Something for everyone this week, with risk management, security maturity models and incident management posts on the business side, plus GitOps, GitBOM and grepping JSON on the technical side.
StackHawk sponsors Devops Weekly
StackHawk raises $20.7 million in a Series B round! See how we plan to use this funding to ramp up product delivery and grow the StackHawk team.
A very interesting post on risk management, cyber security and how typical startup engineering org structures and incentives make this a thorny problem needing long term solutions.
AWS has published a security maturity model. Covering 6 areas like Identity and Access, Response and Recovery and 4 levels of maturity.
A lighting talk from KubeCon all about GitBOM, which is a super interesting project that uses Git’s DAG for Supply Chain Artifact Resolution.
Application logs are still useful for lots of use cases. This post contains lots of good practices for adding logging to your application, from log levels to avoiding sensitive data to verbosity.
Incident management is sometimes a bit of an afterthought, left as a technical implementation detail. This post makes the argument that good incident management is increasingly a business advantage.
How does Kubernetes evolve? This KubeCon presentation looks at developer experience, developer platforms and a control plane.
An argument that GitOps has to include drift detection.
Close is building the sales communication platform of the future and we’re looking for a Site Reliability Engineer to help us accomplish that goal. If you have a passion for databases (both SQL and NoSQL), significant experience building, managing, and monitoring infrastructure, databases, and backend services at scale and want to work with a rag-tag team of hardworking, but humble humans, then come check us out!
Tetragon is a new open source eBPF-based security observability and runtime enforcement platform. The blog post nicely covers why eBBP opens up opportunities here vs other more traditional approaches.
atmos is both a library and a command-line tool for provisioning, managing and orchestrating workflows across various toolchains. It’s in essence a high level UI for Terraform, Helm, kubectl, istio, AWS CDK and more, with lots of examples to help get started.
gron is a CLI tool that transforms JSON into discrete assignments to make it easier to grep for what you want and see the absolute ‘path’ to it.