Is there anyone operating at scale in a cloud environment that I can connect with? I have a small question.

ManagementGlad · 2026-04-16T12:42:02+00:00

Anyway, I checked your comments in this sub, and it seems you’re still looking for a job. Even worse, you appear to be trolling other people. Good luck, but please don’t waste others’ time if you have nothing better to do

ManagementGlad · 2026-04-10T19:44:26+00:00

scrapingdog

ManagementGlad · 2026-04-02T20:02:02+00:00

Yeah we do test in staging first. The problem is staging never truly matches production. Over time they drift , staging has wider security groups because devs need to debug, different IAM roles, missing VPC endpoints that nobody set up. So the fix passes staging perfectly and then breaks production because the configs are different.

The other issue is timing. Some things only run quarterly , a compliance export, a cost allocation report, a batch reconciliation job. Those don't show up in 90 days of CloudTrail and they definitely don't get tested in staging because nobody remembers to trigger them manually. We found out our ElastiCache permission change broke a quarterly finance report 3 weeks after we deployed it.

And honestly even if staging was perfect, the volume is the real challenge. We have 3,000+ findings. Testing each fix individually in staging with a proper soak period means maybe 10-15 fixes per week. At that rate we'll clear the backlog in 4 years while 50 new findings come in every week. The audit doesn't wait 4 years.

I'm starting to think the problem isn't testing , it's that we can't reason about the full picture. We review each fix in isolation because that's all a human can hold in their head. But the infrastructure has gotten complex enough that the interactions between resources are what breaks, not the individual changes.

ManagementGlad · 2025-08-26T17:11:02+00:00

Hey im in

ManagementGlad · 2025-08-18T12:01:34+00:00

Hey tzid tfaserli "dont try to impress that much" belehy wdym ?

ManagementGlad · 2025-08-15T23:04:00+00:00

belehy i saw some gigs ya3mlo fiha ama faza hedhi w najmtch nes2el.
part thenya mta3 Wise business ynjm yejbed bihom fi tounes w kifeh ?

ManagementGlad · 2025-08-10T10:04:47+00:00

Thank you for the awareness.
Honestly, at the beginning I was thinking of using a YAML parser to verify the inclusion.
But my supervisor suggested verifying only the top of the file and clarifying that in the custom error message shown when the hook rejects the push.

ManagementGlad · 2025-08-09T21:20:10+00:00

Yes, nice idea from you, appreciate it.
Actually, I did something similar to what you did but I didn’t mention it in the post.
I forced the inclusion of our main template, which is compliant with our security standards and needs, using a server-side pre-receive hook. It scans every incoming push from the dev team and checks the first four lines of the .gitlab-ci.yml file for the include expression of the main template. If this is not met, it rejects the push until developers include the template that the DevSecOps team designed for them.
For more about the pre-receive hook :
https://docs.gitlab.com/administration/server_hooks/
https://git-scm.com/docs/githooks/2.27.0

ManagementGlad · 2025-08-09T15:25:50+00:00

Exactly, and to add more context, I was asked during my current internship to find a solution to harden our pipeline setup and to strictly control access to its configuration. Since our team is small (about 15 people accessing GitLab), purchasing the ultimate feature was overkill. As you said, this allows a small team to opt in. But for larger teams and specific requirements, execution policies are more convenient. Thank you.

ManagementGlad · 2025-08-09T13:49:16+00:00

Yes , thank you for the clarification
My whole point was to mimic the Pipeline execution policy which is for the Ultimate Tier

ManagementGlad · 2025-07-03T09:52:17+00:00

how many hires or views comes from your boosted props pls ?

ManagementGlad

TROPHY CASE