1 minute read

Developer platforms, YAML!, personal development, SBOMs, serverless operations and more. No real theme this week, but several good posts on a range of technical and people topics.

StackHawk sponsors Devops Weekly

Bridging the gap between security and engineering involves giving teams responsible for writing and deploying code a way to include security testing in their standard workflow. Check out Omdia’s POV on StackHawk in their On the Radar Report.
https://sthwk.com/on-the-radar

News

Is focusing on developer platforms a trap? This post argues that the platform is far less important than the goal of developer enablement that teams should be focused on.
https://samnewman.io/blog/2023/02/08/dont-call-it-a-platform/

Next time someone suggests YAML as a user friendly format, please reference this post if you can’t get someone to read the YAML spec. A useful rant with great examples.
https://ruudvanasseldonk.com/2023/01/11/the-yaml-document-from-hell

Folks often have polarised opinions on certifications. This post takes a pragmatic look at why they can be useful, but also considers the downsides. It also provides some tips for making a personal certification plan if you want to go down this route.
https://abstraction.blog/2023/01/10/certification-plan

A nice introduction and update to the work going on to bring sigstore signing to Maven.
https://blog.sigstore.dev/towards-easier-more-secure-signature-technology-for-the-java-ecosystem-with-sigstore-60d6a02490a8/

A talk from the FOSDEM SBOM devroom on the key properties in a useful SBOM. Useful to see practices emerging.
https://fosdem.org/2023/schedule/event/sbom_key_ingredients/

The interaction between policy (which is local) with the transnational open source community is always a challenge. This post looks at the cyber resilience act and why it’s important for open source.
https://blog.opensource.org/what-is-the-cyber-resilience-act-and-why-its-important-for-open-source/

A good reminder that serverless doesn’t mean no operations, just a change in the nature of the work. Not a new idea, but some good examples.
https://thenewstack.io/serverless-doesnt-mean-devopsless-or-noops/

Tools

Cadl is a language for describing cloud service APIs and generating other API description languages, client and service code, documentation, and other assets. Cadl provides highly extensible core language primitives that can describe API shapes common among REST, GraphQL, gRPC, and other protocols.
https://microsoft.github.io/cadl/
https://github.com/microsoft/cadl

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #694 - 21st April 2024

less than 1 minute read

A theme of architecture this week, with posts on the development of large systems, infrastructure evolution at scale, internal developer toolchains and more.

DEVOPS WEEKLY ISSUE #693 - 14th April 2024

2 minute read

I’ve been crazy busy this week and travelling today, and with it being the start of a new quarter I thought a highlights issue, with some of the top posts fr...