DEVOPS WEEKLY ISSUE #660 - 20th August 2023
Several posts this week on the Terraform licence change, covering the spectrum of opinions. Plus posts on attestation framework, actions from incident management, monitoring CoreDNS and more.
StackHawk sponsors Devops Weekly
[Aug. 31 @ 10 AM PT] StackHawk Office Hours: GitHub Insights. Unify developer tooling with StackHawk and GitHub—Automate security testing in familiar developer workflows to increase productivity and collaboration.
https://sthwk.com/office-hours-aug
News
A three part series on incident management, and in particular the different actions we might decide to take following an incident.
https://medium.com/@jpaulreed/a-spectrum-of-actions-part-i-d768c56ed5f7
https://medium.com/@jpaulreed/a-spectrum-of-actions-part-ii-a4cad1acd952
https://medium.com/@jpaulreed/a-spectrum-of-actions-part-iii-f242b5d25d90
Terraform, and other Hashicorp tools, are changing their licence terms, adopting the BSL and moving away from the open source MPL licence.
https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license
With the changes to Terraform’s licence, lots of folks are thinking about what this means for them? This post takes the view of a CTO and breaks down a few areas of interest.
https://www.scalefactory.com/blog/2023/08/16/what-saas-ctos-need-to-know-about-the-terraform-licence-change/
Some in the Terraform community are looking at what they can do, with a proposal for a fork under a new open source foundation if the change goes through.
https://opentf.org/
https://blog.gruntwork.io/the-future-of-terraform-must-be-open-ab0b9ba65bca
Running CoreDNS? This set of posts is a good review of the metrics you should be caring about, and how to monitor them.
https://www.datadoghq.com/blog/coredns-metrics/
https://www.datadoghq.com/blog/coredns-monitoring-tools/
Cold start times are still a topic of discussion for serverless applications. This post discusses using AWS Lambda and API Gateway to debug problems, using a Node application example.
https://www.technoblather.ca/aws-lambda-nodejs-debug-apigw-cold-start-timeout/
Tools
Amplification is an opinionated platform for building Node.js apps. It’s intended to remove a lot of repeated work on application infrastructure, generating APIs, tools for data modelling and more.
https://github.com/amplication/amplication
https://amplication.com/
TACOS is a framework for attesting to the development practices of open source projects. It’s intended to solve some of the requirements in the NIST Secure Software Development Framework (SSDF).
https://tacosframework.dev
https://github.com/tacosframework/TACOS-spec