1 minute read

A big mix of posts on Detection engineering, new security guidelines for AWS, open source search engines, build tools and more this week.

StackHawk sponsors Devops Weekly

[ICYMI] How to Shift Left: People, Process, Technology webinar is now available on YouTube. Watch on-demand for expert tips on implementing a shift-left practice at your organization.
https://sthwk.com/how-shift-left-YT

News

An interesting, if deep, post on detection engineering paradigms. Looking at Pyramid of Pain, Atkinson’s Endpoint Procedure Decomposition and MITRE ATT&CK.
https://medium.com/@gary.j.katz/the-relationships-between-detection-engineering-paradigms-f1ccd5685e23

A quick rundown of what’s new in the latest CIS benchmark for AWS.
https://steampipe.io/blog/cis-v20-aws-benchmark

I’m a big Make fan. This post has a bunch of handy tricks for writing more powerful Makefiles for Python projects.
https://ricardoanderegg.com/posts/makefile-python-project-tricks

A nifty list of (mainly) open source search engines beyond the big names you’re probably familiar with.
https://sematext.com/blog/elasticsearch-opensearch-solr-alternatives/

A proposal for a static description of a Kubernetes cluster, called a KBOM. Don’t worry, this isn’t a new standard. In fact it’s implemented using CycloneDX.
https://blog.aquasec.com/introducing-kbom-kubernetes-bill-of-materials

A look at Rio, a new GPU-accelerated terminal application that can run natively as well as in the browser.
https://medium.com/@raphamorim/rio-terminal-a-native-and-web-terminal-application-powered-by-rust-webgpu-and-webassembly-76d03a8c99ed
https://github.com/raphamorim/rio

Tools

Xeol is a tool for detecting end of life packages, from container images, source and SBOMs.
https://github.com/xeol-io/xeol

Skypilot is a specialised framework for running LLMs, AI, and batch jobs on cloud infrastructure. Optimised for managing GPU fleets and cost-efficiency.
https://github.com/skypilot-org/skypilot
https://skypilot.readthedocs.io/en/latest/

Bingo is billed as “go get, but for binaries”. It’s a Go specific tool used to install specific versions of Go executables, ideal for reproducible development environments.
https://github.com/bwplotka/bingo

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #694 - 21st April 2024

less than 1 minute read

A theme of architecture this week, with posts on the development of large systems, infrastructure evolution at scale, internal developer toolchains and more.

DEVOPS WEEKLY ISSUE #693 - 14th April 2024

2 minute read

I’ve been crazy busy this week and travelling today, and with it being the start of a new quarter I thought a highlights issue, with some of the top posts fr...