Looking for Zap automation with c# guide

Any recommendations? It’s my best language but every zap scanner guide is for some other programming language and i cant get it to work, which i Chuck up to me suckyness in Said language.
Ive been looking for a c# automation of ZAP but so far no luck :(

https://redd.it/m1id4b
@r_devops

DevOps Career Advice

**alt account**

I have kind of a weird background when it comes to IT and "DevOps" and am looking for advice.

Background:

\-Have a non-technology bachelor's degree and got a low-level job at a company a few years ago.

\-Through luck I moved from a non-tech job at this company to the Tech Manager role.

In the past 1-1.5yrs this company has changed a lot and is moving toward a technology focus including building out a new app. With my being the IT Manager role, I have bounced between the Ops and Engineering (IT) world (mainly doing lower-level IT things) but recently (the past 7-8 months) have overseen rebuilding our AWS environment to facilitate a secure and highly available infrastructure for the application.

Without having a dedicated DevOps person, I have also taken on a semi-split role in it (DevSecOps) along with Cloud “architecting” and my normal IT duties for which I usually have my IT Specialist take care of. (this is a small company of about 60)

Dilemma:

My dilemma makes me feel kind of greedy in that I feel I should be making more, but not sure how much more since I do not have a long history of experience and no degree. The only certificates I have are CompTIA Sec+ and AWS CCP (though studying for the AWS CSA; kind of on the back burner). When I bring up possibly making more money due to the responsibilities I have taken and the amount of progress in building out and managing our AWS Infrastructure, I usually get a “you have limited experience” or “most cloud architects/devops that make good money also know how to code”. I agree and understand, but I am also doing the work, besides coding…and now taking on a split DevOps'ish role I feel like I am basically doing higher level work for moderate pay.

More info:

When I took over the IT role:

Normal IT duties which migrated to compliance/audit proofing for a bit and eventually moved to implementation of SIEM, MDM, AWS maintenance (couple EC2’s, ECS, S3, VPC, Route53).

Past 8-9 months:

Working with RDS, ECS, EC2s, Beanstalk, S3, R53, Redshift, Jfrog, Neo4j (debugging and setup on ec2), lambda, Cloudwatch, Guardduty, etc. When this started, most of the infrastructure was built out as a 50/50 split between myself and the engineering team, but over the past 5-6 months I have built out a whole new Dev/Staging and Prod AWS Account/Env for which I did by myself, including migrating our CI.

​

Sorry for the randomness of thoughts...kind of in a weird spot

https://redd.it/m1c1cj
@r_devops

I get 401 Unauthorized when I run mvn deploy

Hello,I just installed Sonatype Nexus Repository Manager v3.30.0-01 on AWS EC2 ubuntu instance and I successfully access to the GUI.

Now my problem is when I execute `mvn deploy` on my local project it get rejected with 401 unauthorized

`[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project social-carpooling-commons: Failed to deploy artifacts: Could not transfer artifact io.social.carpooling:social-carpooling-commons:jar:0.0.1-20210309.180217-1 from/to snapshots (`[`https://myIpAddress:8081/repository/maven-snapshots`](https://3.235.192.194:8081/repository/maven-snapshots)`): Transfer failed for` [`https://`](https://3.235.192.194:8081/repository/maven-snapshots/io/social/carpooling/social-carpooling-commons/0.0.1-SNAPSHOT/social-carpooling-commons-0.0.1-20210309.180217-1.jar)[`myIpAddress`](https://3.235.192.194:8081/repository/maven-snapshots)[`:8081/repository/maven-snapshots/io/social/carpooling/social-carpooling-commons/0.0.1-SNAPSHOT/social-carpooling-commons-0.0.1-20210309.180217-1.jar`](https://3.235.192.194:8081/repository/maven-snapshots/io/social/carpooling/social-carpooling-commons/0.0.1-SNAPSHOT/social-carpooling-commons-0.0.1-20210309.180217-1.jar) `401 Unauthorized`

Here is my pom.xml config :

<distributionManagement>
<repository>
<id>releases</id>
<name>Nexus Releases</name>
<url>https://ipAddress:8081/repository/maven-releases</url>
</repository>
<snapshotRepository>
<id>snapshots</id>
<name>Nexus Snapshots</name>
<url>https://ipAddress:8081/repository/maven-snapshots</url>
</snapshotRepository>
</distributionManagement>

and my maven settings.xml :

&#x200B;

<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="https://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
<!-- localRepository
| The path to the local repository maven will use to store artifacts.
|
| Default: ${user.home}/.m2/repository
<localRepository>/path/to/local/repo</localRepository>
-->

<proxies>
</proxies>

<servers>
<server>
<id>snapshots</id>
<username>admin</username>
<password>nexus-admin</password>
</server>
<server>
<id>releases</id>
<username>admin</username>
<password>nexus-admin</password>
</server>
<server>
<id>thirdparty</id>
<username>admin</username>
<password>nexus-admin</password>
</server>
</servers>

<mirrors>
<mirror>
<!-- This sends everything else to /public -->
<id>nexus</id>
<mirrorOf>*</mirrorOf>
<url>https://ipAddress:8081/nexus/content/groups/public</url>
</mirror>
</mirrors>

<profiles>
<profile>
<id>nexus</id>
<repositories>
<repository>
<id>central</id>
<url>https://central</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>central</id>
<url>https://central</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>

<activeProfiles>
<activeProfile>nexus</activeProfile>
</activeProfiles>

</settings>

https://redd.it/m1ckpi
@r_devops

Is NoSQL irrelevant for data engineering?

In this article, we’ll investigate use cases for which data engineers may need to interact with NoSQL data stores.

Read more: https://dashbird.io/blog/nosql-database-data-engineering/

https://redd.it/m20jd1
@r_devops

Do you prohibit containers which could POTENTIALLY be run as root?

Hi. If a container had the ability to run as root, but included clear documentation on how to run it as a non-root user and stated that was the best practice, would that be sufficient for your organization? Or, do you prohibit containers which even have the possibility that they can be run as root? Or, put another way; Does your security policies prohibit containers which have the ability to run as root (even though you don't deploy them that way).

Just curious... because I am being impacted by a prohibition like this. Is this typical across the devops landscape now? Sorry if I am out of touch.

https://redd.it/m1y2z3
@r_devops

PromQL assistance with holtwinters

Hi all, I'm new to PromQL (and time series dbs in general) and I'm trying to figure out the below without much of a dev background.

Problem:

\-a count, let's call it "login\count"

\-it's seasonal (repeating after 7 days)

\-it has labels, let's say country

I'd like to set alerts so if the ratio drops below x (let's say 75%).

&#x200B;

Here is what I have so far, but if I remove the label I run into all kinds of issues:

sum(increase(login_count{country="DE"}[10m])) / holt_winters(sum(increase(login_count{country="DE"}[10m]))[7d:],.005,.005)

Here is what I thought I had to do:

sum(increase(login_count[10m])) by country / holt_winters(sum(increase(login_count[10m]))[7d:],.005,.005)

&#x200B;

I'm also not sure that I'm using holt_winters + subqueries correctly, however I seem to be getting the correct results.

https://redd.it/m27cw2
@r_devops

Redis single node to cluster migration

Hello, I have a question. I have a single instance redis (V3.2.12) running. It has now more then 15M+ key value pair. I didn't see it coming in the first place.

&#x200B;

Now I will deploy a 6 node redis cluster (same version, 3 master, 3 slave). My question is how can I migrate to the cluster. For example can I read first 1000 key value pair then dump it into the cluster then again read 1000 pair and so on. Is it possible to do with any redis client? I can develop if required.

&#x200B;

Thanks.

https://redd.it/m1vstw
@r_devops

Question So... what's DevOps?

Hello there,

I'm struggling on the definition of DevOps. For me, it is a combination of support versions systems, CI/CD, containers, microservices, logging and testing. Is that right? What am I missing? If you were to teach someone DevOps, what would be the "core" parts?

https://redd.it/m1zwh9
@r_devops

computer science concepts

Hello,

As a self-taught DevOps guy/Cloud developer, I find myself a little weak on some computer science concepts that your average CS student knows. There are great best practices in DevOps but I think I could benefit from getting familiar with some of the more important concepts out there. Are there any books you'd recommend that might introduce some of those concepts? Even if I don't end up using them, at least I'd be able to relate better to other developers in the organization.

I do want to take Harvard's CS50 but I have too much on my plate now and I am looking for something a little less in terms of time commitment. Something like, CS Fundamentals for Dummies type of book.

Thanks!

https://redd.it/m28tev
@r_devops

Survey - Consequences for staff of data privacy breaches?

Quick survey: who knows of devs that have been at a company where there was a data breach or other data privacy incident? What was the consequences for devs at that company?

- Adam, Head of Developer Relations at dataprotocol.com (US data privacy edtech)

https://redd.it/m29b46
@r_devops

Store encrypted secret in Hashicorp Vault

Right now we're storing secrets as plaintext key value pairs. We got a suggestion about using Transit keys and encrypting our secrets. I'm evaluating this approach right now and although it's more secure, it'll be really troublesome when we have to rotate the Transit keys. I'm afraid it might lead to data corruption in some weird rare cases. We also lose the ability to view the secrets from a GUI but I suppose that can be a good thing as well.

I'm interested to know if others are encrypting their secrets or uploading as plaintext.

https://redd.it/m28qza
@r_devops

How do you synchronize files across repos?

Hey,

I am looking for a smart solution to the following problem: We heavily use GitHub and some features that are dependent on availability of certain files like CONTRIBUTING.md, SECURITY.md, pull request templates and others. Those files are very important for us to have a healthy repository.

Those files should be the same across all of our team repos. As we own about 70 repos a manual solution is not feasible. I have thought about writing a custom script but maybe there is a good solution out there that helps me - similar to a database migration runner.

What it should be able to do:

- synchronize files from a central location to multiple repos (templated or not does not matter)
- integratable in a CI pipeline

https://redd.it/m27j0p
@r_devops

good way to practice AWS and Terraform

Hi,

I'd love to evaluate Terraform and AWS, but my company currently does not use them due to the cost matter.

is there any way I can practice them like creating an infrastructure using Terraform?

https://redd.it/m2d6zb
@r_devops

About creating a sharded mongodb cluster on Kubernetes

Hello everyone,

I do not know much about mongodb. Are there any guides for the following architecture? https://severalnines.com/sites/default/files/shard_repset.png
If there is no which steps should I take? I am thinking about getting mongodb operator and apply it's deployment. After that 1 configmap(not sure if I should use 3 configmap) 3 statefulset for the shards. Probably 1 storage class and 3 pvc.
The thing is that I do not know how can I get baseurl and other required configs to set into configmap? Any senior suggestions?
Thanks

https://redd.it/m2cyh6
@r_devops

Launch HN: Haystack (YC W21) – Engineering analytics that don’t suck

Check out Haystack - an Analytics tool that strictly follows NorthStar Metrics while refusing to single out develops and give engineering leaders insight into how to improve their teams performance.


Check them out on HackerNews


https://news.ycombinator.com/item?id=26413311

https://redd.it/m27f2i
@r_devops

How do you guys automate testing video/audio quality on web broadcast applications?

Hey,

I have some input video and audio. This has to projected through a few services which can be accessed through the browser.

Now I want a way to estimate the video/audio going in is the same as the video coming out. Basically is the quality 'good'.

I was thinking bitrate but would this be enough?

I could compare the pixels between input and output but then I need each frame to match. Same idea with audio but comparing the waveforms. This is assuming that I can compare pixels when the output format could be different.

I know some of these ideas are stupid. Just wondering how others do it.

Thanks in advance!

https://redd.it/m26ypy
@r_devops

CI/CD for a monorepo, how to improve it?

I have a Node monorepo that consists of three apps backed by many libraries

- A server that is currently backed by SQLite
- A web app
- An Electron app

The GitHub repository is kept up-to-date with Dependabot that opens pull requests that I also want tested. I plan to work on features in feature branches, they get merged into dev which is staging and then merged into main which is production.

The CI/CD part feels a little overwhelming though. I have a cheap VPS while I play around with this project but I feel like it's a little brittle.

I have three pipelines set up in Buddy, one for feature branches, one for staging and one for production.

- The feature pipeline will just test and build the project
- The staging pipeline will test, build, deploy to the VPS by uploading the files and run a Docker build, restarting the container, then deploy static files to Netlify
- The production pipeline is the same as staging

The code is kept in /opt/project and data (SQLite database) in /var/opt/project/data. I then mount that var directory into the Docker container.

Notice that I am not doing Electron builds yet, as I think they need to be done on their respective platforms, meaning I can only do Linux builds for now (until I pay for a Windows and macOS server).

The setup just feels a little dirty and I'm not sure if there is a better approach. Especially I wouldn't really be sure how to roll back in case something bad happens. I don't like if my test approach changes for instance, I have to edit it three places with identical setup. Is this a DevOps smell? I was considering looking into GitHub Actions but reviews are mixed.

I would prefer to keep the code on GitHub since I have Pro there but I'm completely open to alternatives if it improves productivity. The project is private.

https://redd.it/m1vwzu
@r_devops

Google cloud vs other cloud solutions for AI/machine learning

Hello! I've looking for proper articles comparing the benefits of going with the GCP solutions(mostly due to TPUs) instead of other cloud solutions like AWS, mainly around NLP but I'm having difficulties finding good comparisons and doing them my self since I am not as familiar with ML since I am a SRE engineer.If you could point me to some articles and/or tell me your personal experience I would much appreciate it, as would others in the future looking to find answers to this question!

https://redd.it/m1zsuk
@r_devops

Terragrunt and Terraspace - when to use it

Hey Guys,

We are planning to move all of our infrastructure into code which is Azure and also we are thinking about vSphere. Currently we have 10 subscriptions in Azure. There are two main teams in the company that has 3 subscriptions each which is DEV/TEST/PROD. We also have few DCs around. I came back to the company after some absence and I would like to push for IaC to simplify the management of it.

One of the guys suggested to use Terragrunt as a wrapper for Terraform. However the problem is that 95% of our team do not have much coding experience even in Terraform etc. The new versions of Terraform fixed some issues that were in previous older versions such as module dependencies etc.

I do understand that Terragrunt would help to deploy same infrastructure across environments, however our environments are not 1 for 1 like so I do not really see a point of adding extra layer of complexity. My point of view is simple. Each environment is different so why would we use Terragrunt in the first place. Eventually, maybe after a long time we will rebuild our environments at least in Azure. For now I just want to move whatever infrastructure we have into code and manage from there.

I would think about using Terragrunt if we would have 1 for 1 like environments. Terraform Cloud and Terraform Enterprise adds more functionality which kind of makes hard to decide if going with Terragrunt is a good option.

What is your opinion about that?

https://redd.it/m1tfda
@r_devops

ELK configuration

Hello everyone, I am starting to do my hands on ELK stack , I am running 5 Eos servers on 5 different AWS regions and I created one new ec-2 instance and installed ELK+ Filebeat on it. Can somebody share any relevant links or guide me how to get the logs of 5 Eos server in the ELK dashboard. I tried couldn't find any good guides!!

https://redd.it/m1t9yi
@r_devops