Something for everyone this week, with risk management, security maturity models and incident management posts on the business side, plus GitOps, GitBOM and grepping JSON on the technical side.

StackHawk sponsors Devops Weekly

StackHawk raises $20.7 million in a Series B round! See how we plan to use this funding to ramp up product delivery and grow the StackHawk team.
https://sthwk.com/Series-B-Announcement

News

A very interesting post on risk management, cyber security and how typical startup engineering org structures and incentives make this a thorny problem needing long term solutions.
https://magoo.medium.com/lessons-learned-in-risk-measurement-c33b4de0f72e

AWS has published a security maturity model. Covering 6 areas like Identity and Access, Response and Recovery and 4 levels of maturity.
https://maturitymodel.security.aws.dev/en/model/

A lighting talk from KubeCon all about GitBOM, which is a super interesting project ​​that uses Git’s DAG for Supply Chain Artifact Resolution.
https://www.youtube.com/watch?v=2SSkNLWL4UM

Application logs are still useful for lots of use cases. This post contains lots of good practices for adding logging to your application, from log levels to avoiding sensitive data to verbosity.
https://medium.com/@avithalker/application-logs-your-eyes-in-production-81dd119d2a86

Incident management is sometimes a bit of an afterthought, left as a technical implementation detail. This post makes the argument that good incident management is increasingly a business advantage.
https://firehydrant.com/blog/positive-business-outcomes-of-great-incident-management/

How does Kubernetes evolve? This KubeCon presentation looks at developer experience, developer platforms and a control plane.
https://www.slideshare.net/dbryant_uk/kubecon-eu-2022-from-kubernetes-to-paas-to-err-whats-next

An argument that GitOps has to include drift detection.
https://www.weave.works/blog/you-aren-t-doing-gitops-without-drift-detection

Jobs

Close is building the sales communication platform of the future and we’re looking for a Site Reliability Engineer to help us accomplish that goal. If you have a passion for databases (both SQL and NoSQL), significant experience building, managing, and monitoring infrastructure, databases, and backend services at scale and want to work with a rag-tag team of hardworking, but humble humans, then come check us out!
https://bit.ly/close-sre

Tools

Tetragon is a new open source eBPF-based security observability and runtime enforcement platform. The blog post nicely covers why eBBP opens up opportunities here vs other more traditional approaches.
https://isovalent.com/blog/post/2022-05-16-tetragon
https://github.com/cilium/tetragon

atmos is both a library and a command-line tool for provisioning, managing and orchestrating workflows across various toolchains. It’s in essence a high level UI for Terraform, Helm, kubectl, istio, AWS CDK and more, with lots of examples to help get started.
https://github.com/cloudposse/atmos

gron is a CLI tool that transforms JSON into discrete assignments to make it easier to grep for what you want and see the absolute ‘path’ to it.
https://github.com/tomnomnom/gron