DEVOPS WEEKLY ISSUE #633 - 12th January 2023
Developer platforms, YAML!, personal development, SBOMs, serverless operations and more. No real theme this week, but several good posts on a range of technical and people topics.
StackHawk sponsors Devops Weekly
Bridging the gap between security and engineering involves giving teams responsible for writing and deploying code a way to include security testing in their standard workflow. Check out Omdia’s POV on StackHawk in their On the Radar Report.
https://sthwk.com/on-the-radar
News
Is focusing on developer platforms a trap? This post argues that the platform is far less important than the goal of developer enablement that teams should be focused on.
https://samnewman.io/blog/2023/02/08/dont-call-it-a-platform/
Next time someone suggests YAML as a user friendly format, please reference this post if you can’t get someone to read the YAML spec. A useful rant with great examples.
https://ruudvanasseldonk.com/2023/01/11/the-yaml-document-from-hell
Folks often have polarised opinions on certifications. This post takes a pragmatic look at why they can be useful, but also considers the downsides. It also provides some tips for making a personal certification plan if you want to go down this route.
https://abstraction.blog/2023/01/10/certification-plan
A nice introduction and update to the work going on to bring sigstore signing to Maven.
https://blog.sigstore.dev/towards-easier-more-secure-signature-technology-for-the-java-ecosystem-with-sigstore-60d6a02490a8/
A talk from the FOSDEM SBOM devroom on the key properties in a useful SBOM. Useful to see practices emerging.
https://fosdem.org/2023/schedule/event/sbom_key_ingredients/
The interaction between policy (which is local) with the transnational open source community is always a challenge. This post looks at the cyber resilience act and why it’s important for open source.
https://blog.opensource.org/what-is-the-cyber-resilience-act-and-why-its-important-for-open-source/
A good reminder that serverless doesn’t mean no operations, just a change in the nature of the work. Not a new idea, but some good examples.
https://thenewstack.io/serverless-doesnt-mean-devopsless-or-noops/
Tools
Cadl is a language for describing cloud service APIs and generating other API description languages, client and service code, documentation, and other assets. Cadl provides highly extensible core language primitives that can describe API shapes common among REST, GraphQL, gRPC, and other protocols.
https://microsoft.github.io/cadl/
https://github.com/microsoft/cadl