If you're lucky enough to have platform group in your company, @thecote shares three things you should ask them to help you with.

Tanzu Developer Advocate and Enlightning host Whitney Lee speaks with Tanzu Solutions Architect, Alex Barbato to unpack the Software Bill of Material (SBOM). SBOMs have gained a lot of attention in the past decade, most recently as a result of a slew of White House Executive Orders on improving cybersecurity and service delivery. Listen in as they discuss the most common use cases for SBOMs, using CVEs for triage and remediation, as well as the Vulnerability Exploitability Exchange (VEX), and much more!

Fresh from working on developer platforms at Uber, Serdar Badem tells us his experience working on improving developer productivity. He's working at Tanzu now and so he also discusses the work we're doing to help improve developer productivity.

Security is something we all need, and something we would all love to forget about. 🙂 Kubescape is a CNCF project that helps to secure your clusters easily and quickly. It helps you validate the configuration of your control plane, workloads, and RBAC; and it finds vulnerabilities, cutting the noise very effectively. In general, Kubescape assists with hardening configurations like network policies and seccomp profiles.

Index.

Nandish Parmar, director for virtualization platforms at Solera, explains how different teams, when using their own tool sets, bring the need for a solution that can work across those scenarios. Developer education is also a challenge as they must understand pods, containers, and all dependencies running on Kubernetes platforms.

Applications running in virtual machines (VMs) are mostly static and single tenant, relying on backup of the file system. Kubernetes is a multitenant environment with lots of metadata information (e.g., config maps, secrets, pods, etc.) and distributed applications. So, a Kubernetes data protection solution needs to understand Kubernetes patterns to deal with continuous changes inside a cluster, and a cloud native data protection solution should be application-centric and not infrastructure-centric.

GraphQL is a declarative query language that simplifies retrieving data from an application's back end. It provides a clear and comprehensive description of the data in your API, giving you the ability to request only what you need. This makes it easy to evolve APIs over time and enables powerful developer tools.

With globally distributed applications (and teams), the job of software architect isn’t getting any easier; applications are growing increasingly complex, and architects are spread thin. You can’t be involved with every decision. You must empower your teams while ensuring they make good choices. How do you do that? How can frameworks, such as Spring for Java and Steeltoe for.NET, not only make your life easier but also help your teams deliver robust applications to production?

As enterprises see the need to accelerate their software development processes, traditional operations teams are evolving to become platform engineering teams. These teams are tasked with designing and building self-service platforms for development teams that reduce the amount of work required to build, deploy and operate software securely, all while accelerating the development teams in delivering business outcomes.