Doubling up on posts on both technology choice and backups this week, as well as lots of new and interesting tools covering everything from CI/CD and SSH servers to Kubernetes security.

StackHawk sponsors Devops Weekly

StackHawk’s dynamic application security testing is automated in CI/CD, and can be run on every PR. Find out how StackHawk can help you ship code faster without sacrificing quality.
https://sthwk.com/running-in-cicd

News

Technology choice is an evergreen topic I feel. This post explores lots of good (and bad) reasons why organisations might not use specific tools or technologies, not all of which are obvious.
https://www.brendangregg.com/blog/2022-03-19/why-dont-you-use.html

A post on the need for managed backups, posted on World Backup Day last week (who knew?) Lots of AWS specific points and guidance, but generally applicable topic.
https://scalefactory.com/blog/2022/03/31/the-case-for-managed-backups/

Another post on backups. This one looking at the limitations of S3 as a backup solution, focused partly on the scope for error vs a more domain-specific solution.
https://www.lastweekinaws.com/blog/s3-is-not-a-backup/

A white paper on all things container base image security, advocating for wider adoption of smaller images to reduce the security surface area.
https://chainguard.dev/blog-static/chainguard-all-about-that-base-image.pdf

A second post this week on technology choice. This post focuses on decisions when scaling startups and a look at data storage in particular.
https://www.cockroachlabs.com/blog/selecting-startup-stack-for-scale/

Inside details on building out a monitoring stack during a time of rapid growth in a team. What to monitor? What to alert on? What’s working and what would the team have done differently?
https://medium.com/miro-engineering/our-journey-to-data-engineering-monitoring-c14d6ff20351

Tools

Dagger has been officially launched. An open source project that provides a new way of describing CI/CD pipelines that can be run locally and on any CI/CD service. Early days, but powerful abstractions.
https://dagger.io/
https://dagger.io/blog/public-launch-announcement

Caddy SSH is an SSH server intended to provide a much more secure implementation and default configuration. Good accompanying blog post on the problem to solve.
https://www.caffeinatedwonders.com/2022/03/28/new-ssh-server/
https://github.com/mohammed90/caddy-ssh

A new registry for sharing Open Policy Agent policies It comes with a CLI tool that recreates a Docker-like push/pull workflow. It’s based on OCI tech under the hood too, so you can sign policy bundles with cosign for instance.
https://www.openpolicyregistry.io/

Managing secrets with configuration is often still too hard. Helm Teller provides a new approach specifically for Helm, aiming to be easy to integrate and able to pull secrets from multiple providers.
https://github.com/SpectralOps/helm-teller

StackRox is now open source. Acquired last year by Red Hat, StackRox is a Kubernetes runtime security tool that provides visibility, alerts and recommendations on hardening the environment.
https://github.com/stackrox/stackrox