DevOps Tools for Java Developers (Early Release) Download Free

Author(s): Stephen Chin, Melissa McKay, Ixchel Ruiz, and Baruch Sadogursky

Publisher: O’Reilly Media, Year: 2022

ISBN: 9781492084020,9781492083955

 Table of contents :

1. DevOps for (or Possibly Against) Developers
DevOps is an entirely invented concept, and the inventors came from the Ops side of the equation
Exhibit #1: The Phoenix Project
Exhibit #2: The DevOps Handbook
Google It
What Does It Do?
State of the Industry
What Constitutes Work?
If We’re Not About Deployment and Operations, Then Just What Is Our Job?
Just What Does Constitute Done?
Rivalry?
More Than Ever Before
Volume and Velocity
Done and Done
Fly Like a Butterfly…
Integrity, Authentication, and Availability
Fierce Urgency
The software industry has fully embraced DevOps
Making It Manifest
We all got the message
2. The System of Truth
Three Generations of Source Code Management
Choosing Your Source Control
Making Your First Pull Request
Git Tools
Git Command Line Basics
Git Command Line Tutorial
Git Clients
Git IDE Integration
Git Collaboration Patterns
git-flow
GitHub Flow
Gitlab Flow
OneFlow
Trunk Based Development
Summary
3. Dissecting the Monolith
Monolithic architecture
Granularity and functional specification
Cloud Computing
Service Models
Microservices
Definition
Anti-Patterns
DevOps & Microservices
Microservice Frameworks
Spring Boot
Micronaut
Quarkus
Helidon
Serverless
Setting Up
Conclusion
4. Continuous Integration
Adopt Continuous Integration
Declaratively Script Your Build
Build With Apache Ant
Build With Apache Maven
Build With Gradle
Automate Tests
Run Unit Tests Automatically
Monitor and Maintain Tests
Speed Up Your Test Suite
Continuously Build
5. Package Management
Why build-it-and-ship-it is not enough
It’s all about metadata
What’s metadata?
Determining the metadata
Capturing metadata
Writing the metadata
Dependency management basics for Apache Maven & Gradle
Dependency management with Apache Maven
Dependency management with Gradle
Dependency management basics for containers
Artifact Publication
Publishing to Maven Local
Publishing to Maven Central
Publishing to Sonatype Nexus
Publishing to JFrog Artifactory
6. Securing Your Binaries
Supply Chain Security Compromised
What Happened at SolarWinds?
Security from the Vendor Perspective
Security from the Customer Perspective
The Full Impact Graph
Securing your DevOps infrastructure
The Rise of DevSecOps
The Role of SREs in Security
Static and Dynamic Security Analysis
Static Application Security Testing
Disadvantages of the SAST approach
Dynamic Application Security Testing
Comparing SAST and DAST
The Common Vulnerability Scoring System
CVSS Basic Metrics
CVSS Temporal Metrics
CVSS Environmental Metrics
CVSS Summary
Extent of Security Scanning
Time to Market
Make or Buy
One-time and Recurring Efforts
How much is enough?
Compliance versus Vulnerabilities
Compliance Issues: Singular Points in your Full-Stack
Vulnerabilities: Can be Combined into Different Attack-Vectors
Vulnerabilities: Timeline from Inception Through Production Fix
Test Coverage is your Safety-Belt
Security scanning as a Promotion Quality Gate
Fit with Project Management Procedures
Implementing Security with the Quality Gate Method
Risk Management in Quality Gates
Practical Applications of Quality Management
Shift Left to the CI and the IDE
Not All Clean Code is Secure Code
Effects on Scheduling
The Right Contact Person
Dealing with Technical Debt
Advanced Training on Secure Coding
Milestones for Quality
The Attacker’s Point of View
Methods of Evaluation
Be Aware of Responsibility
7. Mobile Workflows
Fast-paced DevOps workflows for mobile
Android Device Fragmentation
Android OS Fragmentation
Building for Disparate Screens
Hardware and 3D Support
Continuous Testing on Parallel Devices
Building a Device Farm
Mobile Pipelines in the Cloud
Planning a Device Testing Strategy
Summary
8. Continuous Deployment Patterns and Antipatterns
Why Everyone Needs Continuous Updates
User Expectations on Continuous Updates
Security Vulnerabilities Are the New Oil Spills
Getting Users to Update
Case Study: Java Six Month Release Cadence
Case Study: iOS App Store
Continuous Uptime
Case Study: Cloudflare
The Hidden Cost of Manual Updates
Case Study: Knight Capital
Continuous Update Best Practices