Has any Integrated RASP that can detect custom use cases ?

I am aware that RASP can protect against a host of known attacks inspite of detection signatures not being available. But is there any RASP solution whose rules / policies can be modified to detect application specific attacks that are more towards business logic and not just OWASP attacks ?

Thanks

https://redd.it/13uk983
@r_devops

Do You Know Devops - Crossword

https://www.funfordevs.com/crossword-devops.html


Credits to u/siddharthnibjiya on original post on **observability**...

https://www.reddit.com/r/sre/comments/13u7lhk/crossword_on_observability_any_enthusiasts_here/

https://redd.it/13ur7v0
@r_devops

step by step guide of lab scenario to test nodePort in kubernetes?

https://imgur.com/a/3IrFsgn

I want to achieve this scenario in a lab environment in kubernetes. How can I create one? I tried asking chatgpt but no help from there. I tried googling but no help from there either.

https://redd.it/13uv7jn
@r_devops

Advice needed on continuous integration

I'm part of a 2 people team developing a SaaS application. Our tech stack involves React.js for the web app, React Native for the mobile app, a web extension, and a desktop app with Electron. All these components are part of a monorepo.

We're currently in the process of setting up our CI/CD pipeline with GitHub Actions and are planning to use a trunk-based branching strategy with release branches for releases. We are also aiming to strike a balance between maintaining high quality software and keeping costs low, as we are a bootstrapped company. Therefore, we're trying to decide on an effective testing strategy that involves both local testing and automated testing with GitHub Actions.

We're contemplating on which types of tests (unit, integration, E2E, performance, visual regression) to run in which environment (local or GitHub Actions). Here are some considerations we've been thinking about:

Unit Tests: Given their speed and low cost, we're thinking about running these both locally before committing and on every PR with GitHub Actions.
Integration Tests: We're considering running a subset of these on every PR and the full suite on a schedule or when merging to the main branch.
E2E Tests: We're considering running a minimal set of these on every PR and a more comprehensive set on a schedule or when merging to the main branch due to the costs and time they take.

We would love to hear your insights and experiences on this. How have you decided which tests to run locally vs. in the cloud? How do you manage the balance between cost and quality in your testing strategy? Any advice or resources you could share would be greatly appreciated.

https://redd.it/13uxr6d
@r_devops

Interacting with Kubernetes Deployments and Services using Python SDK

Discover the power of Kubernetes combined with Python! Our newest guide delves into using the Python SDK for interacting with Kubernetes deployments and services. Harness the versatility of Python and the robustness of Kubernetes in one place. Check it out now! #Kubernetes #PythonSDK #Python #containers

https://www.faizanbashir.me/interacting-with-kubernetes-deployments-and-services-using-python-sdk

https://redd.it/13uz01n
@r_devops

My secret tricks on getting things done fast

Hello, I made a video about my strategy of how I get things done fast in day to day work

https://www.youtube.com/watch?v=YAOq5-w3YXw

https://redd.it/13v2hbx
@r_devops

GitHub Actions equivalent of Azure Devops pipeline resources?

Azure DevOps yaml syntax allow us to define resources for pipeline -> https://learn.microsoft.com/en-us/azure/devops/pipelines/process/resources?view=azure-devops&tabs=schema

For example, I might have separate pipelines for CI and CD. I would like to be able to select specific CI pipeline artifact when dispatching CD pipeline. With Azure DevOps I have achieve this by:

resources:
  pipelines:
  - pipeline: ci
    source: App-CI

trigger:
- none

pool:
  vmImage: ubuntu-latest

steps:
- script: |
    echo $(resources.pipeline.ci.pipelineID)
    echo $(resources.pipeline.ci.runName)
    echo $(resources.pipeline.ci.runID)
    echo $(resources.pipeline.ci.runURI)
    echo $(resources.pipeline.ci.sourceBranch)
    echo $(resources.pipeline.ci.sourceCommit)
    echo $(resources.pipeline.ci.sourceProvider)
    echo $(resources.pipeline.ci.requestedFor)
    echo $(resources.pipeline.ci.requestedForID)

So in my CD pipeline I am specifying it uses CI pipeline as resource. Now, when dispatching CD pipeline through UI, I am able to select specific CI run (which produces artifact).

Is there any equivalent for GitHub Actions? I would like to have separate CI & CD workflows and when dispatching CD workflow I would like to be able to select specific CI run to use for CD workflow.

https://redd.it/13v2fl8
@r_devops

GitHub ActionRelease: Add DAST and OSINT to your security pipelines

Howdy!

I'm excited to share with you my latest contributions to the GitHub community: a collection of free GitHub Actions designed to streamline and enhance security practices utilizing DAST and OSINT tooling that is widely used - sqlmap, bbot and nikto. There were no GH Actions that I could find, so I made them for my use case, but figured everyone can benefit from those awesome tools.

# Action - 🗺️ - sqlmap

The famous sqmap - perform automated (or semi-automated) penetration testing on your releases:

https://github.com/marketplace/actions/thereisnotime-action-sqlmap

# Action - 🤖 - bbot

One of the newer OSINT automation tools on the block, I personally love it so here it is:

https://github.com/marketplace/actions/thereisnotime-action-bbot

# Action - 🎯 - nikto

A stable and tested tool that can easily scan a ton of endpoints for security issues:

https://github.com/marketplace/actions/thereisnotime-action-nikto

WIP: Currently I am working on a nice workaround to generate outputs from the actions and not directly from the tools (but you can still use the tool outputs in your job steps) and after that I will add more examples (the way I use it for regular security compliance reports etc.).

Because those amazing tools have a ton of parameters, one of my main goals was to provide an easy option to provide custom arguments instead of wrapping each one and also re-use as much as possible from the official or at least most supported Dockerfiles where available.

Feel free to try them out, provide feedback, or even contribute to their development. The actions are under active development but they are working. Your input is valuable in making these actions even more robust and effective.

If you find them useful, please leave a ⭐ in GitHub.

https://redd.it/13v3ega
@r_devops

Seeking advice for joining a DevOps team for the first time

I'm starting an internship in a couple weeks as a software engineer on the companies DevOps team and I haven't been given a lot of information on the tech stack other than them saying to learn groovy (I'm already pretty experienced in java, so syntax shouldn't be problematic to learn). I understand that groovy is used to write scripts in Jenkins for CI/CD pipelines, but I'm not sure if that's exactly what I'll be doing. Does anyone have any advice of things to be aware of / things I should give extra attention to when learning groovy in the context of this role?

https://redd.it/13v538h
@r_devops

Angular universal with docker giving bad gateway

I am trying to dockerizing a angular universal app using nginx, and it's giving me really hard time.
It keeps saying 502 bad gateway and I am unable to wrap my head around it.

Here is my docker file

​

FROM node:14-alpine AS builder
WORKDIR /app
COPY . .
RUN npm i && npm run build:ssr
FROM nginx:alpine
WORKDIR /usr/share/nginx/html
RUN rm -rf ./
COPY nginx.conf /etc/nginx/conf.d/default.conf
COPY --from=builder /app/dist/front-end-kevi .
ENTRYPOINT ["nginx", "-g", "daemon off;"]


In my server.ts file, I am starting the app on port 4000.So I am starting the docker image using this command


>
docker run -d -p 4000:80 kevin


for the reference, here is my nginx conf file.

​

server {
listen 80;
server_name localhost;

root /usr/share/nginx/html;
index index.html index.htm;

location ~ \.(eot|ttf|woff|woff2)$ {
addheader Access-Control-Allow-Origin *;
}

location / {
proxypass https://localhost:4000;
tryfiles $uri $uri/ =404;
}

location /OrderMationApi/api/v3/ {
proxypass https://102.133.225.222;
}
}

and I am getting this error in error logs

​

>
7#7: *1 connect() failed (111: Connection refused) while connecting
to upstream, client: 172.17.0.1, server: localhost, request: "GET /
HTTP/1.1", upstream: "https://127.0.0.1:4000/", host: "localhost:4000"


​

Any idea where I am doing wrong?
Any help is highly appreciated.
Thanks in advance.

https://redd.it/13uyyfj
@r_devops

Cloud providers - VPC

I am architecting a cloud based solution where proxmox will be the main hypervisor and VMs LXC etc will be hosted. I will have people from all over the world connecting via VPN to mostly windows machines and I am looking for a reliable provider that has different regions.

OVH does the trick as it has got data centers in all regions and it is definitely a candidate. I like to keep my infrastructure tidy and manageable but in other hand, having all the eggs in one basket has never been best practice.

What is your opinion here? Let’s say I’m to build 3 proxmox builds in different geographical regions, all in OVH or spread them out?

https://redd.it/13ux67u
@r_devops

Seeking Best Practices for Local Development in a Microservices Environment

I am currently working on a personal learning endeavor by standing up a Kubernetes-based microservices architecture with Docker containers. I can already anticipate facing challenges enabling effective local development while ensuring that production environments are not endangered. In my career, we almost always blur the lines between healthy local development, shared test clusters, and pushing the boundaries of working within production...

Some paint points I'm encountering already:

1. Setting up local environments: What's the best way to run and debug a specific microservice locally? We've looked into Minikube and Docker Compose, but are there other options we should consider? Is this even tenable at a certain size?

2. Managing dependencies: With so many interdependent microservices, how do we stub or mock these services locally for development purposes?

3. Configuration management: How do you manage shared configuration and secrets in a way that is secure but also accessible for developers?

Any suggestions on tools, best practices, or resources (books, blogs, courses) are highly welcome. Thanks in advance for your help!

https://redd.it/13vg0sm
@r_devops

Looking for DevSecOps Practical Guides or Tutorials

So I'm currently into DevOps and would love to move into DevSecOps. There are plenty of blogs on internet but all the talk about the methodology and theory part of DevSecOps not the practical part. I only got one link which showed how to implement Security in CI CD Pipeline using Jenkins and SonarQube with Some SCA tool. Any link regarding the DevSecOps practice will be really helpful.

Thanks 🙏🏻

https://redd.it/13vi12w
@r_devops

Felon looking to get into software dev

Looking for guidance and advice on entering the software development community with a felony. What certs should I aim to test for to likely land an entry level job, what jobs are in highest demand in 2023 and how much will my felony record (one felony, drug related and 5 years old) impact my ability to get a job in this industry. Thanks

https://redd.it/13vmnk0
@r_devops

Work from Home requirements

Hi. Not sure if this is the correct place to ask this question but after getting no response from other subs thought I would ask here. I’m curious to learn if being in a hotel would disqualify my ability to secure a role WFH. I have been considering getting a travel modem as well as signing up for a firewall/vpn service; not sure if this adequately secured my privacy in general much less to be able to be employed as a WFH executive. Any insight or direction would be most appreciated.

https://redd.it/13vohu4
@r_devops

sonarqube 9.9 LTS error

Hi Team , we are testing sonar 9.9 LTS and encountered this error message in jenkins console, even i trying to pass java home to 11 still same issue , also on jenkins console output if i echo java -version it says **openjdk version "11.0.16" 2022-07-19**

mvn sonar:sonar -Dsonar.qualitygate.wait=true -Dsonar.host.url=https://xx.xx.xx.xx:9000 -Dsonar.java.jdkHome=/data/jenkins_home/tools/jdk-11

**failed: An API incompatibility was encountered while executing org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar: java.lang.UnsupportedClassVersionError: org/sonar/batch/bootstrapper/EnvironmentInformation has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0**

https://redd.it/13vqbey
@r_devops

Understanding Metrics, Events, Logs and Traces - Key Pillars of Observability

https://last9.io/blog/understanding-metrics-events-logs-traces-key-pillars-of-observability/

https://redd.it/13vsn8n
@r_devops

Advice for new employee in a (so far) toxic work environment

Started a new devops job a few weeks ago as a new college grad and it isn't going particularly well. The organization has a pretty restrictive environment with barely any public facing services which means that doing anything on the network requires knowledge of the internal architect to get anything done.

Issue is is my counterparts are supposed to be helping me and guiding me through this environment but it's not going well at all. Simple questions are often left with with one word answers that don't explain what I need help with. It's seems as if they are annoyed with me for asking simple things, but how am I supposed to know where the test certificates are or what the authentication is for a server when there is zero documentation. I am often sitting at my desk for hours rerunning the same commands while they watch my command history on my account just to bring it up later on in a meeting or something to have a laugh.

Ive been assigned a simple app update as my first solo task and while I know the general steps of redeploying the app with the update, I am hitting every small road block you can think of because of the architecture. I can't get anything answered for me like how should I bring up this database, how do I auth with our repo, how do I access server X, why can't I hit this webpage, etc etc.

I came from an internship of great people who genuinely wanted to help me. And this team even seems fine outside of these 3 bozos. Problem is, the rest of the team isnt DevOps but instead SW Engineers they can't help much. I feel like I'm in a place where not knowing is offensive, and the stress just doesn't feel worth it. Of course I moved to a small town where the industry knows each other.

Any advice from someone who has maybe been here before? I'm losing my mind

https://redd.it/13vu90h
@r_devops

0auth2 issues with curl script in Python

Hi, I'm new to 0auth2 and using it to get creds for REST APIs. I fill in this info and drop the script in my Windows CLI and the script just drops with no value return. I try to run 0auth2 in Postman and I get the below output.

Any ideas?

{"detail":[{"loc":["body","grant_type"],"msg":"field required","type":"value_error.missing"}]}

​

curl -X POST https://HIDDEN.com \
-H "Accept: application/json" \
-H "API-Token: <INSERT API TOKEN>" \
-u "<INSERT CLIENT ID>:<INSERT CLIENT SECRET>" \
-d "grant_type=client_credentials"

https://redd.it/13vtiz1
@r_devops

Suggestions on architecture

I have a service, customer facing, I have 10 pods in Parallel, I have to limit the request I get in a queue and send the request to the servers based on their cpu/mem usage? What’s the best way to implement this? Can we do this using kafka?

https://redd.it/13vxeg9
@r_devops

Anyone else feels like that after many years of devops?

https://youtu.be/-UYgORr5Qhg

https://redd.it/13vyr79
@r_devops