Kicking off with a few good social posts this week on sharing and on building up secure software practices. Then on to several posts on tooling and technology around a software delivery pipeline. Plus lots more posts on other devops topics.

Sponsor

The term DevOps carries a number of misconceptions among some teams. So, we took it upon ourselves to straighten out the myths and define the truly key philosophies of DevOps:
http://try.victorops.com/devopsweekly/core-tenets-of-devops

News

A fantastic post on why writing secure software is hard, including lots of references to literature and a discussion of the sociology of writing secure software. What can we do in our teams and organisations to minimise the risks?
https://www.ncsc.gov.uk/blog-post/leaky-pipe-secure-coding

As this post points out, sharing is one of the tenets of devops, but it’s not something we often delve into the details of. This presentation does just that, making several important points about building a sustainable sharing culture.
https://glennsarti.github.io/presentation/sharing-whats-in-it-for-me-ndcsyd
https://speakerdeck.com/glennsarti/ndc-sydney-sharing-whats-in-it-for-me

A short post with easily understandable examples of why and where microservices solve problems, and where they create them instead.
http://blog.jenkster.com/2018/07/microservices-check-size.html

This posts argues for a split between the design of your deployment pipelines and the tool you happen to implement them in. Many CI problems are actually pipeline design problems.
https://cintia.me/blog/post/ci-tool/

A quick example-laden walkthrough of why and how to ensure your container images use non-root users.
https://medium.com/lucjuggery/running-a-container-with-a-non-root-user-e35830d1f42a

A good walkthrough of using Atomist SDM to build and deploy a Spring application to Kubernetes.
https://the-composition.com/deploy-your-spring-boot-application-to-kubernetes-in-3-mins-fdd37a212c6c

An Azure-flavoured look at managed cloud services and developer experience, in particular looking at Dev Spaces, CosmosDB, Azure Functions and more.
https://n4stack.io/2018/09/19/azure-operations-as-a-service/

A quick introduction to the new Linkerd 2.0 service mesh release and how it’s feature help with operating applications in production.
https://hackernoon.com/linkerd-2-0-service-ops-for-you-and-me-281cc5bd6424

A nice definitions piece looking at structured logging and events and the relationship between the two.
https://www.honeycomb.io/blog/2018/06/how-are-structured-logs-different-from-events/

A post on the overlap and tension between traditional ITSM approaches and devops, and why the focus on culture is both important and should bind the two together (but often doesn’t.)
https://www.thinkhdi.com/library/supportworld/2018/devops-itsm-why-are-we-arguing.aspx

CNCF - Cloud Native Computing Foundation

The Observability Practitioners Summit is taking place on December 10th in conjunction with KubeCon + CloudNativeCon North America. Interested in learning about monitoring and observability from the maintainers of OpenTracing, Prometheus, Fluentd and Jaeger? Register now.
http://bit.ly/2oLEylg

Events

Open Source Summit Europe kicks off in Edinburgh, UK in less one month! Join your DevOps peers to network, collaborate and learn. Get a deep-dive on how to migrate legacy infrastructure, learn to integrate the latest tools, and discover best practices on how to efficiently manage environments. With 300+ sessions, tutorials, labs, workshops, and more, this is THE premier European open source event of the year where you’ll learn about cutting-edge advances. View the full schedule, and save 15% with discount code OSSDEVOPS15.
http://bit.ly/DevOpsOSS18

Chocolatey Fest is coming up on the 8th of October in San Francisco. A conference focused on all things Windows automation with talks ranging from provisioning, Windows containers, automated compliance and more.
https://chocolateyfest.com/

Tools

Jervis aims to bring the user experience of configuring Travis CI jobs to Jenkins. If users prefer configuration in data vs in the Gradle DSL this can lower the barrier to entry for self-service pipelines.
https://github.com/samrocketman/jervis

The term DevOps carries a number of misconceptions among some teams. So, we took it upon ourselves to straighten out the myths and define the truly key philosophies of DevOps:
http://try.victorops.com/devopsweekly/core-tenets-of-devops