A bit of an observability and security theme this week, with posts on combining observability with security, threat modelling, incident reviews and open source observability platforms.

StackHawk sponsors Devops Weekly

Experience automated security testing without the hassle of connecting your own app or configuring an environment! Follow the Tutorial to try out StackHawk and explore a world where security becomes an accelerator, not a blocker
https://sthwk.com/tutorial

News

Operating databases at scale in distributed systems is hard, with lots of subtle failure conditions. This detailed incident report is filled with lots of advice on both incident response, good observability and systems design.
https://www.honeycomb.io/incident-review-what-comes-up-must-first-go-down

A post on the benefits of using observability tooling for security use cases, covering teamwork, response times, predicting threats and more.
https://medium.com/eteam/how-to-combine-observability-driven-development-and-security-64e4b0ca745e

A useful post discussing threat modelling and showing a threat model for software supply chain security problems.
https://openssf.org/blog/2023/09/27/threat-modeling-the-supply-chain-for-software-consumers/

I’m a big Open Policy Agent fan, and a fan of the Rego policy language, but it does require learning a logic programming language that might be unfamiliar to some. Hence this post is likely useful, looking at how to express Or, but covering a bunch of language idioms at the same time.
https://www.styra.com/blog/how-to-express-or-in-rego/

A good introduction to the role of the API Gateway, and in particularly looking at standardisation in the Kubernetes ecosystem.
https://wso2.com/library/blogs/the-api-gateway-and-the-future-of-cloud-native-applications/

Events

Kubernetes Community Days UK is returning in-person in London on 17th and 18th October. An agenda that covers a wide range of talks (on technical topics as well as people, process and a bit of history), workshops and lighting talks. The organisers have kindly offered 25% off tickets as well.
https://ti.to/open-source-events/kcduk2023/discount/KCDUK23_DEVOPS_25
https://kcduk.io

Tools

HyperX is an open source observability platform, centralising and correlating logs, metrics, traces, exceptions and session replays in one place.
https://github.com/hyperdxio/hyperdx
https://www.hyperdx.io/

An open source book for anyone learning Typescript. The Concise TypeScript Book is available online and as an epub, and as the title suggests is great primer to anyone getting started quickly.
https://github.com/gibbok/typescript-book