1 minute read

Incident postmortems, Git best practices, tips for management open telemetry names and tools and posts on open source software supply chain security this week.

StackHawk sponsors Devops Weekly

[ICYMI] DAST is Dead! Long Live DAST! The Evolution of Dynamic API security Testing webinar is now available on YouTube. Watch on-demand here.
https://sthwk.com/long-live-dast-webinar

News

A post on how to write a good incident postmortem, focused on the importance of understanding context and on applying the 5 whys.
https://medium.com/@vincesackschen/writing-an-excellent-postmortem-8534409f6e0d

An interesting observation about teams banning the use of merge commits in Git, backend by data and with an explanation of why folks are doing so.
https://graphite.dev/blog/why-ban-merge-commits

A breakdown of modern web frameworks, from static site builders to full stack frameworks and simpler/faster alternatives.
https://dev.to/wasp/web-frameworks-we-are-most-excited-for-in-2024-4d15

The end of year report from the Open Source Software Security Initiative, a multi-stakeholder group focused on policy solutions to help improve the security of the open source software ecosystem.
https://whitehouse.gov/wp-content/uploads/2024/01/Securing-the-Open-Source-Software-Ecosystem-OS3I-End-of-Year-Report-MASTERCOPY.pdf

A look at OpenTelemetry’s Semantic Conventions which allow for a common naming scheme for traces that can be standardised across a codebase, libraries, and platforms.
https://www.honeycomb.io/blog/effective-trace-instrumentation-semantic-conventions

A little dated, but a good post on comparing the Serverless framework with CDK, and why you might prefer one over the other.
https://www.alexdebrie.com/posts/serverless-framework-vs-cdk/

Tools

Ortelius is a unified evidence store of supply chain data designed to simplify. It provides developers a coordinated view of who is using a service, its version, and inventory across all end-points.
https://ortelius.io/
https://github.com/ortelius/ortelius

Write your build configuration in C# with Nuke. Includes native integration into a variety of CI/CD tools as well, so no need to write additional YAML configuration.
https://nuke.build/
https://github.com/nuke-build/nuke

Updated:

You May Also Enjoy

DEVOPS WEEKLY ISSUE #694 - 21st April 2024

less than 1 minute read

A theme of architecture this week, with posts on the development of large systems, infrastructure evolution at scale, internal developer toolchains and more.

DEVOPS WEEKLY ISSUE #693 - 14th April 2024

2 minute read

I’ve been crazy busy this week and travelling today, and with it being the start of a new quarter I thought a highlights issue, with some of the top posts fr...