Kubernetes AppOps Security Series

In 2019 I wrote a series of articles comprising six articles on Kubernetes AppOps Security (Network Policies, Security Context and PodSecurityPolicies) that has successively been published on German magazine JavaSPEKTRUM, starting in it’s 05/2019 issue.

I’m pleased to announce that the series is now completely published and available in English and German on the Cloudogu Blog:

  1. Network Policies – Part 1 – Good Practices | 🖺 original article PDF (German)
  2. Network Policies – Part 2 – Advanced Topics and Tips | 🖺 original article PDF (German)
  3. Security Context – Part 1: Good Practices | 🖺 original article PDF (German)
  4. Security Context – Part 2: Background | 🖺 original article PDF (German)
  5. Pod Security Policies – Part 1: Good Practices | 🖺 original article PDF (German)
  6. Pod Security Policies – Part 2: Exceptions and Troubleshooting | 🖺 original article PDF (German)

Going along with the articles went some open source demos showcasing the appOps security features: cloudogu/k8s-security-demos.

In addition, I had the honor of presenting the topic on several conferences.

Finally, we created a “Cloud Native Appli­cation Security” training at Cloudogu where you can get your hands on these topics, among others.

It has been a most intersting journey on which I learned a lot and experienced lots of support from my dear colleages at Cloudogu. Thank you so much!

Coding Continuous Delivery with Jenkins Pipelines

Starting in their 01/2018 issue, Java aktuell published my four-part articles series Coding Continuous Delivery in German. I’m happy to announce that all parts are now available in English, courtesy of Cloudogu.

The series takes you from zero to continuously delivering your software through a sophisticated Jenkins pipeline. It starts with the fundamentals, heading on to advanced topics such as nightly builds, parallel execution, docker, shared libraries, unit testing, static code analysis with SonarQube and deployment to Kubernetes. All of the topics are described hands-on with examples comparing the scripted with the declarative syntax provided by the Jenkins Pipeline Plugin.

  1. Jenkins pipeline plugin basics | 🖺 original article PDF (German)
  2. Performance optimization for the Jenkins Pipeline | 🖺 original article PDF (German)
  3. Helpful Tools for the Jenkins Pipeline | 🖺 original article PDF (German)
  4. Static Code Analysis with SonarQube and Deployment on Kubernetes et al. with the Jenkins Pipeline Plugin | 🖺 original article PDF (German)

The examples to all articles are contained in this GitHub repository: triologygmbh/jenkinsfile and the builds can be seen in action on this Jenkins server: opensource.triology.de.

My awesome colleagues at Cloudogu GmbH and Triology GmbH – thank you so much for your support. Especially my co-author from the first article, Daniel Behrwind, who got this whole thing started.

Android Logging for Java Professionals – SLF4J and Logback in Android

One of my articles was published in Java Magazin 9.17. I wrote it while working on the nusic android app, about how to use SLF4J in Android using logback-android. It also features an example and a small library for android.

Triology GmbH provides an English version of this article, and also acquired the original article PDF (in German), which can be found here: Android Logging für Java-Profis – SLF4J und Logback in Android. I’d like to thank my colleagues there for their support.

Automatic checks for vulnerabilities in Java project dependencies

 Java aktuell published an article I wrote on a topic at work for TRIOLOGY GmbH.

You can find an English version on the TRIOLOGY Blog: Automatic checks for vulnerabilities in Java project dependencies. The article shows an approach to keeping your Java project dependencies free of known vulnarabilities (e.g. CVEs) using the OWASP Dependency check with Jenkins and Maven. There also is an example project on GitHub.

The original article PDF (in German) is available for download here: Automatisierte Überprüfung von Sicherheitslücken in Abhängigkeiten  von Java-Projekten.

TRIOLOGY also published a short Q&A on the article, which can be found here.