Last but not least, after Spectre and Meltdown, the question arises: „Would I already be hacked or have I just not noticed it yet? So why not make a virtue out of necessity and adopt your own systems? The learning curve is steep, but it helps to recognize and minimize risks. It is essential that security know-how is built up in the team. The first step is to create an awareness of the problem. Especially for agile teams it is therefore important to establish different control points with automatic security tests. In addition to static code analyses, however, it helps enormously to get yourself into the role of the attacker.
In the DevOps lifecycle, configuration management has always been an integral part of maintaining the desired system state. Many common tools such as Chef, Puppet, Ansible, SaltStack were used for configuration management. But before the configuration can be used in production, it has to be tested because different systems behave differently with the same configuration. So we have to be aware that our desired configuration state goes through every test scenario before it is applied to production. This is where Molecule comes into play.
With the release of npm 6.0, npm audit was announced, a new tool designed to increase security when working with open source code. Now npm audit is available, not only in npm@6, but can also be used with previous versions.
In unserer Artikelreihe voices of holistikoenner/innen (VoH) bei Medium.com wurde ein Artikel von mir publiziert. Darin geht es recht techniklastig um das Problem des Bauens von sogenannten „fat jars“.
Meiner Meinung nach sollte das Ziel von Java-Entwicker*innen sein, keine „fat jars“ zu erzeugen, sondern beim Erstellen von lauffähiger Java-Software auf schlauere Mechanismen zurück zu greifen.