A wide mix of topics this week, from learning from incidents to agile auditing and software supply chain tooling to LLMs and more. Enjoy.
StackHawk sponsors Devops Weekly
[Aug. 31 @ 10 AM PT] StackHawk Office Hours: GitHub Insights. Unify developer tooling with StackHawk and GitHub—Automate security testing in familiar developer workflows to increase productivity and collaboration.
Good advice for junior (or really any) engineers working in larger companies; attend retrospectives and spend time learning from incidents.
An introduction to Enterprise Contract, a higher level tool for verifying software supply chain artefact details built on top of sigstore and open policy agent.
A nice introduction to the Wing programming language, designed specifically for cloud development by making cloud services first class primitives in the language itself.
Software audits, of various types, are generally seen as anathema to agile software development. A new book on agile auditing tries to change that perception and this post has a short review.
Measuring the performance of web applications is surprisingly tricky, with lots of nuance between browsers, location and other factors. This post provides a quick introduction.
SBOMit is a new project aiming to extend the SBOM concept to also capture development details like version control usage, build process, unit testing, dependencies used, fuzzing, licence compliance checks, packaging, etc.
SQLCoder is a LLM for converting natural language questions to SQL queries. Open source code and weights under a CC BY-SA licence. Lots of interesting data exploration interfaces are coming I feel.