1 minute read

A range of posts this week on cloud strategy, AWS, Node.js tools, supply chain security and more.

StackHawk sponsors Devops Weekly

gRPC is the popular choice for building microservices and distributed systems. Ensuring these APIs are secure and protected against vulnerabilities is essential. StackHawk is rolling out a private beta for gRPC API security testing. Register here:
https://sthwk.com/gRPC-beta

News

A post on cloud strategy, using a useful model of technology, capability, innovation and business to discuss progression through four stages of adoption.
https://blog.container-solutions.com/biggest-cloud-native-strategy-mistake

This next post looks at a useful categorisation of software supply chain attack initiators, and why categorising is useful when considering prevention and reaction.
https://stevelasker.blog/2023/01/31/initiators-of-supply-chain-incidents/

A new AWS feature which means you can now pass an IAM role to every EC2 instance in your account using AWS Systems Manager. Interesting new threat vector as well.
https://awsteele.com/blog/2023/02/20/a-role-for-all-your-ec2-instances.html

Good reminder that building on top of highly reliable services doesn’t make your service reliable.
https://metrist.io/blog/the-overlooked-culprit-behind-70-of-saas-outages/

A post on the importance of testing in production, and why other forms of testing are necessary but not sufficient.
https://nagaraj-tantri.medium.com/test-in-production-the-ideal-monitoring-587b23a541f9

A quick preview of upcoming features in the upcoming 1.5 release of the software bill of materials format CycloneDX.
https://www.youtube.com/watch?v=8U3yH4TG3js

Tools

An overview of a set of tools (mapcidr, proxify, simplehttpserver, uncover, notify and cloudlist) intended for offensive security or testing, but more generally useful too, for expanding IP ranges, simple proxies and more..
https://blog.projectdiscovery.io/projectdiscovery-best-kept-secrets/

The new release of Node.js (v19.7.0) comes with the ability to natively build single executables. Interesting.
https://nodejs.org/api/single-executable-applications.html

No is a simple container build tool for Node.js, inspired by Ko for Go.
https://github.com/thesayyn/no

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #699 - 26th May 2024

1 minute read

Platform engineering, establishing a center of production excellence, measuring the DORA metrics and tools for generating tests and writing bash. Oh, and a j...

DEVOPS WEEKLY ISSUE #698 - 19th May 2024

1 minute read

This week we have posts on APIs, behind the scenes of a large production infrastructure, speeding up monorepo builds and tools for managing feature flags and...

DEVOPS WEEKLY ISSUE #697 - 12th May 2024

less than 1 minute read

This week we have a range of posts covering API specification languages, log formats and CI/CD pipelines as well as tools for building development environmen...