DEVOPS WEEKLY
ISSUE #555 - 15th August 2021

Software packaging has been one of the constant topics in devops circles over the last 10 years, it’s one of the topics that drew me to the community back in the day. That’s why I’m interested in how the new PackagingCon event goes and I’m a sure a few readers will be interested too.


StackHawk sponsors Devops Weekly
============================

StackHawk is now integrated with GitHub Code Scanning! Engineers can run automated dynamic application and API security when they check-in code, with results available directly in GitHub.

https://sthwk.com/GitHub-Code-Scanning


News
====

Lots of interesting software and systems observations in this post. Things now possible with WASMm the perils of abstractions, performance profiling amongst other topics

https://jlongster.com/future-sql-web


A lot of work is going into improving software supply chain security at the moment. SCIM is a new project proposing an overarching model and specifications around evidence, policy and storage of artefacts and metadata.

https://github.com/microsoft/scim


An interesting tale of debugging a DNS round robin networking issue that nicely points to the complexities of real world client/server applications.

https://tech.ebayinc.com/engineering/sre-case-study-mysterious-traffic-imbalance/


A good discussion of logging policies, with reference to the ACSC (Australian Cyber Security Centre) guidelines, in particular talking about what to log.

https://medium.com/codex/gain-security-visibility-with-system-monitoring-5c6cc41db285


A post on SLOs and error budgets, the difference between SLOs and SLAs and how they can be used to improve systems reliability.

https://www.infoworld.com/article/3626374/how-slos-and-error-budgets-improve-app-reliability.html


Events
======

A new virtual event, Packaging Con, is coming up November 9th and 10th. It’s billed as a conference for developers of software package management software, as well as software packagers and users.

https://packaging-con.org/


Tools
=====

Havener is a slightly higher level CLI tool for interacting with Kubernetes. It aims to provide both richer presentation and avoid some of the very long commands common with kubectl.

https://github.com/homeport/havener


Allstar is a new GitHub App that allows maintainers to opt in to automated enforcement of various security checks against a repository configuration. Branch protection, security policies, mandatory reviews and more are enforced.

https://openssf.org/blog/2021/08/11/introducing-the-allstar-github-app/
https://github.com/ossf/allstar


Kubestriker is a new handy security auditing tool for Kubernetes clusters.

https://github.com/vchinnipilli/kubestriker



If you received this email directly then you're already signed up, thanks! If however someone forwarded this email to you and you'd like to get it each week then you can subscribe at http://devopsweekly.com

--

You opted in for Devops Weekly at http://devopsweekly.com

You can always unsubscribe by visiting https://devopsweekly.us2.list-manage.com/unsubscribe?u=b6635e37e35fa5eff0c2a947a&id=a63f24d068&e=[UNIQID]&c=37a9c72084

If you have other queries you can contact the list maintainer at gareth@morethanseven.net

Our mailing address is 43 Gwydir Street, Cambridge, UK, CB1 2LG