The DevSecOps Talks Podcast

We are happy to welcome back Jacob Lärfors, CEO and Senior Consultant from Verifa, to talk about software supply chain attacks. It feels important to raise this topic since those attacks start to be utilized more often by sophisticated adversaries. At the same time, software supply chain security is something that companies often overlook. We as practitioners have so many things to consider and do that, in most cases, we do not have enough cognitive capacity left when looking into our library sources. What are the things we need to be aware of, and what are the low-hanging fruits we could utilize to help developers do their job securely?   Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer your questions, hear suggestions for new episodes or just hear from you, our listeners.

Have you heard any recent news from Docker? We haven't. That is why we decided to check up on Docker to see how it is doing and go through the tool's history and adoption. Clueless about the difference between Docker, Containerd, CRI-O? We got you covered. Also, we will highlight a couple of new handy capabilities added recently.   Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer your questions, hear suggestions for new episodes or just hear from you, our listeners.

We are excited about the new breed of tools coming to the market. We often had to put together tools to find out what was in production and what broke it. Your monitoring tools go as far as only telling you that something isn't working as expected but not why it is so, and then you have to scramble to figure out what versions of services are in production, were there any recent deploys, etc. So you can understand what has changed to narrow down possible causes. Our good friend Mike and his team are building the tool to answer exactly such questions, so we thought you might be interested in hearing him out.   Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer your questions, hear suggestions for new episodes or just hear from you, our listeners.

We are discussing what has happened in Terraform world since the 1.0 release last year and if there are new features worth mentioning, trends in Terraform development, etc. As well as doing a recap of the road to 1.0 and how long it took us to get there. Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer your questions, hear suggestions for new episodes or just hear from you, our listeners.

If you follow CloudNative hype wave, you might feel that Prometheus is the must-use monitoring tool for everything CloudNative. Plus, almost everything nowadays has a Prometheus exporter. Just get that helm chart installed, and here you go - metrics question sorted out. Want to monitor endpoints - here is BlackBox exporter for you. Want to get notifications - AlertManager got you covered. And so on and so on. But is it all rainbows and unicorns? You probably guessed that it depends. This time, Semyon is joining us to air his grievances with Prometheus and share insights on how to cook it if you decide to go down this route.

Communication in co-located teams is quite often complicated. It is even more complex and, at the same time, important in distributed teams. Have you ever got an issue report that says this thing is failing? No logs, no explanation of context, no nothing. Pretty sure we've all been in such situations. How do you step up your communication game? This episode of DevSecOps Talks is about great communication tips for DevSecOps practitioners in distributed (and not only) teams.   Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.

web3 has gotten a lot of attention lately; thus, it is time for us to separate facts from the hype. In this episode, we are trying to understand its implications for us as DevSecOps practitioners.   Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.

Andrey feels frustrated that he has to develop a way to configure environments for every customer. Think for yourself - you arrive at a new project or company. It is day one, and you need to get the right tools as well as the correct environment configuration. During this episode, we are trying to figure out how companies solve it. And is there a standard solution? What are the options?   Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.

Henrik Hoegh is back to talk about his experiences working in the platform team at his new job, but before that, we are getting through the following topics: - bash is the future of automation (not really, but some people think so) - building multi-cloud solutions using k8s and service mesh solutions - Shuttle - CLI for handling shared build and deploy tools between projects no matter what technologies the projects are using https://github.com/lunarway/shuttle - when is it the time to start looking into the building application delivery platform - platform team as an enabler or evil gatekeeper - team topology Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.

us-east-1 will never go down, and if it would, half of the internet would go down. It is what people used to say. So, us-east-1 went down big time. What does it mean for us as practitioners? What should we consider going forward? In this episode, we talk through the incident and disaster recovery strategies you can consider to keep your company up Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.