This is the show by and for DevSecOps practitioners who are trying to survive information overload, get through marketing nonsense, do right technology bets, help their organizations to deliver value and last but not the least to have some fun. Tune in for talks about technology, ways of working and news from DevSecOps. This show is not sponsored by any technology vendor and trying to be as unbiased as possible. We talk like no one is listening! For good or bad :) For more info, show notes, and discussion of past and upcoming episodes visit devsecops.fm
DEVSECOPS Talks #17-2020 - Best Practices for Building Docker Images
This is the first episode in the new format - 30 minutes short and crisp episodes, i.e., less water and side discussions, focusing on the topic, duration under (well, almost under) 30 minutes. We hope you like it! The topic of this episode is building docker images - automation, security, best practices. In this episode, we discuss:Saving money with T3a familyBuilding Docker images locally and in CISetting up deamonless Docker builds for CI and k8sUsing multistage builds to keep your images nice and clean as well as encapsulate the build environment and make it portablePassing secrets to Docker build and inspecting image layers for secrets (ssh-agent and many more)Keeping Docker images updated with dependencies and updatesScanning Docker images for vulnerabilitiesDocker image layers caching - doing it rightDockerHub is to delete old images stored for free, and GitHub is ready to host them for youDocker image naming so you can find all you need to debug quickly In some of the information overlaps with episode #3 but greatly extends information provided before https://devsecops.fm/episodes/docker-secure-build/ Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion
DEVSECOPS Talks #16-2020 - Do you need a staging environment?
In this episode, we discuss options for splitting your deployment stages.We hear people coming up with all possible type of environments - dev, test/QA, integration, stage, prod, etcHow many do you actually need? What is the reason for having all those stages?Maybe do you need less? Why not deploy directly to production using some fancy technique?Put it simply - stage or not to stage? Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion
DEVSECOPS Talks #15-2020 - Remote Work Security
Let's talk about security in the era of remote work. Most of us have experienced a flaky VPN connection.What are the alternatives? SSH certificates? Yubikey?We discussed various topics around security inside a cluster and outside. Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion
DEVSECOPS Talks #14-2020 - Theory of constraint
This time, we are joined by Henrik Høegh who shares his unique perspective on applying the theory of constraint to IT transformation as well as how it applies in the world of Cloud Native. We go back to the origin of DevOps, discussing the various problems companies are facing when transforming their organizations and adopting cultural changes. Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion
DEVSECOPS Talks #13-2020 - All you need to know about setting up HashiCorp Vault
Mattias wants to setup HashiCorp Vault and quizzes Andrey how to do that.We cover a lot of ground - from basic Vault concepts to setting it up and hardening.
DEVSECOPS Talks #12-2020 - Scale and Scaling
Julien and Andrey got together to define the scale and ways to automate the scaling of your infrastructure in response to changes in load patterns.What are the prerequisites implementing scaling? What is cooling down, warm up, horizontal and vertical scaling, scale-up, and scale in? What are the metrics that could be useful for making scaling decisions?And last but not least, the very unexpected spin that Julien gives to the conversation. Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion