1 minute read

Incident reports, cloud spending, buy vs build, reducing error rates, as well as new tools, events and more this week. Just the usual week for busy operations and development teams.

StackHawk sponsors Devops Weekly

Experience automated security testing without the hassle of connecting your own app or configuring an environment! Follow the Tutorial to try out StackHawk and explore a world where security becomes an accelerator, not a blocker


How do you write incident reports that people want to read? This post suggests more long form narrative, and less template based form filling. Some good examples included too.

Some interesting analysis on cloud spend priorities, showing differences at the top and bottom, a focus on consolidation and licence optimisation and more.

Reasoning about buy vs build is always interesting for infrastructure services. This post breaks down the rationale for buying and building in this particular case when it comes to monitoring and metrics tooling.

A post on reducing error rates, by reading all of the error messages. The argument is this helps improve the quality of errors, incentivise fixing problems and remove things that don’t need to be in error logs.

Another interesting use of web assembly, in this case removing a large legacy C++ codebase for a compiler bootstrap.

A good post on the difference between a capability model and a maturity model, and why the former is more relevant when considering devops practices.


WTF is SRE? is a highly-rated, ridiculously-fun, wildly-insightful two-day conference designed to improve the world of Site Reliability Engineering and DevOps. It will take place in London on 4-5 May 2023 and it’ll feature speakers such as Charity Majors, Nathen Harvey, Liz Rice, Crystal Hirschorn and Anaïs Urlichs! Get your ticket with a special Devops Weekly discount.


Want to use CSK, but prefer a declarative interface? This project supports using a JSON format, and can generate a schema for validation.

AI comes to infrastructure as code. You’ll need an OpenAI key to use, but it looks to generate configuration files, Terraform code, CI/CD pipeline configurations and more.

SBOM composition is important when considering how we build higher level services from components and micro services. SPDXMerge does what you’d expect, merging SPDX documents, either creating a single document or doing so by reference. Initial release, so not packaged up yet.