DEVOPS WEEKLY ISSUE #582 - 20th February 2022
No particular theme this issue, but posts on developer experience, configuration management, devops job titles, incident management, supply chain security and some handy tools this week.
StackHawk sponsors Devops Weekly
Ready to level-up your DevSecOps game? The schedule for ZAPCon is now live! Check out the exclusive sessions we have in store and register so you don’t miss out.
https://sthwk.com/zapcon
News
Configuration is (still) a common challenge. The 12 factor approach advocates environment variables, but how do you manage them. One approach is in a .env file, which has some problems, as this post discusses.
https://blog.doppler.com/the-triumph-and-tragedy-of-env-files
A solid argument for developer platforms and a focus on developer experience in order to embed security earlier in the development process.
https://redmonk.com/rstephens/2022/02/17/devex-is-security/
A walkthrough of using GitHub Actions to auto-merge dependency upgrade PRs when tests pass. There are some definite pros and cons to this much automation when it comes to supply chain attacks and undesirable side effects.
https://dev.to/daniloab/using-github-actions-to-improve-your-developer-experience-29n7
The evolution of job titles is definitely one lens through which you can observe devops influence. This post nicely visualises the current state of titles from development to operations.
https://www.jedi.be/blog/2022/02/11/shades-of-devops-roles/
The start of a blog post series documenting one person’s journey learning cloud native technologies. It’s a good reminder of the assumptions of more experienced folks, the posts starting with linux and text editor basics.
https://irishtechie.cloud/my-cloud-native-adventure-part-1
https://irishtechie.cloud/my-cloud-native-adventure-part-2/
With the adoption of devops practises, especially in smaller organisations, various operations and service management responsibilities have spread out, but I think we’ll seen some swing back to more dedicated roles as the complexity continues to increase.
https://medium.com/@margrig96/who-is-the-incident-manager-specialist-9322f119c95a
Tools
A handy online service which watches your SSL certificates and notifies you well in advance of their expiration.
https://www.haveibeenexpired.com/
The Secure Software Factory is a prototype implementation of the CNCF’s Secure Software Factory Reference Architecture which is based on the CNCF s Software Supply Chain Best Practises White Paper
https://thesecuresoftwarefactory.github.io/ssf/
Frawk is an AWK alternative implementation which adds some interesting new features, like CSV support, and provides faster performance.
https://github.com/ezrosent/frawk