Weekly Newsletter
#
1
New & improved Datree, renaming IT Ops to DevOps, accidental complexity in coding, secrets, and more
Welcome! I'm excited to have you join me on the Datree newsletter. Every week, you'll get 5+ links to relevant articles on DevOps, Git, security, and code quality that developers like us find interesting and useful. If you're not familiar, Datree allows you to enforce security policies and code quality standards in every merge so you can be confident in your code. We've been working hard to act on your feedback and added several new features - read the post below for details 👇 Cheers,
Shimon Tolts
CTO and Co-founder
You can’t just rename your IT Ops team and call it “DevOps”
Jeff Meyerson of Software Engineering Daily podcast recently interviewed Shimon Tolts for a straight talk on DevOps. They covered what DevOps is, how a developer's responsibilities have changed over the years to include QA and deployment, whether infrastructure-as-code is a good thing, best practices for Git repositories management, and more.
Dark, and accidental complexity in coding
Building applications today is incredibly complex, and a great deal of that complexity is accidental, said Paul Biggar. He contends infrastructure, deployment, API, "code-as-text" complexities are all out of control, and asks: "Why is it that to build an application today we need to learn Kubernetes, Docker, Git, load balancers, dozens of AWS services, SQL, npm, Heroku, DNS, memcached, Nginx, and the rest of the endless list of tools and technologies that each provide one part of an application?"
The human side of secure development
Like its counterpart DevOps, which means to bridge the gap between development and operations, DevSecOps means to bridge the gap between development, security, and operations. In this article, Matty Jones from Salesforce Engineering focuses on the human element and how common interactions between developers and security teams can be made easier and more productive.
Writing Github Actions in Node.js instead of shell scripts
In this tutorial, Roman Labunsky shared tips on writing Github Actions using Node.js to automate git workflows, including useful tools he used and gotchas owing to the differences between a typical Docker container and Github's runtime environment.
Simplifying Serverless Secrets
The Engineering team at New York Times built their own library for easing the use of Hashicorp Vault for managing secrets in Google Cloud's serverless solutions. They were having to inject secrets as environment variables at deployment time, and users were able to see these secrets in plain text.
P.S. Speaking of secrets, we at Datree have a strong opinion - check out this upcoming webinar on how to manage secrets in your code.