DEVOPS WEEKLY ISSUE #684 - 11th February 2024
Incident management, recent vulnerability disclosures, build and release engineering and more this week. Enjoy.
StackHawk sponsors Devops Weekly
[ICYMI] DAST is Dead! Long Live DAST! The Evolution of Dynamic API security Testing webinar is now available on YouTube. Watch on-demand here.
https://sthwk.com/long-live-dast-webinar
News
A good post on some of the history of declarative container image builds, and the complexity of build systems as they grow.
https://www.chainguard.dev/unchained/images-as-code-the-pursuit-of-declarative-image-builds
We’re seeing more research into complex supply chain attacks at the moment, and this next post covers MavenGate, which highlights the issue of abandoned domain names in some software ecosystems.
https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications
Another recent vulnerability disclosure. This one affects container build and runtime environments and allows for a full container escapate to the host.
https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/
A couple of posts on evolving incident management practices, looking at the need to introduce gradual changes, standardising severity levels, the importance of training and more.
https://medium.com/dyninno/dyninnos-incident-management-an-introduction-a4516b910269
https://medium.com/dyninno/streamlining-and-implementing-incident-management-at-dyninno-c8ea06327f3a
A good post looking at integrating accessibility testing into developer workflows. Good discussion of modern toolchain challenges and integration options.
https://innovation.ebayinc.com/tech/engineering/introducing-an-accessibility-linter-for-marko-shortening-the-accessibility-testing-pipeline/
Tools
Glasskube is a new package manager for Kubernetes. It ships with a GUI and CLI tooling, as well as a central public package repository and the ability to auto-update packages.
https://github.com/glasskube/glasskube/
https://glasskube.dev/
APISIX is an API Gateway with a range of traffic management features including load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability and more.
https://github.com/apache/apisix
https://apisix.apache.org/