A couple of news regarding GitHub. They've launched a Package Registry service (see below) and - perhaps more importantly - fully discontinued their per repository pricing. What's scary is if you're still on the old pricing, every new repo created will now automatically be public, and you can't change it to private until you switch to the new, per user pricing 😱 We just wrote a guide on this:
GitHub just announced the beta launch of their package management service that makes it easy to publish public or private packages next to your source code.
Brunton-Spall quotes Wayne Gretsky and takes you through where the puck's been, where it is today, and where it's going when it comes to security (video + transcript).
"The reason why most people should adopt microservices today, I think anyway, is really about human communication and organizational design. Still to this day, despite all of our technology, innovations, and process, we haven't found a way for more than roughly a dozen developers to work effectively on a single piece of software". By Ben Sigelman.
Phil Whelan shares his experience and tips on managing credentials after using HashiCorp Vault for about 18 months.
There are many ways to remove sensitive info from your code (including using Datree 😉). Here is one where you run gitleaks on your local repository before every push.