1 minute read

A packed issue this week, with posts on supply chain security, AWS management, software development metrics, OpenTelemetry and more. Plus several interesting tools from a WebAssembly PaaS to a great JVM release tool.

StackHawk sponsors Devops Weekly

Looking to add security testing to your pipeline? Learn how StackHawk makes it easy to automate application security with our new guide for testing in CI/CD.
https://sthwk.com/running-in-cicd

News

A post on implementing the DORA metrics, with some discussion of suggested improvements based on difficulty with measurement at scale.
https://isthisit.nz/posts/2022/state-of-the-dora-devops-metrics/

Software built processes have always posed a risk of attack, this post makes clear that this is happening in the real world with some examples.
https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines/

Another supply chain security post, this one looking at the part played by package manager lock files and how to use them.
https://r2c.dev/blog/2022/the-best-free-open-source-supply-chain-tool-the-lockfile/

A detailed introduction looking at OpenTelemetry collectors and exporters.
https://www.containiq.com/post/opentelemetry-collector-and-exporters

Some tips for anyone wanting a more organised Git history.
https://render.com/blog/git-organized-a-better-git-flow

A primer on using Go for writing AWS CDK. Lots of examples and explanations of the programming model.
https://poweruser.blog/aws-cdk-with-go-part1-4075eeeceaad

Mining software development stats seems to be a hot topic at the moment. This post is looking at dealing with technical debt, using quotas and metrics to drive continuous improvement.
https://medium.com/flo-health/how-to-deal-with-tech-debt-at-the-scale-of-super-app-90da136d576d

A post for anyone using AWS DynamoDB, specifically looking at how to migrate large tables between separate AWS accounts.
https://medium.com/riskified-technology/dynamodb-table-migration-between-accounts-aabfa7ef748

Tools

Hippo is a PaaS for webassembly applications. Experimental at this stage, but providing a simple push-based deployment mechanism and good documentation to get started.
https://docs.hippofactory.dev
https://github.com/deislabs/hippo

Jreleaser makes packaging and releasing JVM applications easier. Good defaults and flexible configuration, easily generate GitHub releases, update a homebrew tap and lots more.
https://jreleaser.org/
https://github.com/jreleaser/jreleaser

Kwatch is a handy Kubernetes application that watches for crashes in the cluster, and posts information about them to Slack, Discord, Pagerduty and more.
https://github.com/abahmed/kwatch

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #699 - 26th May 2024

1 minute read

Platform engineering, establishing a center of production excellence, measuring the DORA metrics and tools for generating tests and writing bash. Oh, and a j...

DEVOPS WEEKLY ISSUE #698 - 19th May 2024

1 minute read

This week we have posts on APIs, behind the scenes of a large production infrastructure, speeding up monorepo builds and tools for managing feature flags and...

DEVOPS WEEKLY ISSUE #697 - 12th May 2024

less than 1 minute read

This week we have a range of posts covering API specification languages, log formats and CI/CD pipelines as well as tools for building development environmen...