1 minute read

Incident management, recent vulnerability disclosures, build and release engineering and more this week. Enjoy.

StackHawk sponsors Devops Weekly

[ICYMI] DAST is Dead! Long Live DAST! The Evolution of Dynamic API security Testing webinar is now available on YouTube. Watch on-demand here.
https://sthwk.com/long-live-dast-webinar

News

A good post on some of the history of declarative container image builds, and the complexity of build systems as they grow.
https://www.chainguard.dev/unchained/images-as-code-the-pursuit-of-declarative-image-builds

We’re seeing more research into complex supply chain attacks at the moment, and this next post covers MavenGate, which highlights the issue of abandoned domain names in some software ecosystems.
https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications

Another recent vulnerability disclosure. This one affects container build and runtime environments and allows for a full container escapate to the host.
https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/

A couple of posts on evolving incident management practices, looking at the need to introduce gradual changes, standardising severity levels, the importance of training and more.
https://medium.com/dyninno/dyninnos-incident-management-an-introduction-a4516b910269
https://medium.com/dyninno/streamlining-and-implementing-incident-management-at-dyninno-c8ea06327f3a

A good post looking at integrating accessibility testing into developer workflows. Good discussion of modern toolchain challenges and integration options.
https://innovation.ebayinc.com/tech/engineering/introducing-an-accessibility-linter-for-marko-shortening-the-accessibility-testing-pipeline/

Tools

Glasskube is a new package manager for Kubernetes. It ships with a GUI and CLI tooling, as well as a central public package repository and the ability to auto-update packages.
https://github.com/glasskube/glasskube/
https://glasskube.dev/

APISIX is an API Gateway with a range of traffic management features including load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability and more.
https://github.com/apache/apisix
https://apisix.apache.org/

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #694 - 21st April 2024

less than 1 minute read

A theme of architecture this week, with posts on the development of large systems, infrastructure evolution at scale, internal developer toolchains and more.

DEVOPS WEEKLY ISSUE #693 - 14th April 2024

2 minute read

I’ve been crazy busy this week and travelling today, and with it being the start of a new quarter I thought a highlights issue, with some of the top posts fr...