1 minute read

Trunk based development, observability cost and cognitive load, advances in web assembly and some interesting policy and security tools posts this week. Enjoy.

StackHawk sponsors Devops Weekly

Is your AppSec team copy and pasting lines of YAML every time a new app is ready for security testing? Try this instead: utilize environment variables and modularize configurations to share common elements across different applications.
https://sthwk.com/scaling-best-practices-strategies

News

A solid argument for adopting trunk based development, focused on speed, efficiency, stability, collaboration and more.
https://trishagee.com/2023/05/29/why-i-prefer-trunk-based-development/

Something I see lots of teams starting to consider. An approach to observability that measures everything, and uses common SaaS tools, introduces a huge cognitive burden on operators, as well as a huge financial cost.
https://davidkcaudill.medium.com/the-ticking-time-bomb-of-observability-expectations-c49c3d17ada1

A provocative post on the need for more transparency when it comes to cloud service availability, and the impact that has on reliability for dependent services.
https://thenewstack.io/cloud-dependencies-need-to-stop-f-ing-us-when-they-go-down/

A request to not use GPT for security recommendations. There is some nuance here, mainly around the training data and prompts used.
https://decodebytes.substack.com/p/please-dont-use-gpt-for-security

A good introduction to the Kyverno policy engine for Kubernetes, and looking at CEL, the Common Expression Language.
https://medium.com/@mariamfahmy66/validating-admission-policies-in-kyverno-1f4a3e972f92

Announcing WASIX, adding POSIX support to Web Assembly.
https://wasmer.io/posts/announcing-wasix
https://wasix.org/docs/api-reference

An interesting comparison between search engines OpenSearch and Solr, comparing customizability, ops friendliness, community, governance and more.
https://sematext.com/blog/opensearch-vs-solr/

Tools

Legitify is a handy tool for assessing the configuration of a GitHub or GitLab organisation, checking things like SSO, insecure webhooks, permissions and more.
https://github.com/Legit-Labs/legitify

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #699 - 26th May 2024

1 minute read

Platform engineering, establishing a center of production excellence, measuring the DORA metrics and tools for generating tests and writing bash. Oh, and a j...

DEVOPS WEEKLY ISSUE #698 - 19th May 2024

1 minute read

This week we have posts on APIs, behind the scenes of a large production infrastructure, speeding up monorepo builds and tools for managing feature flags and...

DEVOPS WEEKLY ISSUE #697 - 12th May 2024

less than 1 minute read

This week we have a range of posts covering API specification languages, log formats and CI/CD pipelines as well as tools for building development environmen...