Wilson Mar bio photo

Wilson Mar

Hello!

Calendar YouTube Github

LinkedIn

You gotta have one of each. Or several.

US (English)   Norsk (Norwegian)   Español (Spanish)   Français (French)   Deutsch (German)   Italiano   Português   Estonian   اَلْعَرَبِيَّةُ (Egypt Arabic)   Napali   中文 (简体) Chinese (Simplified)   日本語 Japanese   한국어 Korean

Overview

This page is one of a series on DevSecOps.

There are many choices of specific technologies within each category:

  1. Governance
  2. Development process
  3. Developer laptop

  4. Microservice management
  5. Single-Sign On Authentication
  6. Input formats
  7. Input locations

  8. VPN
  9. Cloud environment
  10. Load Balancer
  11. Content Distribution Network
  12. Server Operating System
  13. Source repository
  14. Bit and Image repository
  15. Continuous Integration Task Runner
  16. Build tool

  17. Specifications repository
  18. Programming Languages
  19. Integrated Development Environments
  20. Static Code Scanner
  21. UX Design Tools
  22. Graphics Processing

  23. Mobile platforms
  24. Mobile testing
  25. Unit/Functional testing
  26. Performance testing
  27. Defect Management (ALM)

  28. Logging and log management
  29. Visualization
  30. In-Memory Databases
  31. Back-end Databases
  32. Geographic Databases

  33. Message queuing
  34. Notifications
  35. Email & SMS
  36. REST API management
  37. Machine Learning
  38. Other technologies

Governance

What is it about forcing manual approval from “executive” level personnel?

Is it to encourage (force) more participation from them?

If so, what do we want them to do before approving or disapproving each request?

How often are those actions actually performed (versus perfunctory approval)?

Since approvals may cause some delay, is the price of such delays worth the actual security increase?

Can those actions be automated to ensure that they actually get done, every time, with less delay?

That is the basic question asked by DevSecOps.

Implications

So many choices lead to integration nightmares as many of the pieces don’t all work together easily.

There is wasted time learning a technology to later learn that it can’t be used (such as Windows Mobile).

Too many choices lead to conflict among people.

There are two extremes in how organizations cope with so many choices:

  • limit fragmentation (and costs) by enfocing available choices

  • allow for individual experimentation for creativity.

Which really yields the fastest speed to market and quality?

Which yield a fragile environment?


Development environment:

Development process

Boards, burn-down charts.

  • Scrum
  • Kanban
  • Lean
  • Atlassian JIRA
  • etc.

Developer laptop

  • Apple Macintosh OSX
  • Microsoft Windows 7
  • Microsoft Windows 10
  • Tablet?

Microservice management

  • Docker
  • Vagrant (on Macs)
  • Mesos (open source)
  • Marathon
  • Docker Swarm
  • Kubernetes
  • VMWare vRealize suite (vRA, vRO)
  • etc.

Single-Sign On Authentication / User Management

  • Forgerock (federated)
  • Okta
  • LDAP
  • ASP.Net Identity
  • PKI/encryption CA server
  • OAuth0 (SaaS)
  • OAuth1 (PKI certificates)
  • OAuth2 (SHA1)
  • etc.

Input formats

  • CSV, JSON, XML, YML, config
  • Google Sheet (online)
  • Excel .xlsx, .xls (Microsoft Office, Office365)
  • Word .docx, .doc (Microsoft Office, Office365)

Input cloud locations

  • Dropbox
  • Box
  • Google Drive
  • Microsoft OneCloud
  • etc.

Servers

  • HP
  • Dell
  • IBM

VPN (Virtual Private Network)

  • Cisco
  • etc.

Cloud environment

  • AWS is the most popular, most expensive
  • Microsoft Azure
  • Google Cloud
  • Heroku (runs in AWS)
  • Rackspace (runs in AWS)

  • HP private cloud
  • Red Hat OpenStack
  • Oracle
  • etc.

Load Balancer

  • F5
  • etc.

Content Distribution Network

  • GitHub Issues (free)
  • Amazon EC2 (subscription)
  • Google (subscription)
  • etc.

Server Operating System

  • Shell scripts
  • CentOS (open source)
  • Ubuntu (open source)
  • RedHat Enterprise Linux (licensed)
  • etc.

Source repository

  • GitHub (the most popular, supported by AWS CodePipeline)
  • Bitbucket
  • Stash (Atlassian)
  • Subversion
  • Mercurial (hg)
  • Perforce
  • Assembla
  • BeanstalkApp
  • Codebase
  • Gitlab
  • Gitorious
  • ProjectLocker
  • Kiln
  • Solano (supported by AWS CodePipeline)
  • CodeCommit in AWS cloud
  • etc.

Bit and Image Repository

  • Artifactory (open source)
  • Nexus
  • etc.

Task runner CI

  • Jenkins (licensed Cloudbees SaaS)
  • CircleCI
  • TravisCI
  • Concourse (from )
  • Fabric
  • CodeShip.com
  • CruiseControl
  • Bamboo from Atlassian (licensed)
  • TFS from Microsoft (licensed)
  • TeamCity from JetBrains (licensed)
  • Wercker (pronounced like worker)
  • AppVeyor
  • BuildForge

Build Tool

  • Ant for Java
  • NAnt for .NET
  • Phing for PHP
  • Rake for Ruby based on haml files.
  • Maven
  • Grunt, Gulp (for Node)
  • ActionScript (Mac)
  • etc.

Specifications repository

  • Swagger
  • RAML
  • WADL
  • etc.

Programming Languages

  • Scala is the new darling
  • Java continues to dominate

  • C# (ASP.NET or MVC) from Microsoft

  • Python
  • Perl
  • PHP

  • Clojure
  • Go (popular within Google)
  • etc.

Integrated Development Environments

  • JetBrains
  • Eclipse (favored by Java)
  • Visual Studio with ReSharper, TestDriven.Net
  • etc.

Static Code Scanner

  • custom for the language
  • SonarQube
  • Persoft
  • etc.

UX Design Tools

  • Axure
  • Photoshop PXD
  • etc.

Graphics Processing

  • Adobe Photoshop
  • Sketch (Mac)
  • etc.

Mobile platforms

  • Desktop (GitHub Electron)
  • Google Android (Java) native
  • Apple iOS native
  • Hybrid Web (Sencha and others based on Apache Cordova)
  • Generators (React Native from JavaScript v6)
  • etc.

Mobile testing

  • Appium (Java)
  • Perfecto (mobile device cloud)
  • SauceLabs
  • Amazon Device Cloud
  • etc.

Unit & Functional testing

  • Karma with Jasmine
  • Selenium (Java, JavaScript, .NET, etc.)
  • RedwoodHD
  • Mocha
  • etc.

Performance testing

  • JMeter (Java)
  • SOASTA (cloud subscription)
  • etc.

Defect Management (ALM)

  • FogBugz
  • etc.

Logging and log management

  • Logstash / ElastiSearch (open source)
  • AppDynamics
  • NewRelic

  • SumoLogic (subscription)
  • AWS (subscription)
  • Splunk
  • etc.

Data Visualization

  • Kibana (from Elastisearch)
  • Tableau
  • Qlik
  • PowerBI
  • etc.

In-Memory Databases

  • Redis
  • SQLite (mobile)
  • HTML5 local storage

  • Varnish
  • Memcached
  • etc.

Back-end Databases

  • Cassandra
  • CouchDB
  • Neo4J graph database
  • MongoDB
  • SparkDB

  • PostgreSql
  • MySQL (local and in Amazon)
  • Microsoft SQL Server
  • Oracle
  • DynamoDB
  • etc.

Geographic Databases

  • Google Maps
  • Bing Maps
  • ESRI
  • Route optimization (machine learning)
  • etc.

Message queuing

  • ZeroMQ
  • Kafka
  • ActiveMQ
  • Amazon
  • MSMQ
  • TIBCO
  • etc.

Notifications

  • PagerDuty
  • Zapier
  • etc.

Email & SMS

  • Microsoft Exchange
  • Microsoft Sharepoint
  • SMS gateway server
  • Fax gateway server
  • etc.

REST API management

  • Mulesoft
  • Mashery (Intel)
  • etc.

Machine Learning

  • Tensorflow (Google)
  • Semantic Analysis
  • Recommender
  • etc.

Other technologies

  • Text to speech
  • Computer vision (XBox)
  • Drones
  • Gaming (Unity)
  • GLib, Maya (motion graphics)
  • etc.

More on DevOps

This is one of a series on DevOps:

  1. DevOps_2.0
  2. ci-cd (Continuous Integration and Continuous Delivery)
  3. User Stories for DevOps
  4. Enterprise Software)

  5. Git and GitHub vs File Archival
  6. Git Commands and Statuses
  7. Git Commit, Tag, Push
  8. Git Utilities
  9. Data Security GitHub
  10. GitHub API
  11. TFS vs. GitHub

  12. Choices for DevOps Technologies
  13. Pulumi Infrastructure as Code (IaC)
  14. Java DevOps Workflow
  15. Okta for SSO & MFA

  16. AWS DevOps (CodeCommit, CodePipeline, CodeDeploy)
  17. AWS server deployment options
  18. AWS Load Balancers

  19. Cloud services comparisons (across vendors)
  20. Cloud regions (across vendors)
  21. AWS Virtual Private Cloud

  22. Azure Cloud Onramp (Subscriptions, Portal GUI, CLI)
  23. Azure Certifications
  24. Azure Cloud

  25. Azure Cloud Powershell
  26. Bash Windows using Microsoft’s WSL (Windows Subsystem for Linux)
  27. Azure KSQL (Kusto Query Language) for Azure Monitor, etc.

  28. Azure Networking
  29. Azure Storage
  30. Azure Compute
  31. Azure Monitoring

  32. Digital Ocean
  33. Cloud Foundry

  34. Packer automation to build Vagrant images
  35. Terraform multi-cloud provisioning automation
  36. Hashicorp Vault and Consul to generate and hold secrets

  37. Powershell Ecosystem
  38. Powershell on MacOS
  39. Powershell Desired System Configuration

  40. Jenkins Server Setup
  41. Jenkins Plug-ins
  42. Jenkins Freestyle jobs
  43. Jenkins2 Pipeline jobs using Groovy code in Jenkinsfile

  44. Docker (Glossary, Ecosystem, Certification)
  45. Make Makefile for Docker
  46. Docker Setup and run Bash shell script
  47. Bash coding
  48. Docker Setup
  49. Dockerize apps
  50. Docker Registry

  51. Maven on MacOSX

  52. Ansible
  53. Kubernetes Operators
  54. OPA (Open Policy Agent) in Rego language

  55. MySQL Setup

  56. Threat Modeling
  57. SonarQube & SonarSource static code scan

  58. API Management Microsoft
  59. API Management Amazon

  60. Scenarios for load
  61. Chaos Engineering