Weekly Newsletter
#
19
Top GitHub best practices, code reviews in DevOps, securing Dockers secrets, and more
This week, I'd like to share one of our most popular articles. It's the #1 article on Google if you search for GitHub best practices. We used our own product to scan thousands of GitHub repositories - and interviewed many people, including architects, developers, DevOps engineers, and CTOs - to write this incredible guide on top GitHub best practices. We're confident that implementing the suggestions in this guide will save you time, improve code quality, and prevent security breaches, and I can't wait for you to give it a read!
What makes a good code review in DevOps?
Novel concept 💡 What if you leverage the identity and authorization of repositories to apply the same level of security to packages and artifacts? While we're on this topic, also check out this talk from JS Nation 2019 on the anatomy of exploited NPM packages.
Secure secrets in Docker builds
Once you've used Datree to detect exposed secrets in your Docker builds, turn to this article to learn how to secure them.
Why we're moving our agency, and clients, to Kubernetes
Jack Shedd explains why his agency has moved to Kubernetes for their hosting, which might shedd some light on why you should too. (See what I did there? 💡)
A continuation of DevOps: policy as code
One of the product managers at Docker, Gareth Rushgrove, explores the next step in the DevOps world: policy as code. Great podcast, and the whole thing is transcribed for your reading convenience.
strong_password v0.0.7 rubygem hijacked
Post mortem of another package being hacked, this one a Ruby Gem. The attacker injected code opening a backdoor into whoever used the package. A familiar story.
How to move a large monolithic app to continuous delivery with zero downtime
Great read on migrating a huge app from manual releases to continuous delivery. The takeaway? They thought it couldn't be done, until they did it.