DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers

✍ Scribed by Stephen Chin; Melissa McKay; Ixchel Ruiz; Baruch Sadogursky

Publisher: O'Reilly Media, Inc.
Year: 2021
Tongue: English
Leaves: 324
Edition: 4
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

With the rise of DevOps, low-cost cloud computing, and container technologies, the way Java developers approach development today has changed dramatically. This practical guide helps you take advantage of microservices, serverless, and cloud native technologies using the latest DevOps techniques to simplify your build process and create hyperproductive teams.

Stephen Chin, Melissa McKay, Ixchel Ruiz, and Baruch Sadogursky help you evaluate an array of options. The list includes source control with Git, build declaration with Maven and Gradle, CI/CD with CircleCI, package management with Artifactory, containerization with Docker and Kubernetes, and much more. Whether you're building applications with Jakarta EE, Spring Boot, Dropwizard, MicroProfile, Micronaut, or Quarkus, this comprehensive guide has you covered.

Explore software lifecycle best practices
Use DevSecOps methodologies to facilitate software development and delivery
Understand the business value of DevSecOps best practices
Manage and secure software dependencies
Develop and deploy applications using containers and cloud native technologies
Manage and administrate source control repositories and development processes
Use automation to set up and administer build pipelines
Identify common deployment patterns and antipatterns
Maintain and monitor software after deployment

✦ Table of Contents

DevOps for (or Possibly Against) Developers
DevOps is an entirely invented concept, and the inventors came from the Ops side of the equation
Exhibit #1: The Phoenix Project
Exhibit #2: The DevOps Handbook
Google It
What Does It Do?
State of the Industry
What Constitutes Work?
If We’re Not About Deployment and Operations, Then Just What Is Our Job?
Just What Does Constitute Done?
Rivalry?
More Than Ever Before
Volume and Velocity
Done and Done
Fly Like a Butterfly…
Integrity, Authentication, and Availability
Fierce Urgency
The software industry has fully embraced DevOps
Making It Manifest
We all got the message
The System of Truth
Three Generations of Source Code Management
Choosing Your Source Control
Making Your First Pull Request
Git Tools
Git Command Line Basics
Git Command Line Tutorial
Git Clients
Git IDE Integration
Git Collaboration Patterns
git-flow
GitHub Flow
Gitlab Flow
OneFlow
Trunk Based Development
Summary
Dissecting the Monolith
Monolithic architecture
Granularity and functional specification
Cloud Computing
Service Models
Microservices
Definition
Anti-Patterns
DevOps & Microservices
Microservice Frameworks
Spring Boot
Micronaut
Quarkus
Helidon
Serverless
Setting Up
Conclusion
Continuous Integration
Adopt Continuous Integration
Declaratively Script Your Build
Build With Apache Ant
Build With Apache Maven
Build With Gradle
Automate Tests
Run Unit Tests Automatically
Monitor and Maintain Tests
Speed Up Your Test Suite
Continuously Build
Package Management
Why build-it-and-ship-it is not enough
It’s all about metadata
What’s metadata?
Determining the metadata
Capturing metadata
Writing the metadata
Dependency management basics for Apache Maven & Gradle
Dependency management with Apache Maven
Dependency management with Gradle
Dependency management basics for containers
Artifact Publication
Publishing to Maven Local
Publishing to Maven Central
Publishing to Sonatype Nexus
Publishing to JFrog Artifactory
Securing Your Binaries
Supply Chain Security Compromised
What Happened at SolarWinds?
Security from the Vendor Perspective
Security from the Customer Perspective
The Full Impact Graph
Securing your DevOps infrastructure
The Rise of DevSecOps
The Role of SREs in Security
Static and Dynamic Security Analysis
Static Application Security Testing
Disadvantages of the SAST approach
Dynamic Application Security Testing
Comparing SAST and DAST
The Common Vulnerability Scoring System
CVSS Basic Metrics
CVSS Temporal Metrics
CVSS Environmental Metrics
CVSS Summary
Extent of Security Scanning
Time to Market
Make or Buy
One-time and Recurring Efforts
How much is enough?
Compliance versus Vulnerabilities
Compliance Issues: Singular Points in your Full-Stack
Vulnerabilities: Can be Combined into Different Attack-Vectors
Vulnerabilities: Timeline from Inception Through Production Fix
Test Coverage is your Safety-Belt
Security scanning as a Promotion Quality Gate
Fit with Project Management Procedures
Implementing Security with the Quality Gate Method
Risk Management in Quality Gates
Practical Applications of Quality Management
Shift Left to the CI and the IDE
Not All Clean Code is Secure Code
Effects on Scheduling
The Right Contact Person
Dealing with Technical Debt
Advanced Training on Secure Coding
Milestones for Quality
The Attacker’s Point of View
Methods of Evaluation
Be Aware of Responsibility
Mobile Workflows
Fast-paced DevOps workflows for mobile
Android Device Fragmentation
Android OS Fragmentation
Building for Disparate Screens
Hardware and 3D Support
Continuous Testing on Parallel Devices
Building a Device Farm
Mobile Pipelines in the Cloud
Planning a Device Testing Strategy
Summary
Continuous Deployment Patterns and Antipatterns
Why Everyone Needs Continuous Updates
User Expectations on Continuous Updates
Security Vulnerabilities Are the New Oil Spills
Getting Users to Update
Case Study: Java Six Month Release Cadence
Case Study: iOS App Store
Continuous Uptime
Case Study: Cloudflare
The Hidden Cost of Manual Updates
Case Study: Knight Capital
Continuous Update Best Practices

📜 SIMILAR VOLUMES

DevOps Tools for Java Developers: Best P

📁 DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers

✍ Stephen Chin; Melissa McKay; Ixchel Ruiz; Baruch Sadogursky 📂 Library 📅 2021 🏛 O'Reilly Media, Inc. 🌐 English

DevOps Tools for Java Developers: Best P

📁 DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers

✍ Stephen Chin, Melissa McKay, Ixchel Ruiz, Baruch Sadogursky 📂 Library 📅 2022 🏛 O'Reilly Media 🌐 English

Continuous Delivery in Java: Essential T

📁 Continuous Delivery in Java: Essential Tools and Best Practices for Deploying Code to Production

✍ Daniel Bryant, Abraham Marín-Pére 📂 Library 📅 2018 🏛 O'Reilly Media 🌐 English

Continuous Delivery in Java essential to

📁 Continuous Delivery in Java essential tools and best practices for deploying code to production

✍ Bryant, Daniel;Marín-Pérez, Abraham 📂 Library 📅 2018;2019 🏛 O'Reilly Media 🌐 English

Continuous delivery adds enormous value to the business and the entire software delivery lifecycle, but adopting this practice means mastering new skills typically outside of a developer's comfort zone. In this practical book, Daniel Bryant and Abraham Marín-Pérez provide guidance to help experience

DevOps Tools for Java Developers

📁 DevOps Tools for Java Developers

✍ Stephen Chin; Baruch Sadogursky; Melissa McKay; Ixchel Ruiz 📂 Library 📅 2021 🏛 O'Reilly Media, Inc. 🌐 English

DevOps Tools for Java Developers (Early

📁 DevOps Tools for Java Developers (Early Release)

✍ Stephen Chin, Melissa McKay, Ixchel Ruiz, and Baruch Sadogursky 📂 Library 📅 2022 🏛 O’Reilly Media 🌐 English