1 minute read

Devops metrics, observability in Kubernetes, SBOM politics, good old log management and secrets. Lots of variety this week.

StackHawk sponsors Devops Weekly

Working with GraphQL APIs? Try StackHawk’s Deeper GraphQL Security testing to build and release secure, reliable APIs without slowing down product delivery. Learn how it works:
https://sthwk.com/Custom-Test-Data-GraphQL

News

A good set of common mistakes when determining useful metrics to use as part of continuous improvement. Information overload, activity bias, focusing too much on tools and more good tips.
https://octopus.com/blog/common-mistakes-devops-metrics

A post on the evolution of devops practices, looking at platforms, the importance of business metrics, security and the continuing importance of culture.
https://about.gitlab.com/blog/2022/10/31/a-snapshot-of-modern-devops-practices-today/

A look at the work done to bring observability to Kubernetes. Not only is this useful for those running Kubernetes clusters, it’s a good example of instrumenting a large complex project with OpenTelemetry.
https://kubernetes.io/blog/2022/12/01/runtime-observability-opentelemetry/

More of an industry news post. SBOMs standards are a low level piece of the software supply chain security, but tooling is still evolving and higher level standards are still likely needed. A classic chicken and egg problem.
https://www.securityweek.com/big-tech-vendors-object-us-gov-sbom-mandate

Probably more useful to those working on large enterprise transformation efforts, an open source maturity model from FINOS (a financial services group).
https://survey.osmm.finos.org/551476

Managing Ubuntu? This post covers everything you wanted to know about ubuntu logs. Different types of logs, where they are stored on disk, log rotation, tools for viewing and more.
https://sematext.com/blog/ubuntu-logs/

Tools

Conceal is a new tool that aims to provide a secure way of using passwords from password managers with local CLI tools.
https://github.com/mostafahussein/conceal
https://mostafahussein.github.io/projects/conceal/

Cdxgen is another tool for building a software bill of materials, in this case in CycloneDX format and with support for a variety of ecosystems and package managers.
https://github.com/AppThreat/cdxgen

Updated: