1 minute read

A mix of posts (on incident management, platform engineering, token exposure and more) and tools (including for working with APIs, building complex service-based applications, artifact verification) this week. Plus lookout for SCALE and Devopsdays Los Angeles this coming week.

StackHawk sponsors Devops Weekly

If you’re attending DevOps Days LA and have questions about security testing in build pipelines, come find us! We will be giving away Lego sets too!
https://www.socallinuxexpo.org/scale/20x/events/devops-day-la

News

A good talk from LFI Conf 23, on incident management and the importance of involving stakeholders from across teams and beyond engineering in incident reviews.
https://www.youtube.com/watch?v=CbSiKAtO7Fk

A discussion of platforming the developer experience. How can central teams scale internal application systems to provide a good developer experience for a diverse set of development teams?
https://devops.com/platforming-the-developer-experience/

Another post on platform engineering. This one looking at the misconception that platform engineering goals are achieved just through a new dashboard.
https://thenewstack.io/platform-engineering-is-not-about-building-fancy-uis/

A good reminder about the importance and impact of token exposure in security incidents.
https://decodebytes.substack.com/p/software-supply-chains-achilles-heel

A good technical post on the development of a proxy framework, extracted from other components. Nice post on evolutionary architecture.
https://blog.cloudflare.com/introducing-oxy/

Events

Devopsdays Los Angeles is coming up this week, on March 10th, at the Pasadena Convention Center as part of SCALE. Sessions on breaking down silos, the role of operators, case studies and more.
https://devopsdays.org/events/2023-los-angeles/welcome/

Tools

Service Weaver is a Go programming framework for writing and deploying cloud applications. Components can be run in a single process, or split across services, without changing the code.
https://opensource.googleblog.com/2023/03/introducing-service-weaver-framework-for-writing-distributed-applications.html
https://serviceweaver.dev/

Ratify is a verification engine which enables verification of artifact security metadata. It comes integrated with Gatekeeper on Kubernetes.
https://github.com/deislabs/ratify

Bruno looks like an interesting project. It’s an IDE for working for APIs, saving collections to disk meaning they can be checked into Git.
https://github.com/usebruno/bruno

A handy utility to dump AWS Fargate’s ECS containers environment variables locally.
https://github.com/dineshgowda24/ecsnv

Updated: