The latest articles on DEV Community by DKFM (@dkfm). https://dev.to/dkfm https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Forganization%2Fprofile_image%2F3644%2F64f7fec7-eb87-43a9-92c8-de0b6d16c79d.png https://dev.to/dkfm en DJ Schleen Sat, 29 May 2021 14:25:33 +0000 https://dev.to/dfkm/we-are-dkfm-making-devops-things-that-make-devops-things-easier-8o8 https://dev.to/dfkm/we-are-dkfm-making-devops-things-that-make-devops-things-easier-8o8 <p>DevOps, DevSecOps, Rainbow Monkey Unicorn Pony, it really doesn't matter what you call it but one thing is certain - every one of these practices relies on innovative tooling to shift quality issues left to developers. Innovation is something I needed to turn to as a Security Architect many years ago as I built and deployed DevSecOps practices to a few Fortune 10 healthcare organizations.</p> <p>When I met Julio Jimenez <a class="mentioned-user" href="https://dev.to/juliojimenez">@juliojimenez</a> we struck up a great friendship built on a shared vision of developing tools that would blur the line between Security and DevOps. We became <a href="https://www.amazon.com/Essentialism-Disciplined-Pursuit-Greg-McKeown/dp/0804137382">Essentialists</a> and adopted the mantra that security is just an attribute of quality. With that, we focused on developing tools that improve the quality of the code we built.</p> <p>After Dan Walsh joined DKFM we had our core team and our Open Source collective started gaining industry attention from the tools we were building. Dan brought the business savvy, leadership, product direction, and more Essentialism to our team.</p> <h2> Dropping the Code Hammer </h2> <p>Now that our core team was put together,Julio and I migrated a number of personal repositories we had been working on for the past few years to our new GitHub organization we named <a href="https://github.com/devops-kung-fu">DKFM</a>. </p> <p>The first project we worked on together as DKFM was <a href="https://github.com/devops-kung-fu/shs">SHS</a>, which is a tool that calculates a risk score based on vulnerabilities in source code and infrastructure and presents in the format of a credit score.</p> <p>Our second project was <a href="https://github.com/devops-kung-fu/domi">domi</a>. domi is one of our flagship codebases. It is a policy-as-code enforcer that analyzes infrastructure as code and configuration for policy violations. It integrates with GitHub and uses <a href="https://www.openpolicyagent.org/">Open Policy Agent</a> and <a href="https://github.com/open-policy-agent/conftest">conftest</a> to validate code on a Pull Request.</p> <p>Other projects followed such as <a href="https://github.com/devops-kung-fu/gardener">gardener</a> which generates images in markdown from <a href="https://plantuml.com">PlantUML</a> diagrams, <a href="https://github.com/devops-kung-fu/hookz">Hookz</a> which generates local action pipelines as git hooks that execute when interacting with the git command, and <a href="https://github.com/devops-kung-fu/hinge">Hinge</a> that builds dependabot.yaml files for any codebase that is used by GitHub's Dependabot supply chain scanning product. We've started or are working actively on many other projects. All to make DevOps things that make DevOps easier.</p> <h2> Join the Movement </h2> <p>As an open source collective <strong>anyone</strong> can join DKFM. All you need to do is contribute to any of our <a href="https://github.com/devops-kung-fu">DKFM</a> projects on GitHub. </p> <p>Come and help us make tools that shift left, integrate security as an attribute of quality, and lead by example with Essentialism and innovation.</p> devops automation tools cicd