At AWS re:Invent 2019

I've always dreamed of being at reInvent and this year, not only do I get to be at re:Invent, I also get a chance to lead a Dev Chat. I'm really excited to be there, to present and more importantly, to meet and interact with other AWS Heroes and re:Invent participants. Last year, I was honoured to being named as one of the Community Heroes and almost made it to re:Invent 2018.

Setting up a secure Docker image scanning solution with Anchore and Drone CI

A while back I had done a round up of a few container scanning solutionsand had mentioned I wanted to take another look at Anchore. The past few days, I've been playing a bit with Anchore – this time, integrating it with Drone CI. Drone is a “Container-Native, Continuous Delivery Platform” built using Go. It makes use of a YAML file, .drone.yml to define and execute the pipeline. End Goal For this project, we will be integrating Drone and Anchore.

So I wrote a book: presenting Practical Docker With Python

So yeah that actually happened! I've always wanted to publish a book and thanks to Apress publishing – that is a reality now. The book is titled “Practical Docker With Python: Build, Release and Distribute your Python App with Docker” and is targeted at people who are new to Docker and want to containerize their application (with an example Python chat bot). The book starts with a brief introduction to containers and Docker, guides you on how to get started with Docker before diving into deeper topics such as Docker Networks, Volumes and Compose.

Scanning Docker Image for Vulnerabilities with Aqua MicroScanner

Containers are slowly becoming the standardized units of deployment. As containers become more popular, they also become the focus targets for attacking the system via vulnerabilities present in the packages within the image. There are quite a few container vulnerability scanning solutions (example: Clair, Twistlock, Aqua) – however most of them are either commercial or require an elaborate setup, which makes it difficult for individual developers to involve them as part of the container build process.

Convert newsletters to RSS feeds with Kill-The-Newsletter

Long time, no write! Newsletters have become all the rage these days and I guess for good reason –  they're curated, come in (usually) once a week and typically offer a respite from the deluge of news that comes in why typical RSS Feeds or via Twitter. Naturally I subscribed to few initially and then the list of newsletters increased – and now I am stuck with a newsletter bomb in my Inbox

Accessing Chef Databag Items from within attributes

In Chef parlance, databagsare global variables saved in JSON format and are stored and accessible on the Chef server. Given that these are indexed and can be searched up along with the fact that they can be encrypted make them ideal candidates to store secrets such as credentials/ssh keys. Chef provides an easy way to search and fetch databag and databag items from within a recipe: For ex to fetch a databag called admins, it's as easy as:

Of nginx’s mid cut off responses and proxy buffers

Among the services I look after, the biggest and high-profile – is the user facing website. The website is your bog-standard typical frontend(powered by Express/Angular) which fetches data via an API which is powered by the backend(built on Rails). Typical flow is that Express receives the request from the browser, makes a request to the backend which is then served using Rails API via nginx which acts as the reverse proxy.