1 minute read

A packed issue this week, with posts on supply chain security, AWS management, software development metrics, OpenTelemetry and more. Plus several interesting tools from a WebAssembly PaaS to a great JVM release tool.

StackHawk sponsors Devops Weekly

Looking to add security testing to your pipeline? Learn how StackHawk makes it easy to automate application security with our new guide for testing in CI/CD.
https://sthwk.com/running-in-cicd

News

A post on implementing the DORA metrics, with some discussion of suggested improvements based on difficulty with measurement at scale.
https://isthisit.nz/posts/2022/state-of-the-dora-devops-metrics/

Software built processes have always posed a risk of attack, this post makes clear that this is happening in the real world with some examples.
https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines/

Another supply chain security post, this one looking at the part played by package manager lock files and how to use them.
https://r2c.dev/blog/2022/the-best-free-open-source-supply-chain-tool-the-lockfile/

A detailed introduction looking at OpenTelemetry collectors and exporters.
https://www.containiq.com/post/opentelemetry-collector-and-exporters

Some tips for anyone wanting a more organised Git history.
https://render.com/blog/git-organized-a-better-git-flow

A primer on using Go for writing AWS CDK. Lots of examples and explanations of the programming model.
https://poweruser.blog/aws-cdk-with-go-part1-4075eeeceaad

Mining software development stats seems to be a hot topic at the moment. This post is looking at dealing with technical debt, using quotas and metrics to drive continuous improvement.
https://medium.com/flo-health/how-to-deal-with-tech-debt-at-the-scale-of-super-app-90da136d576d

A post for anyone using AWS DynamoDB, specifically looking at how to migrate large tables between separate AWS accounts.
https://medium.com/riskified-technology/dynamodb-table-migration-between-accounts-aabfa7ef748

Tools

Hippo is a PaaS for webassembly applications. Experimental at this stage, but providing a simple push-based deployment mechanism and good documentation to get started.
https://docs.hippofactory.dev
https://github.com/deislabs/hippo

Jreleaser makes packaging and releasing JVM applications easier. Good defaults and flexible configuration, easily generate GitHub releases, update a homebrew tap and lots more.
https://jreleaser.org/
https://github.com/jreleaser/jreleaser

Kwatch is a handy Kubernetes application that watches for crashes in the cluster, and posts information about them to Slack, Discord, Pagerduty and more.
https://github.com/abahmed/kwatch

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #693 - 14th April 2024

2 minute read

I’ve been crazy busy this week and travelling today, and with it being the start of a new quarter I thought a highlights issue, with some of the top posts fr...

DEVOPS WEEKLY ISSUE #690 - 24th March 2024

1 minute read

Unreliable platform engineering, scaling databases, configuration management, software supply chain security and more this week. A good mix of interesting to...