1 minute read

Platform Engineering, alert design and some good real world stories of debugging, testing or building internal tooling this week.

StackHawk sponsors Devops Weekly

[ICYMI] DAST is Dead! Long Live DAST! The Evolution of Dynamic API security Testing webinar is now available on YouTube. Watch on-demand here.


A look at Platform Engineering, and introducing a layered model of platform, with the oft-missing platform orchestration layer binding together the application and infrastructure.

A good troubleshooting writeup (featuring ceph, systemd and containerd), and a good reminder of the layered complexity of the software systems we operate.

Good alert design is hard. This post looks in particular at the problem with workflows acknowledging alerts and the impact on alert fatigue.

A quick post on building a Slack bot to help with handoff for ongoing incidents. A good reminder of the powerful combination of APIs for your ops tools and the low barrier to writing and running bots like this with modern cloud infrastructure.

Another blog post in this series, looking at testing in microservices environments, and how one organisation has solved this with its own customer tooling.

A few handy checklists for security focused code review, for both server and frontend applications. Plus a discussion of security code reviews in general, including reference to threat modelling.


LLRT is an experimental, lightweight JavaScript runtime intended to Serverless environments. It targets a subset of the Node API, but enables much faster startup time and faster overall performance, as well as lower running costs.