security feed powered by a Cloudflare Worker that polls NVD and CISA KEV APIs hourly. Features a full blog engine with MDX, a Starlight-powered knowledge base, interactive certification quizzes built with Preact, and a projects showcase. Built with Tailwind CSS 4 and Pagefind for full-text search.

A reusable GitLab CI/CD template library designed to embed security scanning directly into development pipelines with zero configuration for standard projects. Templates cover the full application security spectrum: SAST via SonarQube, DAST via OWASP ZAP, SCA via Snyk, container image scanning via Trivy, and secret detection. Each stage runs in parallel where possible, with configurable fail thresholds and SARIF report artefacts.

A lightweight Cloudflare Worker written in TypeScript that runs on a cron schedule to fetch recent CVE data from the NVD REST API v2.0 and cross-reference entries against the CISA Known Exploited Vulnerabilities catalogue. Results are normalised, ranked by CVSS score, and stored in Cloudflare KV with a 2-hour TTL. The worker exposes a single GET /api/cves endpoint consumed by the CveFeed island on the security page.

A collection of Ansible playbooks and Helm charts that harden Kubernetes clusters to CIS Kubernetes Benchmark v1.8 and enforce Pod Security Standards across all workload namespaces. Includes OPA Gatekeeper policies for image registry allowlisting, a pre-configured Falco ruleset for runtime threat detection, and kube-bench integration that produces a pass/fail report against each benchmark section.