Platform teams, CI/CD, supply chain security, Terraform hints and more this week. Hoping everyone is having a good start to 2023.

StackHawk sponsors Devops Weekly

StackHawk CSO and Co-Founder shared with Swapnil Bhartiya in a TFiR interview how the right tools can eliminate inefficient feedback loops among dev and security teams. Watch the chat:
https://sthwk.com/TFiR

News

A great set of 12 blog posts, exploring a wide range of challenges teams face as they try and build an internal development platform. From budget and team size, to cognitive load and user flexibility to multi-cloud. Lots to keep you busy.
https://www.syntasso.io/post/the-12-platform-challenges-recap

A look at the prevalence of AWS credentials in packages published on PyPi. Some observations about why this happens too.
https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/

If you have a moment, please do complete the 2023 Open Standards Survey. An interesting topic, and the more data gathered the more interesting the final report should be.
https://www.research.net/r/Q7LRJ67

One of the challenges with metaphors is they can break down around the edges. Describing how we consume software as a supply chain is useful in parts, but thinking of open source contributors as suppliers isn’t, as argued in this post.
https://www.softwaremaxims.com/blog/not-a-supplier

A nice walkthrough how one team increased the observability of their CI and CD pipelines, laying out different options considered and diving into the implementation details of the chosen solution.
https://medium.com/bondora-engineering-and-data/how-to-increase-deployment-observability-and-simplify-deployment-pipelines-3b271e57ff3f

An interesting set of posts analysing booth messaging from AWS re:Invent and Kubecon last year. It’s certainly a novel way of looking at how vendors see the space at a moment in time.
https://www.uptime.build/post/i-analyzed-290-booths-at-kubecon-here-are-the-devops-trends-for-2023
https://www.uptime.build/post/reinvent-booth-analysis

GitHub has a lot of interesting data to explore, which can be useful to spelunk through when trying to understand usage of a library or adoption of a technology. This post explores using ClickHouse Playground and the GitHub Archive for quick adhoc queries.
https://til.simonwillison.net/clickhouse/github-explorer

A nice deep-dive post on HCL, the language used by Terraform. In this case looking at patterns for flexible loops, using the “any” type and a nice worked example.
https://awstip.com/terraform-the-awesome-value-type-any-and-loops-a6be039b1ce5