Welcome! I'm excited to have you join me on the Datree newsletter. Every week, you'll get 5+ links to relevant articles on DevOps, Git, security, and code quality that developers like us find interesting and useful. If you're not familiar, Datree allows you to enforce security policies and code quality standards in every merge so you can be confident in your code. We've been working hard to act on your feedback and added several new features - read the post below for details 👇 Cheers,
CTO and Co-founder
Jeff Meyerson of Software Engineering Daily podcast recently interviewed Shimon Tolts for a straight talk on DevOps. They covered what DevOps is, how a developer's responsibilities have changed over the years to include QA and deployment, whether infrastructure-as-code is a good thing, best practices for Git repositories management, and more.
Building applications today is incredibly complex, and a great deal of that complexity is accidental, said Paul Biggar. He contends infrastructure, deployment, API, "code-as-text" complexities are all out of control, and asks: "Why is it that to build an application today we need to learn Kubernetes, Docker, Git, load balancers, dozens of AWS services, SQL, npm, Heroku, DNS, memcached, Nginx, and the rest of the endless list of tools and technologies that each provide one part of an application?"
Like its counterpart DevOps, which means to bridge the gap between development and operations, DevSecOps means to bridge the gap between development, security, and operations. In this article, Matty Jones from Salesforce Engineering focuses on the human element and how common interactions between developers and security teams can be made easier and more productive.
In this tutorial, Roman Labunsky shared tips on writing Github Actions using Node.js to automate git workflows, including useful tools he used and gotchas owing to the differences between a typical Docker container and Github's runtime environment.
The Engineering team at New York Times built their own library for easing the use of Hashicorp Vault for managing secrets in Google Cloud's serverless solutions. They were having to inject secrets as environment variables at deployment time, and users were able to see these secrets in plain text.
P.S. Speaking of secrets, we at Datree have a strong opinion - check out this upcoming webinar on how to manage secrets in your code.