DEVOPS WEEKLY
ISSUE #558 - 5th September 2021

Error budgets, managing ransomware, SRE, observability, handy Git tools and more this week.


StackHawk sponsors Devops Weekly
============================

Trying to scale AppSec across engineering is no joke. Check out the 3 main reasons developers struggle with AppSec and how to make it better.

https://sthwk.com/3reasons


News
====

A good introduction to error budgets and using them to make trade-offs between risk and stability.

https://medium.com/jump-start/data-driven-negotiation-with-slis-slos-and-error-budgets-2-2-e52ebd5a9d4f


An interesting post on modern ransomware and malware attacks and now to mitigate and deal with the fallout.

https://www.ncsc.gov.uk/blog-post/rise-of-ransomware
https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks


A handy pattern for when you need to create new repositories based on a template and some variables, using GitHub repository templates, Actions and the python cookiecutter tool.

https://simonwillison.net/2021/Aug/28/dynamic-github-repository-templates/


A look at the security profile operator for Kubernetes. This exposes a first-class interface for configuring seccomp profiles amongst other useful features including exposing metrics and enriching logs.

https://medium.com/@LachlanEvenson/managing-kubernetes-seccomp-profiles-with-security-profiles-operator-c768cff58b0


The first two parts of a series on building an analytics platform based on Druid. Background on technology choice and lots of technical details about the implementation.

https://medium.com/pinterest-engineering/pinterests-analytics-as-a-platform-on-druid-part-1-of-3-9043776b7b76
https://medium.com/pinterest-engineering/pinterests-analytics-as-a-platform-on-druid-part-2-of-3-e63d5280a1a9


A post looking at the role of an SRE team in adopting observability tooling. A lot of this depends, in my experience, on the reality on the ground of roles vs the titles.

https://rootly.io/blog/the-role-of-sres-in-observability


Events
======

Kubernetes Community Days UK is coming up on the 15th and 16th September. A virtual event over 2 days, with talks on supply chain security, secrets, scaling, getting started with Kubernetes and lots more.

https://community.cncf.io/events/details/cncf-kcd-uk-presents-kubernetes-community-days-uk-2021/


Tools
=====

There is so much interesting information in Git and GitHub metadata. Askgit is a CLI tool for exposing that data via a SQL interface to make it easier to use.

https://github.com/askgitdev/askgit


Monika is a nice and simple monitoring tool. Define probes for URLs in a config file, what failure looks like and how you want to be notified of any issues. It also supports Postman and HAR files as input.

https://github.com/hyperjumptech/monika
https://monika.hyperjump.tech/quick-start



If you received this email directly then you're already signed up, thanks! If however someone forwarded this email to you and you'd like to get it each week then you can subscribe at http://devopsweekly.com

--

You opted in for Devops Weekly at http://devopsweekly.com

You can always unsubscribe by visiting https://devopsweekly.us2.list-manage.com/unsubscribe?u=b6635e37e35fa5eff0c2a947a&id=a63f24d068&e=[UNIQID]&c=c71b427142

If you have other queries you can contact the list maintainer at gareth@morethanseven.net

Our mailing address is 43 Gwydir Street, Cambridge, UK, CB1 2LG