DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers
With the rise of DevOps, low-cost cloud computing, and container technologies, the way Java developers approach development today has changed dramatically. This practical guide helps you take advantage of microservices, serverless, and cloud native technologies using the latest DevOps techniques to simplify your build process and create hyperproductive teams.

Stephen Chin, Melissa McKay, Ixchel Ruiz, and Baruch Sadogursky from JFrog help you evaluate an array of options. The list includes source control with Git, build declaration with Maven and Gradle, CI/CD with CircleCI, package management with Artifactory, containerization with Docker and Kubernetes, and much more. Whether you're building applications with Jakarta EE, Spring Boot, Dropwizard, MicroProfile, Micronaut, or Quarkus, this comprehensive guide has you covered.

  • Explore software lifecycle best practices
  • Use DevSecOps methodologies to facilitate software development and delivery
  • Understand the business value of DevSecOps best practices
  • Manage and secure software dependencies
  • Develop and deploy applications using containers and cloud native technologies
  • Manage and administrate source control repositories and development processes
  • Use automation to set up and administer build pipelines
  • Identify common deployment patterns and antipatterns
  • Maintain and monitor software after deployment
1139092498
DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers
With the rise of DevOps, low-cost cloud computing, and container technologies, the way Java developers approach development today has changed dramatically. This practical guide helps you take advantage of microservices, serverless, and cloud native technologies using the latest DevOps techniques to simplify your build process and create hyperproductive teams.

Stephen Chin, Melissa McKay, Ixchel Ruiz, and Baruch Sadogursky from JFrog help you evaluate an array of options. The list includes source control with Git, build declaration with Maven and Gradle, CI/CD with CircleCI, package management with Artifactory, containerization with Docker and Kubernetes, and much more. Whether you're building applications with Jakarta EE, Spring Boot, Dropwizard, MicroProfile, Micronaut, or Quarkus, this comprehensive guide has you covered.

  • Explore software lifecycle best practices
  • Use DevSecOps methodologies to facilitate software development and delivery
  • Understand the business value of DevSecOps best practices
  • Manage and secure software dependencies
  • Develop and deploy applications using containers and cloud native technologies
  • Manage and administrate source control repositories and development processes
  • Use automation to set up and administer build pipelines
  • Identify common deployment patterns and antipatterns
  • Maintain and monitor software after deployment
65.99 In Stock
DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers

DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers

DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers
Add to Wishlist
DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers

DevOps Tools for Java Developers: Best Practices from Source Code to Production Containers

Overview

With the rise of DevOps, low-cost cloud computing, and container technologies, the way Java developers approach development today has changed dramatically. This practical guide helps you take advantage of microservices, serverless, and cloud native technologies using the latest DevOps techniques to simplify your build process and create hyperproductive teams.

Stephen Chin, Melissa McKay, Ixchel Ruiz, and Baruch Sadogursky from JFrog help you evaluate an array of options. The list includes source control with Git, build declaration with Maven and Gradle, CI/CD with CircleCI, package management with Artifactory, containerization with Docker and Kubernetes, and much more. Whether you're building applications with Jakarta EE, Spring Boot, Dropwizard, MicroProfile, Micronaut, or Quarkus, this comprehensive guide has you covered.

  • Explore software lifecycle best practices
  • Use DevSecOps methodologies to facilitate software development and delivery
  • Understand the business value of DevSecOps best practices
  • Manage and secure software dependencies
  • Develop and deploy applications using containers and cloud native technologies
  • Manage and administrate source control repositories and development processes
  • Use automation to set up and administer build pipelines
  • Identify common deployment patterns and antipatterns
  • Maintain and monitor software after deployment

Product Details

ISBN-13: 9781492084020
Publisher: O'Reilly Media, Incorporated
Publication date: 05/24/2022
Pages: 341
Product dimensions: 7.00(w) x 9.19(h) x 0.72(d)

About the Author

Stephen Chin is Head of Developer Relations at JFrog and author of The Definitive Guide to Modern Client Development, Raspberry Pi with Java, and Pro JavaFX Platform. He has keynoted numerous Java conferences around the world including Devoxx, JNation, JavaOne, Joker, and Open Source India. Stephen is an avid motorcyclist who has done evangelism tours in Europe, Japan, and Brazil, interviewing hackers in their natural habitat. When he is not traveling, he enjoys teaching kids how to do embedded and robot programming together with his teenage daughter. You can follow his hacking adventures at: http://steveonjava.com/.

Melissa McKay is currently a Developer Advocate with the JFrog Developer Relations team. She has been active in the software industry 20 years and her background and experience spans a slew of technologies and tools used in the development and operation of enterprise products and services. Melissa is a mom, software developer, Java geek, huge promoter of Java UNconferences, and is always on the lookout for ways to grow, learn, and improve development processes. She is active in the developer community, has spoken at CodeOne, Java Dev Day Mexico and assists with organizing the JCrete and JAlba Unconferences as well as Devoxx4Kids events.

Ixchel Ruiz has developed software applications and tools since 2000. Her research interests include Java, dynamic languages, client-side technologies, and testing. She is a Java Champion, Groundbreaker Ambassador, Hackergarten enthusiast, open source advocate, JUG leader, public speaker, and mentor.

Baruch Sadogursky (a.k.a JBaruch) is the Chief Sticker Officer @JFrog (also, Head of DevOps Advocacy) at JFrog. His passion is speaking about technology. Well, speaking in general, but doing it about technology makes him look smart, and 19 years of hi-tech experience sure helps. When he’s not on stage (or on a plane to get there), he learns about technology, people and how they work, or more precisely, don’t work together.

He is a co-author of the Liquid Software book, a CNCF ambassador and a passionate conference speaker on DevOps, DevSecOps, digital transformation, containers and cloud-native, artifact management and other topics, and is a regular at the industry’s most prestigious events including DockerCon, Devoxx, DevOps Days, OSCON, Qcon, JavaOne and many others. You can see some of his talks at jfrog.com/shownotes

Table of Contents

Foreword ix

Preface xiii

1 DevOps for (or Possibly Against) Developers 1

DevOps Is a Concept Invented by the Ops Side 2

Exhibit 1: The Phoenix Project 2

Exhibit 2: The DevOps Handbook 2

Google It 4

What Does It Do? 4

State of the Industry 5

What Constitutes Work? 6

If We're Not About Deployment and Operations, Then Just What Is Our Job? 6

Just What Constitutes "Done"? 7

Rivalry? 7

More Than Ever Before 8

Volume and Velocity 9

Done and Done 9

Float Like a Butterfly… 10

Integrity, Authentication, and Availability 11

Fierce Urgency 12

The Software Industry Has Fully Embraced DevOps 12

Making It Manifest 13

We All Got the Message 14

2 The System of Truth 15

Three Generations of Source Code Management 16

Choosing Your Source Control 18

Making Your First Pull Request 22

Git Tools 26

Git Command-Line Basics 27

Git Command-Line Tutorial 31

Git Clients 32

Git IDE Integration 35

Git Collaboration Patterns 38

Git-flow 38

GitHub Flow 41

GitLab Flow 42

OneFlow 43

Trunk-Based Development 44

Summary 44

3 An Introduction to Containers 47

Understanding the Problem 48

The History of Containers 49

Why Containers? 52

Intro to Container Anatomy 55

Docker Architecture and the Container Runtime 58

Docker on Your Machine 62

Basic Tagging and Image Version Management 68

Image and Container Layers 69

Best Image Build Practices and Container Gotchas 71

Respect the Docker Context and .dockerignore File 71

Use Trusted Base Images 72

Specify Package Versions and Keep Up with Updates 73

Keep Your Images Small 73

Beware of External Resources 74

Protect Your Secrets 75

Know Your Outputs 75

Summary 75

4 Dissecting the Monolith 77

Cloud Computing 79

Microservices 80

Antipatterns 80

DevOps and Microservices 82

Microservice Frameworks 83

Spring Boot 84

Micronaut 90

Quarkus 94

Helidon 97

Serverless 100

Setting Up 102

Summary 109

5 Continuous Integration 111

Adopt Continuous Integration 112

Declaratively Script Your Build 114

Build with Apache Ant 117

Build with Apache Maven 120

Build with Gradle 123

Continuously Build 126

Automate Tests 127

Monitor and Maintain Tests 128

Summary 129

6 Package Management 131

Why Build-It-and-Ship-It Is Not Enough 132

It's All About Metadata 133

Key Attributes of Insightful Metadata 133

Metadata Considerations 134

Determining the Metadata 135

Capturing Metadata 135

Writing the Metadata 138

Dependency Management Basics for Maven and Gradle 142

Dependency Management with Apache Maven 142

Dependency Management with Gradle 155

Dependency Management Basics for Containers 160

Artifact Publication 162

Publishing to Maven Local 162

Publishing to Maven Central 164

Publishing to Sonatype Nexus Repository 167

Publishing to JFrog Artifactory 167

Summary 167

7 Securing Your Binaries 169

Supply Chain Security Compromised 169

Security from the Vendor Perspective 171

Security from the Customer Perspective 171

The Full Impact Graph 171

Securing Your DevOps Infrastructure 172

The Rise of DevSecOps 172

The Role of SREs in Security 173

Static and Dynamic Security Analysis 174

Static Application Security Testing 174

Dynamic Application Security Testing 175

Comparing SAST and DAST 177

Interactive Application Security Testing 178

Runtime Application Self-Protection 179

SAST, DAST, IAST, and RASP Summary 180

The Common Vulnerability Scoring System 181

CVSS Basic Metrics 181

CVSS Temporal Metrics 182

CVSS Environmental Metrics 183

CVSS in Practice 183

Scoping Security Analysis 184

Time to Market 184

Make or Buy 184

One-Time and Recurring Efforts 186

How Much Is Enough? 186

Compliance Versus Vulnerabilities 186

Vulnerabilities Can Be Combined into Different Attack Vectors 187

Vulnerabilities: Timeline from Inception Through Production Fix 188

Test Coverage Is Your Safety Belt 190

Quality Gate Methodology 191

Quality Gate Strategies 192

Fit with Project Management Procedures 193

Implementing Security with the Quality Gate Method 193

Risk Management in Quality Gates 194

Practical Applications of Quality Management 195

Shift Security Left 195

Not All Clean Code Is Secure Code 197

Effects on Scheduling 198

The Right Contact Person 198

Dealing with Technical Debt 198

Advanced Training on Secure Coding 199

Milestones for Quality 199

The Attacker's Point of View 199

Methods of Evaluation 200

Be Aware of Responsibility 201

Summary 201

8 Deploying for Developers 203

Building and Pushing Container Images 204

Managing Container Images by Using Jib 205

Building Container Images with Eclipse JKube 207

Deploying to Kubernetes 210

Local Setup for Deployment 212

Generate Kubernetes Manifests by Using Dekorate 213

Generate and Deploy Kubernetes Manifests with Eclipse JKube 216

Choose and Implement a Deployment Strategy 219

Managing Workloads in Kubernetes 225

Setting Up Health Checks 226

Adjusting Resource Quotas 231

Working with Persistent Data Collections 233

Best Practices for Monitoring, Logging, and Tracing 234

Monitoring 237

Logging 240

Tracing 241

High Availability and Geographic Distribution 245

Hybrid and MultiCloud Architectures 248

Summary 249

9 Mobile Workflows 251

Fast-Paced DevOps Workflows for Mobile 253

Android Device Fragmentation 255

Android OS Fragmentation 256

Building for Disparate Screens 258

Hardware and 3D Support 261

Continuous Testing on Parallel Devices 265

Building a Device Farm 266

Mobile Pipelines in the Cloud 270

Planning a Device-Testing Strategy 275

Summary 276

10 Continuous Deployment Patterns and Antipatterns 279

Why Everyone Needs Continuous Updates 279

User Expectations on Continuous Updates 280

Security Vulnerabilities Are the New Oil Spills 281

Getting Users to Update 287

Case Study: Java Six-Month Release Cadence 288

Case Study: iOS App Store 291

Continuous Uptime 294

Case Study: Cloudflare 294

The Hidden Cost of Manual Updates 300

Case Study: Knight Capital 300

Continuous Update Best Practices 302

Index 305

From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Computer Programming
Programming Languages
Network Programming
Java (Programming Language)
Java (Computer program language)
Computers
Computer Programming
Programming Languages
Network Programming
Java (Programming Language)
Java (Computer program language)

Customer Reviews