As promised last week, check out this new best practices guide for making your Dockerfile more secure and lightweight 😊 Cheers,
Clare Liguori explains why infrastructure as code is especially important for containerized applications, how they use infrastructure as code with containers at Amazon, and where she thinks infrastructure as code tooling is going.
"We have a fast-moving monolith; we have hundreds of engineers shipping hundreds of commits every day. We deploy those commits continuously, every seven minutes, typically deploying to production around a hundred times per day. It’s really, really difficult to keep this massive monolithic codebase, hurtling along at hundreds of commits per day, from devolving into complete chaos. This post is about how we’ve used linting and automated refactoring to help manage the scale of our Python codebase."
Gareth Rushgrove of Snyk shares tips on testing for vulnerabilities at different stages of the SDLC.
Amazon published as an open source project their approach to developing and running AWS Serverless Application Repository, a production-grade AWS service written mainly in Java and built using serverless technologies.
David's favorite git commit ever is called "Convert template to US-ASCII to fix error", from his time at UK's Government Digital Service.
The Conventional Commits specification is a lightweight convention on top of commit messages. It provides an easy set of rules for creating an explicit commit history; which makes it easier to write automated tools on top of.