Good posts this week on platform engineering, cost effective architectures, supply chain security and moving from heuristic to ML models amongst others posts and new tools.

StackHawk sponsors Devops Weekly

ICYMI: The Deeper GraphQL Security Testing webinar is available on demand! Watch the recording to learn how your team can protect their GraphQL APIs from tricky business logic vulnerabilities with custom test data!
https://sthwk.com/Deeper-GraphQL-OnDemand

News

An interesting article looking at a platform engineering team as a startup, more specifically at the entrepreneurial mindset needed to succeed with scarce resources and shifting priorities.
https://blog.symops.com/2023/01/05/platform-engineering-as-a-startup/

A playlist of all of the sessions from DevOpsDays Tel Aviv. Lighting talks, longer talks on SLOs, service mesh, out of hours on-call and more.
https://www.youtube.com/playlist?list=PL8tivQAdoavNHBVaiDiadxLiVtdH7xPJH

A post with some good advice on cost optimisation for cloud environments and designing cost effective architectures.
https://automation.baldacchino.net/part-3-architectural-cost-optimisation-practical-design-steps-for-architects-and-developers/

A good example and explanation of moving from a heuristic approach to using machine learning to solve a real world problem.
https://doordash.engineering/2023/01/10/how-doordash-upgraded-a-heuristic-with-ml-to-save-thousands-of-canceled-orders/

A good reminder that any public package list will probably come under attack. This post looks at the VSCode extensions marketplace, including typosquatting and other problems.
https://blog.aquasec.com/can-you-trust-your-vscode-extensions

A nice reminder of why management of dependencies is hard, showing how transitive dependencies and packaging formats lead to more dependencies than you think. I’m not sure about referring to this as drift, as I tend to think about that over time, but the core point is sound.
https://thenewstack.io/fast-and-furious-doubling-down-on-sbom-drift/

Tools

Cocacetic is a brand new tool that can patch a running container quickly without going upstream for a full rebuild. It takes input from vulnerability scanners to inform what needs updating.
https://github.com/project-copacetic/copacetic

Klotho looks an interesting, and powerful, tool for taking an application and running it using native AWS services. Simply annotate a standard HTTP service and it will automatically generate the code to configure the relevant AWS services for serving and data persistence.
https://github.com/klothoplatform/klotho
https://klo.dev/