SaaS-based SAST tool for enterprise code quality scanning?

We currently use SonarQube and are seeking alternatives. Cost is not a concern as we would like to evaluate all of the best possible enterprise-level tools on the market. One of our InfoSec requirements is that the tool supports SSO natively (otherwise we would consider something like SonarCloud). Our developer requirements are that the tool have good code coverage scanning capabilities and can integrate into CI/CD pipelines in Azure DevOps and GitHub.

A few of our developers have experience with Snyk Code and have recommended we evaluate this. I've also scoured Reddit for some alternatives and seems like Checkmarx might have a platform worth evaluating. Are there others we should be looking to evaluate?

https://redd.it/13ig8bz
@r_devops

How are companies distributing their workloads in a multi-cloud architecture?

Hi, I am a grad student interested to work on a devops project. I am interested in knowing how companies distribute their workloads in a multi-cloud setting. The way I am categorizing it as of now is as follows:

1. Run orthogonal workloads (business-wise) such as say all ML training workloads on GCP and OLTP workloads on AWS?
2. Take a more fine-grained approach such as say two active-active replicas that require strong consistency running on two different clouds? Note this strategy requires high availability guarantee.

A follow up question is where do you see multi-cloud is going? Towards #1 or #2. Also do you know how control plane management such as etcd is being done in multi-cloud today? Are there multi-cloud control plane coordination systems such as zookeeper? Or do you see value in it?

https://redd.it/13ilktq
@r_devops

What’s an alternative to Amplication? I’m using Refine for FrontEnd Nextjs Supabase

What’s an alternative to amplication.com?

Creating my FrontEnd using Refine,
Works great…
On the other hand,
The Amplication docs… are wrong, has wrong and missing packages, also, mis labeled directories… the support is very snooty.


What is an alternative to Amplication?

https://redd.it/13iomv4
@r_devops

What are Devops Contractors charging in 2023?

Hi everyone,
I’m contracting but I feel like Im short-selling myself. I may have an opportunity to get a new client but I’ve been trying to figure out what the average rate is /hr? I’ve seen $100-$150/hr on a post from a few years back. Do skills and certs matter? Is there any rhyme or reason to determining what your skills are worth per hour?

https://redd.it/13ir3yr
@r_devops

New Grad, landed a DevOps job

So I just graduated last month with a Software Engineering degree, which I did reasonably well in. Managed to land a DevOps role at a relatively small startup, and finished the first week of work and feel heavily overwhelmed. I feel like if I can't catch up in a week I'll be left behind but I'm wondering if it is even possible.

If anyone has any resources or tips on how to make sure I can see my days through, I would love to take that and work towards it. Or if there is any other advice that would be kindly shared would be greatly appreciated.

https://redd.it/13israw
@r_devops

Terraform | Take your Terraform skills to the next level!

Techniques for scalable and efficient infrastructure management -

The Ultimate Guide to Advanced Terraform Techniques for DevOps

https://medium.com/faun/the-ultimate-guide-to-advanced-terraform-techniques-for-devops-b202b6845170

https://redd.it/13iu19l
@r_devops

FIPS support for Kubernetes deployment

So our applications failed to start on Ubuntu Pro which has FIPS enabled. These apps are deployed as pods in the k8s cluster. We use a GitOps approach to pull changes from SCM, build docker images with Jenkins and deploy to the cluster with ArgoCD. Anyway, how can I fix this?

https://redd.it/13ivvpa
@r_devops

Difference between Redis cache server and a CDN?

Aren't both the same thing? What's the difference between them?

https://stackoverflow.com/questions/63409344/difference-between-azure-reddis-cache-and-azure-cdn

I've read this post.

https://redd.it/13iwlj4
@r_devops

New gig, rough in-place ops. Biz buy-in for an overhaul, want some advice, technical and managing human interactions.

heya, survived the great 2022 layoffs with a new not-startup gig. they setup AWS like 9 years ago with some folks that barely cobbled things together, and they left, and somehow the business has been generating sufficient value to hire me to help bring them to "the next level".

Yes, requirements dictate what we build. Given a general, greenfield application, where we're porting logic and integrating with queues, what would be a good, maintainable approach? Language agnostic, we can figure out that part later.

CI/CD - Best to keep with git provider?
Anything about Logging/Monitoring/Debugging especially. My past gigs had paid for tools, ( datadog, sentry, newrelic ) I'm not sure what's good, especially around anamoly detection.

Interpersonally, I feel it may be challenging. Their contributor role is locked down tighter than a steel trap, I can't even list resources, much less access cloud shell, and getting those permissions changed is corporately burdensome. I feel the same weight will be applied when trying to spin up some isolated ad-hoc services. How to navigate?

I have buy-in from my boss and all the bosses up the chain to mess shit up, they know it's already broken. ( mess shit up, like feel free to step on all the toes, they would not like me breaking production / users / money ).

Edit: Lets avoid Kubernetes for now. IaC, data busses and service discovery would also be useful to know current thinking around.

https://redd.it/13ixfww
@r_devops

How to utilise my skills in my current company and also stay not to forget what I learned?

I am a so called junior AWS devops engineer in a early stage startup
As a DevOps engineer in a small startup utilizing AWS for our applications, our main objective is to manage our budget effectively. Currently, we are running only five EC2 instances with two to three applications on each. While I understand that as a DevOps person, I should be using a variety of tools including Jenkins, Ansible, Terraform, Docker, and Kubernetes, I am currently only able to use Jenkins and codepipeline due to our limited infrastructure. And may be writing bash scripts some times. With only five servers running different applications, it may not be necessary to implement Ansible as it is a configuration management tool. Additionally, ECS and EKS are costly and not feasible for our needs, so we are unable to use Kubernetes on the EC2 instance itself as it would require a minimum of 2 CPUs, increasing our costs. Without Kubernetes, Docker may not be suitable for our case. As for Terraform, we believe that using the console is sufficient for our five servers. However, I am open to suggestions and ideas on how to best utilize these tools within our current infrastructure limitations. I want to utilise my skills and apply whatever I learned in my company. Because I learned all the tools which I've mentioned but haven't had any chance to use them in the company.
I fear that i may forget those if i don't stay in touch with them daily. While doing personal projects seems to be good idea but how long can I do them? Is it easy to forget the tools which we've learned if not use them occasionally? I need your advice and suggestions I am a so called junior AWS devops engineer in a early stage startup
As a DevOps engineer in a small startup utilizing AWS for our applications, our main objective is to manage our budget effectively. Currently, we are running only five EC2 instances with two to three applications on each. While I understand that as a DevOps person, I should be using a variety of tools including Jenkins, Ansible, Terraform, Docker, and Kubernetes, I am currently only able to use Jenkins and codepipeline due to our limited infrastructure. And may be writing bash scripts some times. With only five servers running different applications, it may not be necessary to implement Ansible as it is a configuration management tool. Additionally, ECS and EKS are costly and not feasible for our needs, so we are unable to use Kubernetes on the EC2 instance itself as it would require a minimum of 2 CPUs, increasing our costs. Without Kubernetes, Docker may not be suitable for our case. As for Terraform, we believe that using the console is sufficient for our five servers. However, I am open to suggestions and ideas on how to best utilize these tools within our current infrastructure limitations. I want to utilise my skills and apply whatever I learned in my company. Because I learned all the tools which I've mentioned but haven't had any chance to use them in the company.
I fear that i may forget those if i don't stay in touch with them daily. While doing personal projects seems to be good idea but how long can I do them? Is it easy to forget the tools which we've learned if not use them occasionally? I need your advice and suggestions

https://redd.it/13iz5vf
@r_devops

How to handle major version bumps when using a fully automated CI/CD pipeline? (SemVer)

I have some open-source apps that use various tooling for SemVer based on conventional commits, such as Commitizen, Cocogitto and standard-version. These tools changed based on project needs and the time when I created them, but all of them have the same issue that I'm not sure how to address:

When I want to bump a major version, say the app is ready for release from 0.x to 1.x how can I get these tools to do that instead of their regular bumping strategy of using feat commits for minor and fix commits for patch releases?

Cocogitto has the --major flag, but I'm not sure what kind of rules could be used in my CI/CD pipeline (GitHub Actions/Drone) to use that flag instead of the automatic bumping strategy.

Or should I just manually run a major release and push the tag to Git? Then of course I have to make sure to include a [SKIP CI] in the commit message to avoid running the pipelines and skipping all the automated release steps like changelog and Docker image which isn't ideal either.

https://redd.it/13j0781
@r_devops

How do you create your Secret Key

We use AWS Secret Manager, i create like 20 keys manually but we have a lot more. How do you create your Keys?

I don't want to push all the keys to github and then deploy it with Terraform.

But how you create your keys if you have a lot?

https://redd.it/13izsv6
@r_devops

Why I created a new build system based on Alpine Linux

PAKman is one of the 4 core modules that power instellar.app. It's open-sourced and builds your application using github actions into alpine packages that get delivered to an S3 compatible bucket you specify via instellar. Our platform then takes that built package and deploys the application on your infrastructure.

You can continue reading or enjoy the full post with images here

## In the beginning

Back in 2018 I looked at using docker before I embarked on the journey to build my own build system. At that point I had been using docker for a long time. I was an early user of docker and one of the issues I constantly ran into was the following:

Large build artifact (hundreds of MB)
Needed a Registry
Consumes bandwidth
Slow deployments

At first I considered just using docker because it was the 'standard'. Everyone was using docker and docker swarm was in it's hey days, k8s was gaining steam. Most of the docker images were built using ubuntu as the base image, as you can imagine the built images were quite large. Alpine linux was gaining popularity and was starting to be used in the docker community to reduce image size. I often wondered, why the community didn't just build using alpine's native build system. So I tried it for myself. It took me a long time to work through the alpine build system, the documentation was scarce and I had to trial and error my way to understanding it. My little experiment made me realize that while the final output was amazing (built packages were ranging from few MB - 50MB depending on the application) it was extremely complex to use. I figured most people probably just ended up using docker due to simplicity and readily available documentation.

I ended up mastering building with alpine's package system and threw together some scripts that would automate and make things easy to build with alpine packages. There was however one problem, this meant not using docker for running the applications. With docker you build the app into a docker image and you run the entire image. You wouldn't just install the custom package in a docker container because that means the image would need a package manager and that would just make the final image even larger. This is where the concept of docker being an 'application' container hit hard.

I also explored kubernetes to see what it could do and figured that kubernetes was way too complex for most deployments. The conclusion I came to was k8s and docker would work together. If I wanted to use my alpine package build method I would need something else.

## Enter LXD

While doing my research I found LXD, it advertised itself as being a 'system' container this meant creating an LXC container would mean I had the entire OS running including the package manager. This was exactly what I was looking for and would fit with my build system like peas in a pod. LXD containers meant that all I had to do was expose the alpine package in a file system and add it as the repository inside the alpine linux container and I could run apk update && apk add [package] and be done with it. I hacked together a proof of concept with bash and terraform and amazingly it worked! I was actually able to just build my app and just ship my app to my lxc container and it was blazingly fast! Apps were being deployed in a matter of a few seconds! Upgrades were also handled by alpine packages by adding the -u flag. Upgrades were even faster than installing a fresh package.

## A new Invention is needed!

While my proof of concept worked it was far from ready for primetime. I needed something which is robust, written in a language I'm familiar with (elixir), and most importantly worked with an existing infrastructure I didn't have to host. The first versions of PAKman I hacked together was a combination of building packer images using bash script that would run in a custom gitlab runner. While it worked, it was

not elegant and was not flexible. In 2018 Github Action was released I explored github actions and realized that I could create my own custom action inside a docker container which meant I could use whatever programming language I wanted to create the build system.

I realized that I needed to create a simple solution for people and simply telling everyone to simply 'just use alpine's build system' would not work. I had an idea that I could essentially simplify everything down to a .yml file. I needed to develop an intermediary layer that would take the yaml file and convert it into files that the apkbuild system for alpine linux would understand. This is the birth of PAKman

## Project Goal

While I still needed to use a docker container to create the final build since that's how github actions work. I realized that I can simply extract the artifact and ship it to an S3 compatible storage. This was the most simple design. Since once the package was built I could install and run it anywhere Alpine Linux ran. This would achieve the following goals:

No need for custom infrastructure for building
Packages need to be as small as possible
Save on bandwidth costs
Fast deployments (matter of seconds)

While many may challenge my decisions of saving bandwidth. I do have my reasons. I believe if something can be done well it should be done. In the big picture the goals of PAKman serves our mission for instellar.app. Instellar enables anyone to run their own PaaS on their own infrastructure. This means it's important for us to keep the cost of ownership low. If we can save on bandwidth costs for our customers it's our duty to do it. Another valuable asset we save is time. Small packages mean deployments are fast! The update for the blog you are reading now was deployed in 6 seconds! You can see PAKman in action.

The final built artifact that gets shipped over the wire for this NextJS blog weighs in at 5.69 MB

Welcome to the future!

https://redd.it/13j2jp2
@r_devops

Basic Kubernetes Interview Questions We Should Know as a DevOps

Kubernetes Interview Questions For DevOps Opportunities -

https://medium.com/@inkinsight/cracking-the-code-on-advanced-kubernetes-interview-questions-65f99359bfd9

https://redd.it/13j39jq
@r_devops

Enterprise DevOps- Importance and Key Benefits You Need to Know

Discover the transformative power of Enterprise DevOps in driving business success. Explore its role in fostering agility, automation, and effective communication for accelerated growth and competitive advantage.

Read more- https://www.silvertouch.com/blog/enterprise-devops-importance-and-key-benefits-you-need-to-know/

https://redd.it/13j2dpm
@r_devops

Options to break into the field?

I'm close to finishing my associate degree in Programming at 22. I know

\- Python (+ cleaning, transforming data) from a DS class i did seperate from my degree.- Bash: i know my way around a terminal, had a linux class where we deployed a webapp withdocker, can work with vim and know some scripting.- did a cybersec class with Kali Lunux (basics, also learned more about docker)- My networking knowledge is lacking which leads me to my question.

I can go for a Bachelor degree in 1.5y because i've done my Associates. I have a choise of either not doing a Bachelor, doing one and choosing a specialization Sec, systems and services or Data Science.

I want to get into Devops because i feel like it would be more fulfilling for me to help developers instead of building applications. I like automating stuff and making others and my own work more efficient, i enjoyed all my Linux classes and i still want to Code quite a bit instead of only doing sysadmin work.

Do you think i have the right motivation to get into the field? (wheter Platform Engineering, Cloud, Devops, ...)

And do you think this Bachelor degree with the classes i listed is a good road to take vs just applying now (i have the luxury of still living with my parents) or choosing Data Science as a specialization?

Programming Fundamentals
Scripting
Web Engineering
Python
MYSQL
Database Fundamentals
Computer Systems
Computer Systems
Architecture
OS
OS Advanced
Networking & Security
Networking Fundamentals
Network Architecture
Industrial Networks
Information Sec
Computer Infra & Advanced Networking
Virtualisation & High availability
Cloud Computing

The basic classes i wont have to do anymore because of my Associate degree (like Programming fundamentals, Scripting, Python, MySQL) but i just included all the classes.

https://redd.it/13j1mhw
@r_devops

Tailor AWS Identity Center (SSO) Permissions Per Account with IAMbic

Hey everyone. I wrote a blog post for those of us that might struggle to manage permissions in AWS Identity Center (SSO), and who find that existing tooling like Terraform and CloudFormation
lack visibility into your actual IAM state, and require too much work to manage for permissions. Would love your feedback: https://www.noq.dev/blog/tailor-aws-identity-center-sso-permissions-per-account-with-iambic
The tutorial shows how to do the following with IAMbic:
\- Get a complete, eventually-consistent accounting of your cloud IAM in version control in under an hour, all without writing any code
\- Customize Permission Set Access Rules and IAM permissions per account, in a centralized GitOps workflow
\- Prevent drift on IAM resources you want to be exclusively managed via IAMbic, like sensitive permission sets
Hope you find this helpful!

https://redd.it/13j86y7
@r_devops

Introducing DevPod - Codespaces but Open Source

[https://github.com/loft-sh/devpod](https://github.com/loft-sh/devpod)

[https://loft.sh/blog/Introducing-devpod-codespaces-but-open-source/](https://loft.sh/blog/Introducing-devpod-codespaces-but-open-source/)

DevPod allows dev teams to take full control over their dev environments, without being locked into a specific provider. Developers can write code in any language, and run it anywhere. For example, they can test on virtual machines, or code in Python with VS Code running on Docker Desktop, or in Go running in EKS. If the provider they need doesn’t exist, they can build it.Why DevPod?Compared to hosted services such as Github Codespaces, JetBrains Spaces, or Google Cloud Workstations, DevPod has the following advantages:

* Open-Source: DevPod is 100% open-source and extensible. A provider doesn’t exist? Just create your own.
* Client-only: No need to install a server backend. DevPod runs solely on your computer.Cross IDE support: VS Code and the full JetBrains suite is supported. Other IDEs can be connected through ssh.
* Rich feature set: DevPod already supports prebuilds, auto inactivity shutdown, git & docker credentials sync, with many more features to come.

https://redd.it/13j9oaq
@r_devops

Masking AWS RDS

Hi guys

Im in the task of creating an obfuscated db for QA environment. Currently i have two lambda functions, which takes a Snapshot from prod DB (we use RDS PostgreSQL) and then restoring it, masking it with an Stored Procedure and replacing the old QA db with the new one.

This allows devs to have a weekly updated QA db with the same amount of data as prod.

​

The problem is that the Stored Procedure is inserted by devs on Prod DB, and even if the procedure and the lambda has IF statements to prevent it from executing in Prod, im not comfortable of the way its implemented.

Anyone knows if it is possible to do this with DMS, or in another way?

​

Thanks!

https://redd.it/13j70uh
@r_devops

Do you enjoy your job overall? What are you most and least favourite things about it?

Title.

View Poll

https://redd.it/13jbgsb
@r_devops