A real mix of content this week, on everything from incident reports and supply chain security to robust network systems and data governance.

StackHawk sponsors Devops Weekly

Learn how to easily add three different types of application security testing to your GitHub pipeline in StackHawk’s hands-on workshop:
https://sthwk.com/github-actions-workshop

News

Rapid growth poses lots of interesting operational and scaling challenges. This retrospective on a month of incidents is worth a read.
https://www.honeycomb.io/blog/incident-resolution-september-retrospective/

A nice collection of materials on software supply chain security. From whitepapers to academic research, tooling and conferences.
https://github.com/chughes757/SecureSoftwareSupplyChain

A post on patterns for building robust network systems, looking at timeouts, retries and backoff.
https://aws.amazon.com/builders-library/timeouts-retries-and-backoff-with-jitter/

A look at an Infrastructure as code anti-pattern, managing snowflake servers as code.
https://infrastructure-as-code.com/book/2021/11/19/snowflakes-as-code.html

A topic anyone in a growing organisation will be familiar with, the problem of data governance. Balancing central control and flexibility at the edge.
https://towardsdatascience.com/data-governance-has-a-serious-branding-problem-7925b909712b

A how to on setting up structured logging for Python applications.
https://dev.to/aaronbassett/structured-logging-in-python-52e4

An argument against using code freezes, highlighting some of the resulting problems however appealing it might be.
https://firehydrant.io/blog/avoid-frostbite-stop-doing-code-freezes/

Tools

Cartographer is a new tool for describing Kubernetes-native software supply chains in code, supporting a clear separation of duties.
https://cartographer.sh/
https://github.com/vmware-tanzu/cartographer

A handy tool for getting x509 certificate information, handles chains, multiple files and TCP addresses.
https://github.com/pete911/certinfo