This week we're excited to have released a new feature: policy rule for Docker images 💪. With this policy you can whitelist or blacklist Docker images for security, migration, or best practice reasons. Examples: you want to stop folks from using Alpine v3.3 (security vulnerability), jenkins/jenkins (deprecated), or Python 2.7 (out of maintenance). This is a custom rule so you can configure what you want.
"In my experience when I talk to DevOps people about security they're way more receptive than when I try to talk to security about DevOps and what they can learn." Mike Julian of Real World DevOps interviews Kelly Shortridge (transcript available).
This is like the Gartner hype cycle but for the dev tools / DevOps space. Here InfoQ editors rate where they think different technologies are on the adoption curve, including GitOps.
"While there is a wealth of information available on data science and machine learning from the modeling perspective, there isn’t nearly as much published about how companies build and operate their production machine learning infrastructure."
This is timely, because we just released a new policy rule for streamlining Docker images. Chris Noring describes his favorite practices for doing Docker better.
"Lock files are super useful if you build an app like a web server. However, if you publish a library or CLI to npm, lock files are never published. Meaning your users and you might use different versions of dependencies if you use lock files."