DEVOPS WEEKLY ISSUE #591 - 24th April 2022
Observability, DORA metrics, automating SLO management, setting policies for Git repos and more. We’re also starting to see the return of events, with WTF is SRE back this coming week.
StackHawk sponsors Devops Weekly
Confused by the different types of security testing you can put in your pipeline? You’re not alone. Watch StackHawk Co-Founder Scott Gerlach break down the different types of tools you can use to automate API and Application Security testing.
https://sthwk.com/moving-to-continuous-appsec
News
A super interesting post on SLO management at scale, using a Git repository as a system of record, defining an internal schema and then building tooling and a developer-friendly workflow around the results.
https://engineering.salesforce.com/onboarding-slos-for-salesforce-services-299b6cf2d8e8
A discussion of using the DORA metrics to aid decision making in a large software organisation. Love seeing examples of the application of this work in the real world.
https://jobs.libertymutualgroup.com/video-transcript-tomorrow-talks-episode-2/
Need to instrument a JVM application? This post covers how to add observability to a wide range of different languages and frameworks.
https://openvalue.blog/posts/2022/03/17/observability_4_jvm_frameworks_with_grafana_java_kotlin/
I’d skip most of the meta naming conversation, but considering security and security teams is an important part of adopting devops practices, and this post has lots of tips and observations about why that’s so important.
https://tanzu.vmware.com/content/blog/devops-vs-devsecops
Another post in this interesting series, looking at systems reliability and what we can learn from space technology.
https://flyingbarron.medium.com/gyros-and-gimbals-oh-my-the-james-webb-space-telescope-9741480266a
When administering any software, it’s useful to have an interactive tool to help understand what’s happening. Nats-top is (unsurprisingly) top for Nats and this post shows why it’s useful for real-time monitoring.
https://dev.to/karanpratapsingh/real-time-monitoring-with-nats-top-2oph
Events
Container Solutions’ WTF is SRE virtual conference is back next Thursday 28th April. The line-up is on fire with 40 speakers discussing everything DevSecOps, Observability and Reliability. Among them: Charity Majors, Alex Hidalgo, Holly Cummins, Andrew Martin, Jasmine Hex. Register for free today:
https://bit.ly/3xNbVbT
Tools
I’m a big fan of Open Policy Agent, mainly because of the wide range of use cases it can be applied to. Reposaur is a useful tool for writing policy against GitHub repository metadata, with some handy built-in functions.
https://github.com/reposaur/reposaur