1 minute read

Several posts on the topic of supply chain security this week, from critiques of published guidance, dependency security and interesting new tooling to help with container supply chain concerns.

StackHawk sponsors Devops Weekly

Adding security testing to the development lifecycle means deploying to production the right way the first time. Watch a StackHawk demo to see how you can use automated testing to avoid roadmap disruptions and slowdowns.
https://sthwk.com/watch-a-demo

News

I’m a big fan of counter arguments. This post takes an opposing view of GitOps, but more generally explores a classic operations argument of push vs pull.
https://thenewstack.io/does-the-gitops-emperor-have-no-clothes/

Lots of talk of software supply chain security at the moment (and in this week’s newsletter), but this post discusses where the supply chain metaphor breaks down for open source software.
https://iliana.fyi/blog/software-supply-chain/

EC2 was one of the first AWS services, and there are now quite a few different ways of managing access to an EC2 instance, as covered in this post.
https://blog.symops.com/2022/09/22/ec2-access/

A good look at dependency security challenges with GitHub Actions.
https://devopsjournal.io/blog/2022/09/18/Analysing-the-GitHub-marketplace

A large scale migration to a platform like Kubernetes is just the start. This post explores what came next for one large organisation, and some of the challenges
https://medium.com/blablacar/be-lean-go-far-leveraging-kubernetes-for-an-elastic-right-sized-platform-bc1179c4c784

A critique of a recent US Government publication on Securing the Software Supply Chain, aimed at developers. Security is important, but it’s not the only important thing, and tensions between government and commercial interests are likely be become more of a theme I expect.
https://swagitda.com/blog/posts/securing-the-supply-chain-of-nothing/

A good reminder of the power of open source and community development, especially when it comes to low level infrastructure components like this example.
https://blog.gregor.com/adding-one-library-and-one-line-and-so-much-other-work-140cdd9efaf4

Events

WTF is Next for Developer Experience? Join this free virtual panel with Crystal Hirschorn, Hannah Paine and Suhail Patel on Tue 27 Sept, 14:00 CEST. And don’t forget to bring your questions!
https://bit.ly/3Sr99QX

Tools

Wolfi is a new lightweight GNU software distribution, a Linux (un)distribution intended to solve supply chain security problems in container environments.
https://github.com/chainguard-dev/wolfi-os
https://www.chainguard.dev/unchained/introducing-wolfi-the-first-linux-un-distro

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #694 - 21st April 2024

less than 1 minute read

A theme of architecture this week, with posts on the development of large systems, infrastructure evolution at scale, internal developer toolchains and more.

DEVOPS WEEKLY ISSUE #693 - 14th April 2024

2 minute read

I’ve been crazy busy this week and travelling today, and with it being the start of a new quarter I thought a highlights issue, with some of the top posts fr...