Tag: devops

A Software Bill of Materials tells you exactly what's in your software. Syft generates one, Grype scans it for CVEs. Together they're your supply chain paper trail.

Pulling unscanned images onto your server is a gamble. Trivy finds the CVEs. Cosign proves the image hasn't been swapped out. Here's how to add both to your workflow.

ELK does everything and wants all your memory. Loki does logging the Prometheus way — label indexes, not content — and runs on a fraction of the resources. Here's the honest comparison.

Cockpit is the modern systemd-native Linux admin panel. Webmin is the veteran that configures everything. Here's which one should be on your servers — and which shouldn't.

You're pulling container images from strangers on the internet. Trivy scans them for CVEs. Cosign proves they haven't been tampered with. Use both.

Prometheus scrapes metrics. Grafana makes them pretty. Alertmanager wakes you up at 2 AM. Here's how to wire all three together into a monitoring stack that actually works.

GitLab CE does everything and wants all your RAM. Gitea and Forgejo run on a Raspberry Pi. Here's which self-hosted git platform actually fits your setup.

Cache mounts, secret mounts, parallel stages — BuildKit turns your Dockerfile from a slow linear disaster into something that actually respects your time.

Docker networking confuses everyone at first. Here's the practical breakdown of bridge, host, overlay, and macvlan — with real Compose examples.

Learn how lazydocker and dive make Docker manageable from your terminal. TUI dashboards, image layer analysis, CI integration, and optimization tips.

Cloudflare rebuilt WordPress from scratch in TypeScript using AI agents. Sandboxed plugins, Astro themes, self-hostable. It's called EmDash and it's actually interesting.

logrotate keeps your /var/log from eating the disk — configure rotation schedules, compression, and retention for any service log.