1 minute read

Security, load testing, developer efficiency, automated releases, PostgreSQL and lots more this week.

StackHawk sponsors Devops Weekly

StackHawk is the first dynamic application and API security testing tool to integrate with GitHub Code Scanning. Give it a go:
https://sthwk.com/github-code-scanning

News

A discussion of measuring developer success, and the importance of optimising for onboarding time for engineers, especially in a rapidly growing team.
https://backstage.spotify.com/blog/measuring-backstage-success-at-spotify/

A nice post describing an automated release process, making clever use of GitHub Actions and generated changelogs.
https://sudolabs.com/blog/how-we-automatized-our-release-process-into-just-3-clicks

An interesting slide deck on the relationship between complexity and security, with some good low level observations.
https://docs.google.com/presentation/d/181WFEcKiOiIDiWygVk2WGActldWUkAPiPsn5U4KKN_g/mobilepresent

A good post on load testing, specifically looking at load testing an HTTP API. How to deal with load testing, load testing scenarios, resource provisioning and more.
https://ably.com/blog/how-we-load-tested-control-api

A long list of lesser-known PostgreSQL features.
https://hakibenita.com/postgresql-unknown-features

A collection of recordings from the recent SupplyChainSecurityCon event, with panels and talks on SBOMs, regulated industries, signing and more.
https://cd.foundation/blog/2021/11/10/supplychainsecuritycon-talk-recordings-now-available/

AWS has a number of different services for running containers. This post has a handy flow chart for helping with selection.
https://www.vladionescu.me/posts/flowchart-how-should-i-run-containers-on-aws-2021/

Kubernetes deprecated dockershim recently, and is surveying users ahead of removal. Change at this level of such a popular project is hard, and it’s good to see this sort of engagement.
https://kubernetes.io/blog/2021/11/12/are-you-ready-for-dockershim-removal/

Tools

dstp looks like a handy networking tool. Point at a domain or IP and get ping, DNS, certificate information and more.
https://github.com/ycd/dstp

Python has another package manager, PDM. This strictly implements the various PEPs in the space and works similar to npm.
https://pdm.fming.dev/

kubectl-slice is a tool that allows you to split a single multi-YAML Kubernetes manifest into multiple subfiles using a naming convention you choose. Put them back together using Go Templates.
https://github.com/patrickdappollonio/kubectl-slice

Updated: