Anyone else having issues with JFrog?

Getting 504 errors https://statusgator.com/services/jfrog

https://redd.it/1kzdlqa
@r_devops

Why areObservability & SIEM so hard to setup?

I'm looking for different perspectives. (and ranting 😅)

Context: We are a devops team with 4 people in a small startup looking to solve observability and Siem (cost effectively) for our platform which works for atleast the next 2-3 years. We should also manage our IAC, deployments, cloud and other infrastructure.

We have been trying to setup SIEM and Observability for our platform. I realised there is no one solution that can do all metrics, logs, tracing, SIEM. The more deeper I look into it, i'm getting to a conclusion that Observability and Siem are not one ship but two big different ships. If we look to solve both with one solution we are going to end up with two bad solutions for two different problems.

We have elastic license and we have setup logs on it. But the metrics and tracing part is not as good. To solve that we looked at a self hosted Prometheus like Thanos and grafana ui.

Now for SIEM again it is elastic because managing self hosted wazuh is more problematic for a small team.

There is something called cloudanix for cspm and cloud jit.

We are going to end up with so many tools to manage and we are a small team. I realised that we will endup creating more issues than setting up observability to solve for issues.

Saying that I want to know what do you guys do solve for these at your work? What kind of tools do you use for Observability and Siem.

Am I wrong in assuming that both observability and Siem are completely different. Do I need to more research?


https://redd.it/1kzqemo
@r_devops

How to write better GitHub Actions

As someone who has used [Travis CI and Circle CI](https://ashishb.net/programming/circle-ci-vs-travis-ci/) in the past, I love GitHub Actions.

However, there are several pitfalls associated with GitHub Actions. Notably,

* No dependency caching by default
* No automatic cancellation of stale executions
* No path filtering by default
* The default timeout for a badly running job is 6 hours
* The default GITHUB\_TOKEN gives too many permissions

Thankfully, all of these are fixable. I am sharing my experience in detail [here](https://ashishb.net/programming/common-pitfalls-of-github-actions/) and have written a FOSS tool called [gabo](https://github.com/ashishb/gabo) for auto-generating high-quality GitHub Actions based on your repository.

https://redd.it/1kzrxf5
@r_devops

Seeking Guidance: Preparing for DevOps Internship in 15 Days

Hello r/devops community,

I recently secured a DevOps internship at a startup, and I have 15 days before it begins. I prepared for the interview in just 2 days, focusing mainly on theoretical concepts to clear it. Now, I want to utilize the remaining time effectively to get ready for the actual work.



Could you please advise on:

\- Key areas I should focus on to build a strong foundation?

\- Essential tools and technologies to learn?

\- Any beginner-friendly projects or resources to gain hands-on experience?



I appreciate any guidance or suggestions you can provide to help me make the most of this time.



Thank you!

https://redd.it/1kzs52y
@r_devops

Just finished Class 12 – Is DevOps a good career choice?

Hi everyone,
I’ve just completed Class 12 (Science with Computer) and I have a lot of free time right now. I recently came across DevOps and I find it really interesting. I want to know from people who are already in this field – how is your experience with DevOps so far?

Is DevOps a good option to build a career in? How is the future of this field, especially in terms of learning curve, job demand, and salary?
Also, since I’m starting fresh, do you think this is the best path to go for, or are there other tech fields that are better or more rewarding than DevOps?

Would love to hear your thoughts and experiences. Thanks in advance!


https://redd.it/1kzrkz6
@r_devops

CheckCle newly self-hosted open source uptime, SSL, and incident monitoring tool

New open source service for uptime monitoring, incident reporting, SSL checks, maintenance tracking, and more, all self-hosted.

Please feel free to give feedback or share your ideas by creating an issue on GitHub:

Github: https://github.com/operacle/checkcle

https://redd.it/1kzudeu
@r_devops

A step back

Hey guys
Hope you’re doing well

I’m seeking advice, regarding my next mission


I’m working in a consulting company, I’ve been in a mission as a DevOps (4years) it was my first mission ever, so I had a good understanding, and practices regarding DevOps and cloud

My mission came to an end recently, and my company gave me a new one ( but it’s more for backend development, with JAVA) I donno if it’s a good move to take it, as it will show me a side am not very familiar with, or would it mean that I’ll be stepping back from DevOps ?

I’ve been thinking about it a lot lately but can’t make up my mind.. any advice from you guys or similar experience is very appreciated

Thank you all 🙏

https://redd.it/1kzy2xv
@r_devops

Lazyshell - AI cli tool that generate shell commands from natural language

Here is a CLI tool i built to generate shell commands from natural language using AI.

you can learn more here:

github.com/bernoussama/lazyshell

curious what you guys think

https://redd.it/1l02eso
@r_devops

What’s something you thought you needed to learn—but never actually used?

When I first got into cloud and DevOps, I felt like I had to learn everything.

I remember spending weeks going deep into Kubernetes.....thinking it was “essential”.......only to land a role where we just used ECS with some simple Fargate configs. Never touched K8s once. 😅

It wasn’t a total waste, but I definitely overprepared for stuff that never came up.

Curious how it’s been for others:

What’s one tool, framework, or concept you went all-in on… that ended up being irrelevant in your actual work?

Or the opposite.....what’s something you ignored early on, but later realized you should’ve learned sooner?

Let’s trade war stories.

https://redd.it/1l032kg
@r_devops

Is it plausible to get a job in this field without experience/degree?

Hello everyone,
this question has been bothering me for quite a while now.

I am 25 years old and have never focused on one career path (I basically threw my education away until 18, and then had to gradually complete my high school diploma while fully working a “starting job” call center employee), so when I turned 24 I had the opportunity to take a paid-for full DevOps course of about 1 year.
Through the course I learned (more like dabbled in) every aspect a DevOps person might need (Git, Python+Java, Kubernetes, SQL, Linux, AWS … etc ), and now I am expected to find a job in this field.

Problem is, all the job posts on Linkedin and on job posts sites for entry-level jobs specifically require a degree in computer science (or a similar field like software architecture), and at least 2 years of working in prior company experience (varying but the 2 years is the lowest I’ve seen).

Bottom line is, is there any chance I might get a job in this field without the mentioned above requirements? It all seems like a “chicken and the egg” situation, like how am I to gain experience if no one will hire me? Also to get a degree in the mentioned fields is very hard and expensive, not something that is in my ability, money-wise and being smart-wise.

I just want to know if to keep on trying to apply and get a job if the road is blocked already, or change course entirely to not waste my time.

Would like to hear some of your experiences and maybe a tip or two if you have to share with me…

Thank you all for reading!

https://redd.it/1l04dla
@r_devops

Twilio Manager: A Python-Based CLI for Managing Your Twilio Account

Hey Reddit!

I’m excited to share my new Python CLI tool, Twilio Manager. Built in just 3 days using AI helpers (OpenHands, Claude, ChatGPT), this wrapper around the Twilio SDK lets you:

Send and view SMS/MMS messages
Place and manage voice calls
Inspect your Twilio subaccounts, balance, usage, and more

🚀 Features

📞 Phone Number Management
Find available numbers (by country, area code, capabilities)
Purchase or release numbers
Configure voice/SMS/webhook settings for each number
✉️ Messaging
Send SMS or MMS via a simple command
Fetch message history (inbound/outbound)
View delivery status, timestamps, and message logs
📱 Call Control
Initiate calls from CLI (with specified “From” and “To” numbers + TwiML URL)
View past call logs, durations, statuses, and recordings
Manage call forwarding, SIP endpoints, and call recording settings
💼 Account Insights
List all subaccounts under your master account
Check your current balance, usage records, and pricing details
Manage API keys and credentials without leaving the terminal
⚙️ Modular Design & AI-Powered Scaffolding
Each CLI command maps directly to a Twilio REST API endpoint for maximum flexibility
Built-in helper templates for quickly generating TwiML snippets or phone number configurations
Designed to be easily extended: drop in new commands or customize existing ones

🤔 Why I Built This

I wanted a scriptable, no-GUI way to manage everything in Twilio—from provisioning phone numbers to sending quick SMS alerts—without opening a web browser or writing repetitive boilerplate code. Using AI helpers (OpenHands, Claude, ChatGPT), I was able to prototype and ship a working CLI in just 3 days. Since then, I’ve been iterating on it to make it more robust and user-friendly.

💬 Feedback & Contributions

This is my first major open-source project of 2025, and I’d love your feedback!

Found a bug? Feel free to open an issue.
Want a new feature? Submit a feature request or drop a PR.
Enjoying the project? Star ⭐ the repo and share your thoughts in the Discussions tab.

You can reach me at my GitHub: https://github.com/h1n054ur/twilio-manager/.

Happy Twilioing! 🎉

https://redd.it/1l05lk8
@r_devops

update-action-pins -- a simple CLI tool for updating pinned action versions in your Github Action workflows from tags to SHAs

https://github.com/Skipants/update-action-pins

Hi everyone!

In light of the tj-actions supply chain attack (https://nvd.nist.gov/vuln/detail/cve-2025-30066) I recently made this simple executable that updates referenced Github Actions in your workflow files to use commit SHAs to pin the version instead of the tag name or branch.

I found it real tedious to go through each referenced action, go to its repository, find the SHA the tag corresponds to, and then update it in our workflows. This tool alleviates that.

I thought it would be useful to everyone else so I open-sourced it and advertised it here.

I am also willing to support the tool in the near-long-term.

Let me know if it helps (or doesn't) and don't be afraid to post an issue on the repo if you find any bugs.

Cheers!

https://redd.it/1l067g9
@r_devops

General Security Pipeline

Hello,

I'm in a neighboring field (software engineering) and have been tasked with some initial research about building a security pipeline to build and ship software that runs on a customers network. All of the pipelines I have ever built are for internal products, never for something a customer would run.

Our clients are highly motivated to adopt the software, but only if they care verify it comes from a secure source.

From my initial research, the field of devsecops seems broad and I have recommended that company pursue a security engineer for this purpose; however, I need to do something in the short term.

What are the low hanging fruit of shipping secure software?

I'm initially looking at something that doesn't break the bank. I know the cost is proportional to the level of paranoia. What does a good security pipeline look like?

My initial recommendation is just:

\- Build in a clean env like aws CodeBuild
\- Syft Software Bill of Materials
\- Grype Security scanning
\- Cosign signing service
\- Load to s3 & distribute with cloudfront

Feels basic.

What do you guys do? I would love to hear some recommendations. I don't really know this field.

Thanks!

https://redd.it/1l07z7o
@r_devops

Request guidance from experts in the field

My current situation is unemployed. I have no university or professional degrees. I have internet, a laptop, and free time. I love computers and the internet very much and I am very good at using them. I can understand and learn quickly, and I saw that the field of DevOps might be suitable. I do not want to talk a lot. I want to start from today. What is my first step? All my love to all ❤️

https://redd.it/1l08s6p
@r_devops

Looking for cheapest way to run a 24/7 background process (PaaS preferred)

Hello everyone,

I'm looking for a reliable and low-cost way to run a continuously operating process that needs to stay up 24/7. It connects to a data source and records or processes data in real time. There is no event or trigger to kick it off; it just needs to run uninterrupted.

Ideally, I would like to use a PaaS (Heroku-style), but I am open to other solutions like VPS if the price and performance make more sense.

Requirements:

* Persistent background process that runs continuously
* Lowest possible monthly cost
* Language and runtime agnostic (can use Docker if needed)
* Minimal maintenance preferred but not a hard rule
* There will also need to be a user-facing web app or website alongside the process

So far I have looked into Fly.io, Render, Railway, Google Cloud Run, and Hetzner Cloud. While I have explored these options, I am still not sure which is best for my use case.

I would appreciate any recommendations or real-world experience with similar setups.

Thanks!

https://redd.it/1l0aqcd
@r_devops

Considering CI/CD tools in preparation to launch my SaaS startup.

So I'm fairly familiar with CI/CD concepts and I'm a big Jira user so looking into Bamboo at the moment but curious if anyone has got any strong opinions on tools. I've had limited exposure to ADO.

Summary:

* LAMP stack, not a shred of Microsoft stuff or .Net
* Cloud native, purely on AWS, most infrastructure is IaCed
* Dev environment at the moment, preparing to built
* WebApp
* 3 WAFs (CDN, haProxy and internal) protecting against OWASP threats

Key aims:

* Want basic CI/CD to begin with, initial focus on automate buid/deploy (blue/green) and test
* Aiming towards feature toggling and telemetry
* Preparing to implement CIAM soon, probably via B2C or Okta
* Also want linting, code security scans (mainly OWASP) and identify dead code, manage library deprecation more proactively

I don't mind investing in decent tools but this is an extremely important decision for me so I'm keen to hear from people who've evaluated various tools and are very happy with their current choice.

https://redd.it/1l0ao3d
@r_devops

Should I go for AWS of Azure certifications?

So I'm planning to get some certifications to strengthen my resume AZ 900,AZ 104 then AZ 400( In my current organization we use azure)
While job hunting I saw some require aws while some Azure or both which one should I go for?

https://redd.it/1l0actk
@r_devops

Coping up with the developments of AI

Hey Guys,

How’s everyone thinking about upskilling in this world of generative AI?

I’ve seen some of them integrating small scripts with OpenAI APIs and doing cool stuff. But I’m curious. Is anyone here exploring the idea of building custom LLMs for their specific use cases?

Honestly, with everything happening in AI right now, I’m feeling a bit overwhelmed and even a little insecure about how potentially it can replace engineers.

https://redd.it/1l0gaoo
@r_devops

Roast my resume again!!

Last time I posted to get feedback, lot of nice people. I am still not able to create the best resume without faking information. Need help!! This resume is still sub par.

https://ibb.co/k2cytfK4

https://ibb.co/hxbTbVb3

I do not have hands-on industry experience with below items in resume:
1. Kubernetes and Argo CD: Our leads are playing with setting up the cluster, but do not share access for that. I have learned kubernetes from kodecloud course and practise labs in udemy.

2. Jenkins : Same as kubernetes, we have free style pipelines written by the seniors and leads but refuse to share access in fear of becoming "obsolete". I have create multiple jenkins pipelines with my aws free tier account ec2 and local machine.


I really want to learn new technologies, methodologies given the opportunity but need to jump the ship first.

https://redd.it/1l0j16q
@r_devops

Calling Cloud/Cybersecurity Pros: Help My Thesis on Zero Trust Architectures

Hi everyone,

I'm conducting academic research for my thesis on zero trust architectures in cloud security within large enterprises and I need your help!

If you work in cybersecurity or cloud security at a large enterprise, please consider taking a few minutes to complete my survey. Your insights are incredibly valuable for my data collection and your participation would be greatly appreciated.

https://forms.gle/pftNfoPTTDjrBbZf9

Thank you so much for your time and contribution!

https://redd.it/1l0m380
@r_devops

How does your team handle post-incident debugging and knowledge capture?

DevOps teams are great at building infra and observability, but how do you handle the messy part after an incident?

In my team, we’ve had recurring issues where the RCA exists... somewhere — Confluence, and Slack graveyard.

I'm collecting insights from engineers/teams on how post-mortems, debugging, and RCA knowledge actually work (or don’t) in fast-paced environments.

👉 https://forms.gle/x3RugHPC9QHkSnn67

If you’re in DevOps or SRE, I’d love to learn what works, what’s duct-taped, and what’s broken in your post-incident flow.

https://redd.it/1l0mb40
@r_devops