Doubling up on posts on both technology choice and backups this week, as well as lots of new and interesting tools covering everything from CI/CD and SSH servers to Kubernetes security.
StackHawk sponsors Devops Weekly
StackHawk’s dynamic application security testing is automated in CI/CD, and can be run on every PR. Find out how StackHawk can help you ship code faster without sacrificing quality.
Technology choice is an evergreen topic I feel. This post explores lots of good (and bad) reasons why organisations might not use specific tools or technologies, not all of which are obvious.
A post on the need for managed backups, posted on World Backup Day last week (who knew?) Lots of AWS specific points and guidance, but generally applicable topic.
Another post on backups. This one looking at the limitations of S3 as a backup solution, focused partly on the scope for error vs a more domain-specific solution.
A white paper on all things container base image security, advocating for wider adoption of smaller images to reduce the security surface area.
A second post this week on technology choice. This post focuses on decisions when scaling startups and a look at data storage in particular.
Inside details on building out a monitoring stack during a time of rapid growth in a team. What to monitor? What to alert on? What’s working and what would the team have done differently?
Dagger has been officially launched. An open source project that provides a new way of describing CI/CD pipelines that can be run locally and on any CI/CD service. Early days, but powerful abstractions.
Caddy SSH is an SSH server intended to provide a much more secure implementation and default configuration. Good accompanying blog post on the problem to solve.
A new registry for sharing Open Policy Agent policies It comes with a CLI tool that recreates a Docker-like push/pull workflow. It’s based on OCI tech under the hood too, so you can sign policy bundles with cosign for instance.
Managing secrets with configuration is often still too hard. Helm Teller provides a new approach specifically for Helm, aiming to be easy to integrate and able to pull secrets from multiple providers.
StackRox is now open source. Acquired last year by Red Hat, StackRox is a Kubernetes runtime security tool that provides visibility, alerts and recommendations on hardening the environment.