DEVOPS WEEKLY ISSUE #644 - 30th April 2023
KubeCon EU a couple of weeks ago means there are several Kubermnetes relates posts this week, along with posts on developer platforms, devops attack surface, SBOMs and more.
StackHawk sponsors Devops Weekly
gRPC security scanning is in open beta. Scan each microservice and improve engineering best practices with StackHawk’s support for scanning gRPC services. Sign up to join the first gRPC security testing beta available in the market!
KubeCon EU wrapped last week, and the following post has a nice summary of the keynotes, community events and some of the track talks.
Lots of talk of internal developer platforms recently, so the following site looks useful. It’s curating links and content, including organising the component parts of developer platforms.
A devops threat matrix, looking at risks across access control, data persistence, credentials, exfiltration and more. A useful tool for discussing the attack surface of a modern application stack.
A look at the perils of comparing system diagrams, showing how complexity can hide in the level of detail, especially between different architecture approaches.
A post on alternatives to Dockerfile for container builds. While it talks about some of the disadvantages, it doesn’t address the advantages of Dockerfiles and why they are (still) so popular.
A nice, short, primer on software bill of materials covering the most common formats and some current growing pains of the ecosystem.
Sync Linear is a tool to synchronize Linear tickets and GitHub issues. Handy if you’re using Linear internally but have open source projects on GitHub.