This week, I'd like to share one of our most popular articles. It's the #1 article on Google if you search for GitHub best practices. We used our own product to scan thousands of GitHub repositories - and interviewed many people, including architects, developers, DevOps engineers, and CTOs - to write this incredible guide on top GitHub best practices. We're confident that implementing the suggestions in this guide will save you time, improve code quality, and prevent security breaches, and I can't wait for you to give it a read!
Novel concept 💡 What if you leverage the identity and authorization of repositories to apply the same level of security to packages and artifacts? While we're on this topic, also check out this talk from JS Nation 2019 on the anatomy of exploited NPM packages.
Once you've used Datree to detect exposed secrets in your Docker builds, turn to this article to learn how to secure them.
Jack Shedd explains why his agency has moved to Kubernetes for their hosting, which might shedd some light on why you should too. (See what I did there? 💡)
One of the product managers at Docker, Gareth Rushgrove, explores the next step in the DevOps world: policy as code. Great podcast, and the whole thing is transcribed for your reading convenience.
Post mortem of another package being hacked, this one a Ruby Gem. The attacker injected code opening a backdoor into whoever used the package. A familiar story.
Great read on migrating a huge app from manual releases to continuous delivery. The takeaway? They thought it couldn't be done, until they did it.