1 minute read

Developer platforms, AI hallucination, open source, portable development environments and a new SBOM-related tool I’ve been hacking on recently.

StackHawk sponsors Devops Weekly

Heading to AWS Re:Inforce? Stop by the Snyk booth #110 to see how StackHawk and Snyk correlate results to inform you which security bugs need to be fixed first and where to find them in your code.

News

An interesting side effect of LLMs hallucinating. A new attack vector. LLMs can suggest the use of non-existent packages, attackers can register those packages.
https://vulcan.io/blog/ai-hallucinations-package-risk

What is an internal developer platform? This post discusses 7 elements covering secrets management, version control, CI/CD pipelines, portals and more.
https://thenewstack.io/7-core-elements-of-an-internal-developer-platform/

A post on the asymmetry of open source, between producers and users. Given the importance of open source tools to software and infrastructure development it’s important to understand for those involved with devops.
https://matt.life/writing/the-asymmetry-of-open-source

Another open source post, this one on the need for a new licensing framework for neural net weights. These are critical for AI, and for useful open source implementations.
https://heathermeeker.com/2023/06/08/toward-an-open-weights-definition/

Continuing this series of what operators on earth can learn from incidents in space, this post looks at balancing what went right with failure, technical and process failures related to measurement and more.
https://flyingbarron.medium.com/how-can-you-land-5-kilometers-above-the-moon-799002ffb615

A fun build engineering post. Want to bootstrap an end-to-end build of the latest version of the JVM? You need to go back to Java 1.5.0.
https://www.chainguard.dev/unchained/fully-bootstrapping-java-from-source-in-wolfi

A post on portable development environments using Nix, Cloud9 and DevBox.
https://www.buildon.aws/livestreams/build-on-weekly/2023-06-01

Tools

Bias warning as this is something new I’ve been working on. Parlay is a new tool for enriching SBOMs. Add extra information about the source location, licences, maintainers and vulnerabilities. The post contains some examples of why this is powerful.
https://github.com/snyk/parlay
https://snyk.io/blog/introducing-parlay/
https://snyk.io/blog/parlay-quickstart-guide/

Regal is a new linter for Open Policy Agent’s rego language. It covers lots of various bugs, style and best practice issues.
https://github.com/StyraInc/regal

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #694 - 21st April 2024

less than 1 minute read

A theme of architecture this week, with posts on the development of large systems, infrastructure evolution at scale, internal developer toolchains and more.

DEVOPS WEEKLY ISSUE #693 - 14th April 2024

2 minute read

I’ve been crazy busy this week and travelling today, and with it being the start of a new quarter I thought a highlights issue, with some of the top posts fr...