Digest #167: 37signals Ditches AWS, Kubernetes Build-vs-Buy, Capital One’s Serverless Patterns, npm Malware Hits Thousands, and GitHub Actions Hardening
$10M AWS exit lessons, real-world Lambda at scale, malicious npm packages, Jenkins attack paths, CI/CD security tips, OPA with Terraform, and open-source tools from Docker2exe to Cloud Snitch.
Welcome to this week’s edition of the DevOps Bulletin!
Kubernetes is powerful—but maintaining it yourself can be a full-time job. This week, we’re sharing a free whitepaper to help you evaluate the “build vs. buy” decision for Kubernetes infrastructure management. If you’ve ever wondered whether your team should keep operating clusters in-house or switch to a managed solution, this guide is for you.
In the news: 37signals just finished their full AWS exit—including S3—and claims they’ll save over $10M. Meanwhile, AWS rolled out a new security tool… that introduced a new vulnerability. Over 3,200 developers were hit by a malicious npm package campaign through Cursor. And there’s a new browser on the block—the first container-aware browser, designed for secure workloads.
This week’s featured video comes from Capital One, where engineers break down how they run AWS Lambda at scale. You’ll hear about their real-world serverless patterns, the operational challenges they’ve faced, and the hard-earned tips they’ve picked up along the way.
Our tutorials section is packed with hands-on guides:
How to harden GitHub Actions from common attack vectors
Hijacking NodeJS Jenkins agents in CI/CD pipelines
50 ways to isolate traffic for better security and network segmentation
How async/await really works in Python
Using OPA with Terraform for policy-as-code
How to implement state machines in PostgreSQL
Why AWS defaults can open you up to service takeovers
And don’t miss this week’s open-source spotlights:
Docker2exe: convert a Docker image into a sharable executable
Cloud Snitch: visualize AWS activity in a beautiful interactive map
Know Your Enemies: detect third-party access in your AWS roles and S3 policies
Qtap: an eBPF agent for capturing rich, pre-encrypted network context
SQL Scope: convert SQL queries across dialects with ease
All this and more in this week’s DevOps Bulletin—don’t miss out!
Kubernetes Infrastructure Management: Build vs Buy
Are you spending more time managing Kubernetes than building the products that set your business apart from the competition? You’re not alone—many organizations struggle with the “build vs. buy” decision when it comes to Kubernetes infrastructure management. Learn the pros and cons for approach so you can make the decision that best meets the needs of your organization - Download now!
Newsworthy Stories
Video of the week
Tutorials of the week
Projects of the week
Docker2exe is a tool can be used to convert a Docker image to an executable that you can send to your friends!
Cloud Snitch gives you a comprehensive look at your AWS account activity in a sleek and intuitive map view.
Qtap is an eBPF agent that captures pre-encrypted network traffic, providing rich context about egress connections and their originating processes.
Know Your Enemies is a tool that analyzes IAM Role trust policies and S3 bucket policies in your AWS account to identify third-party vendors with access to your resources.
SQL Scope allows to convert SQL queries between different dialects effortlessly.
Void is the open-source Cursor alternative. Use AI agents on your codebase, checkpoint and visualize changes, and bring any model or host locally.
Core is open source framework for building powerful, fast, elegant 2D and 3D apps that run on macOS, Windows & Linux.
Meme of the week
If you have feedback to share or are interested in sponsoring this newsletter, feel free to reach out via LinkedIn, or simply reply to this email.