DEVOPS WEEKLY
ISSUE #527 - 31st January 2021

Several security-related posts this week, from incident reports to Kubernetes permissions and security architecture. Plus reliability, rising software complexity and interesting tools for Terraform, JSON parsing and SQLite.


StackHawk sponsors Devops Weekly
==============================

With StackHawk's new GitHub Action, you can integrate AppSec testing directly into your GitHub CI/CD pipeline. See how:

http://sthwk.com/github-actions


News
====

A detailed writeup and timeline of a security incident. It’s important to learn from events like this, and the post finishes up with some concrete recommendations.

https://stackoverflow.blog/2021/01/25/a-deeper-dive-into-our-may-2019-security-incident/


A discussion of various facets of building reliable systems. From SLOs to runbooks, service catalogues to feature flags and more.

https://firehydrant.io/blog/2021-is-the-year-of-reliability/


A post describing the high-level security architecture for a web site. What makes it interesting is the focus on proportionality, being as secure as needed rather than as secure as possible,

https://www.ncsc.gov.uk/blog-post/securing-ncsc-platforms


A good post on the risks associated with permissive permissions and privilege escalation with Kubernetes pods.

https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation


Why does it take so long to build software? Lots of observations in this post, about accidental complexity, about increasing demands vs 10 or 20 years ago on several fronts, on the rise of frameworks and tools that solve problems you might not have and more.

https://www.simplethread.com/why-does-it-take-so-long-to-build-software/


Hex is the package manager for Erlang and Elixir. A new feature, called Hex Preview, allows for checking the contents of source files from specific versions of packages. An important use case that’s easy to miss with the growth of supply chain attacks.

https://hex.pm/blog/introducing-hex-preview


An example of writing unit tests for Helm charts using Go.

https://blog.heyal.co.uk/unit-testing-helm-charts/


Events
======

An event all about the low-level bits of containers. Container runtimes, image building, image scanning, container security and isolation, virtualization inside containers, etc. Taking place March 9th/10th, with the CFP submissions due by the 10th of February.

https://containerplumbing.org


Tools
=====

Simdjson is a JSON parsing library that aims to make parsing gigabytes of JSON per second trivial. Interesting design and API, and bindings available in lots of languages.

https://github.com/simdjson/simdjson


Etok provides a nice user interface for running Terraform on Kubernetes. Avoid needing local credentials or access to APIs. Some handy integration with GCP as well.

https://github.com/leg100/etok


Litestream is a standalone streaming replication tool for SQLite. It runs as a background process and safely replicates changes incrementally to another file or S3.

https://github.com/benbjohnson/litestream



If you received this email directly then you're already signed up, thanks! If however someone forwarded this email to you and you'd like to get it each week then you can subscribe at http://devopsweekly.com

--

You opted in for Devops Weekly at http://devopsweekly.com

You can always unsubscribe by visiting https://devopsweekly.us2.list-manage.com/unsubscribe?u=b6635e37e35fa5eff0c2a947a&id=a63f24d068&e=[UNIQID]&c=76b80cbb69

If you have other queries you can contact the list maintainer at gareth@morethanseven.net

Our mailing address is 43 Gwydir Street, Cambridge, UK, CB1 2LG