1 minute read

From the business of engineering to the more technical posts. Cloud spend, platform engineering, service-mesh adoption, the problem with secrets, SBOM workflows and a few other interesting posts this week.

StackHawk sponsors Devops Weekly

Bridging the gap between security and engineering involves giving teams responsible for writing and deploying code a way to include security testing in their standard workflow. Check out Omdia’s POV on StackHawk in their On the Radar Report.
https://sthwk.com/on-the-radar

News

COGS (or cost of goods sold) is relevant in lots of business contexts, but in a technology company, a large component is likely to be Cloud spend. A good post, covering both an introduction and concrete topics to consider when looking to reduce COGS.
https://www.linkedin.com/pulse/cogs-problem-michael-stahnke/

A post introducing and discussing Platform Engineering. Some good observations about the proximity and differences to traditional infrastructure engineering.
https://www.maxcountryman.com/articles/delivering-value-with-platform-engineering

Another post on Platform Engineering, this one looking to identify common journeys (like ticket driven workflows, exposing a Kubernetes API, exposing a Cloud API, etc.) and problems and solutions arising from those starting points.
https://www.syntasso.io/platform-journeys/

A nice update for the beta of IaSQL, which basically exposes an AWS account as a PostgreSQL database. Some interesting new features, like transactions for infrastructure updates.
https://iasql.com/blog/beta/

The State of Secrets Sprawl report looks at the problem of secrets leakage, highlighting related incidents, some of the ecosystem challenges and data from the last year.
https://www.gitguardian.com/files/the-state-of-secrets-sprawl-report-2023

A couple of posts, looking at one team’s adoption of the Linkerd service mesh and some of the dashboards used to monitor usage and performance.
https://tech.loveholidays.com/linkerd-at-loveholidays-monitoring-our-apps-using-linkerd-metrics-fa44c13bee49
https://tech.loveholidays.com/linkerd-at-loveholidays-our-journey-to-a-production-service-mesh-9a6cd478d395

A look at an SBOM workflow, using various tools to build an SBOM and upload it to DependencyTrack, orchestrated by Dracon pipelines.
https://ocurity.com/blog/sboms-with-dracon/

Running with an analogy can be fun. This post compares maintaining a complex software project over time to playing the game of Jenga.
https://www.bobbytables.io/p/your-codebase-is-a-jenga-tower

Tools

Ruff is a linter for Python, that aims to be much faster than existing tools. I think this will be a pattern, re-implementing certain ecosystem tools in Rust for improved performance.
https://github.com/charliermarsh/ruff

Updated: