17 hours agoMember-onlyMeasuring the performance of Python chunks in different environmentsThere are many libraries for measuring the performance of Python code. These tools are called profiling tools. Even the Python core library has its own, but it’s a bit cumbersome to use it, and, usually, they were not created for living with our production code. Some examples are: timeit profile …Python3 min read
Aug 24, 2021Member-onlyDevSecOps series No 4 — Protecting environment variables in the most well-known C.I. systemsIn a C.I. / C.D. pipeline is very a common task to use environment variables as a way to store service credentials (like AWS Secret keys or database user/password). Most used and well-known automation systems have specific features to manage sensitive information. In this post, I’ll cover the four most…Devsecops3 min read
Aug 21, 2021Member-onlyDevSecOps series No 3 — Old-fashion issues in DevOps: Zip BombsToday I’ll talk about an old-new attack that can affect your production systems: a Zip bomb. This concept is not new. Following Wikipedia first time Zip Bomb concept was mentioned was in 2001. TL;DR The idea of the Zip bomb is very simple. An attacker can create a special version of…Devsecops4 min read
Published in Geek Culture·Aug 4, 2021Member-onlyDevSecOps series No. 2 — Automatic checking Dockerfiles for securityA lot of was written about Docker security and how to create secure Dockefiles. You can reach on Google about security tips and best practices. This is nice but still there’s a big problem to solve: how to automate the security checking. Steps for building a Docker image Create a docker image have two steps: Write…Devsecops3 min read
Jul 31, 2021Member-onlyDevSecOps series No. 1 — Breaking the CI/CD by using evil Git repositoriesThis is the first post of a serie about DevSecOps. We’ll discuss about (in)security in DevSecOps process. Today we’ll check security in building process when you need external GIT. GIT in the CI process Cloning GIT repositories is an usual task for a CI pipeline when you’re building artefacts. Some programming languages do more use…Devsecops2 min read
Nov 12, 2020Member-onlyPython Quiz n1 — Merging Python dictionariesEvery week we publish a Python quiz in my twitter account. Only for fun! The summary of question for this weed was: Subject: Dictionaries Difficulty: 2/5 You can reach the question at the original tweet: Correct answer Ok. Spoiler here. Correct answer is Option C. But, why…? A brief explanation Before all, the question…Python2 min read
Jun 1, 2020Member-onlyPython JSON vs PickleWhen we need to serialize data we must consider different types of serializers. Python developers have some of them build in but, what’s more efficient? JSON vs Pickle Python standard library includes JSON and Pickle mechanisms for serializing data. …Python2 min read
May 27, 2020Member-onlylxml in multi-step Docker imageslxml is a nice Python library for parsing XML files. Very efficient and powerful but it has C binary dependencies that are a bit complicated install some times. The problem with lxml and Docker is that we need the compiled binary dependencies in the final image. …Python2 min read
May 25, 2020Member-onlyPython Docker Images in less than 50MBI’m Python developer and Docker user. I like Python. It’s simple and developing process is very fast, but usually it’s not the best choice if you want a small distributable software. It’t very common that a Python project is packaged as Docker Image with some hundreds of MB. Even for…Python2 min read