1 minute read

A range of posts this week on cloud strategy, AWS, Node.js tools, supply chain security and more.

StackHawk sponsors Devops Weekly

gRPC is the popular choice for building microservices and distributed systems. Ensuring these APIs are secure and protected against vulnerabilities is essential. StackHawk is rolling out a private beta for gRPC API security testing. Register here:
https://sthwk.com/gRPC-beta

News

A post on cloud strategy, using a useful model of technology, capability, innovation and business to discuss progression through four stages of adoption.
https://blog.container-solutions.com/biggest-cloud-native-strategy-mistake

This next post looks at a useful categorisation of software supply chain attack initiators, and why categorising is useful when considering prevention and reaction.
https://stevelasker.blog/2023/01/31/initiators-of-supply-chain-incidents/

A new AWS feature which means you can now pass an IAM role to every EC2 instance in your account using AWS Systems Manager. Interesting new threat vector as well.
https://awsteele.com/blog/2023/02/20/a-role-for-all-your-ec2-instances.html

Good reminder that building on top of highly reliable services doesn’t make your service reliable.
https://metrist.io/blog/the-overlooked-culprit-behind-70-of-saas-outages/

A post on the importance of testing in production, and why other forms of testing are necessary but not sufficient.
https://nagaraj-tantri.medium.com/test-in-production-the-ideal-monitoring-587b23a541f9

A quick preview of upcoming features in the upcoming 1.5 release of the software bill of materials format CycloneDX.
https://www.youtube.com/watch?v=8U3yH4TG3js

Tools

An overview of a set of tools (mapcidr, proxify, simplehttpserver, uncover, notify and cloudlist) intended for offensive security or testing, but more generally useful too, for expanding IP ranges, simple proxies and more..
https://blog.projectdiscovery.io/projectdiscovery-best-kept-secrets/

The new release of Node.js (v19.7.0) comes with the ability to natively build single executables. Interesting.
https://nodejs.org/api/single-executable-applications.html

No is a simple container build tool for Node.js, inspired by Ko for Go.
https://github.com/thesayyn/no

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #694 - 21st April 2024

less than 1 minute read

A theme of architecture this week, with posts on the development of large systems, infrastructure evolution at scale, internal developer toolchains and more.

DEVOPS WEEKLY ISSUE #693 - 14th April 2024

2 minute read

I’ve been crazy busy this week and travelling today, and with it being the start of a new quarter I thought a highlights issue, with some of the top posts fr...