Clik here to view.
How to manage Free and Open Source Software dependencies?
We exist in an increasingly complex ecosystem of Free and Open Source Software, FOSS, and it's dependencies. Having done a bit of analysis on one medium size project there are over 1,500 dependent...
View ArticleConstructing Dependencies from a Pillar in Saltstack
I'm trying to create a dummy state in Salt to pull dependencies from a list derived from a pillar.In my top.sls file, I have:base:'*': - componentsThen, in components.sls, I have:{% if 'components' in...
View ArticleUsing requisite injection to order states
Given three states, /root/a, /root/b and /root/c, I want /root/c to execute before /root/b, and /root/b to execute before /root/a.Given a Salt SLS file salt://ordertest/init.sls:/root/a: file.managed:...
View ArticleWhat is recommended to document an IT technology stack, including their...
Working for a large company with over 500 IT staff and over a 1,000 servers, with each server running its own business applications, we have a tremendous information and co-ordination challenge in...
View ArticleClik here to view.
Mitigating Maven Central risks as seen from the DevSecOps perspective
AFAIK there are two official primary repositories for Maven packages (Java language):search.maven.org offered by Sonatype Inc.mvnrepository.com offered by a private person @frodriguezNow obviously it...
View ArticleWhat package managers are supported on Microsoft hosted agents with CMake...
Here, I can read that it is possible to setup a CMake build on a Microsoft hosted vsts agent. What C++ package managers (e.g. Conan) are supported for these agents?It would be great if at least one of...
View ArticleBuild Design - Docker vs Fedora's Mock
This post is migrated from a reddit post. Parts in bold are to adopt it to SE's format.I'm talking with companies to help streamline/combine their build process. They must do it together and their...
View ArticleHow can I ensure Helm doesn't install a dependency twice?
If I have a chart, say ChartA, that has a dependency on ChartB, I want to only install ChartB if it hasn't been installed already.Why? Let's say I run 2 copies of ChartA, and they both need a special...
View ArticleCannot understand jenkins deployment error
I am new to jenkins, and i am trying to make a deployment into a remote serve, but i am getting the following error: Current dependency:com.vmd positionWatchLoader latest.integration:: loading settings...
View ArticleDoes `npm audit` add any value when using `dependabot`
ContextThere are multiple ways to scan projects for vulnerabilities.Dependabot can be configured to check repositories for issues, and automatically submits pull requests to resolve.NPM Audit will scan...
View ArticleWhy do companies use JFrog Artifactory or other repositories instead of Maven...
I have usually seen that when someone uses Maven on a company network to download dependencies, then user is redirected to the JFrog Artifactory or any other, instead of downloading dependencies from...
View ArticleBest practices for managing Github actions + workflows in an organization?
In my organization, we have more than a hundred repos, most of them use their own workflows but also reusable workflows that are located in a designated repo, that also holds all of our self made...
View ArticleHow to get Dependabot to create PRs for Cargo.toml, not Cargo.lock?
I want to receive automatic dependency update GitHub notifications for a Rust binary package. I have a Cargo.toml like this:[package]...[dependencies]sophia = "0.8.0-alpha.1"actix-web = "4"multimap =...
View ArticleHow are the host, build, and target platforms of a package defined?
https://www.uber.com/blog/bootstrapping-ubers-infrastructure-on-arm64-with-zig/ says:A host is the machine that is compiling the binary. A target is themachine that will run the binary. In native...
View ArticleWhat are some tricks and cool hacks on a iPhone 11 [closed]
What are some neat things an iPhone 11 can do that I don’t knowI’m jus trying to find new things out about my new phone and get to know it well
View Article