From f29cd9ec17f63f68f43ae95a60eb10aaf9fe45e4 Mon Sep 17 00:00:00 2001 From: Martin Lindefors Date: Thu, 12 Sep 2024 17:05:20 +0200 Subject: [PATCH 1/2] Week 6 Demo Proposal --- .../demo/week6/melvinj-lindefor/README.md | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 contributions/demo/week6/melvinj-lindefor/README.md diff --git a/contributions/demo/week6/melvinj-lindefor/README.md b/contributions/demo/week6/melvinj-lindefor/README.md new file mode 100644 index 0000000000..94e1c2f0fa --- /dev/null +++ b/contributions/demo/week6/melvinj-lindefor/README.md @@ -0,0 +1,26 @@ +# Assignment Proposal + +## Title + +Ensuring the integrity and source of software packages + +## Names and KTH ID + +- Martin Lindefors (lindefor@kth.se) +- Melvin Jakobsson (melvinj@kth.se) + +## Deadline + +- Week 6 + +## Category + +- Demo + +## Description + +We intend to demonstrate how easy it can be to fall victim to attacks such as typosquatting or dependency confusion. We will do this by creating two bogus packages in `pip` & `npm` and highlight some weaknesses in those package managers. We will then show how to cryptographically verify the authenticity of packages using Sigstore & `npm audit`. Finally we will end with a note on the importance of verifying the origin of software, an often overlooked aspect of software development. + +**Relevance** + +Since the demo will include both package managers and software verification it is relevant for both of this weeks topics. In particular, verifying the origin of software packages is more relevant than ever because of the widespread nature of package managers and the comfortability of outsourcing code to these packages. Furthermore, there are several examples of attacks related to package managers. \ No newline at end of file From 5677c1f308491f21d2d51cc9f4df76f6357833ff Mon Sep 17 00:00:00 2001 From: Martin Lindefors Date: Mon, 23 Sep 2024 16:12:56 +0200 Subject: [PATCH 2/2] tutorial proposal --- .../executable-tutorial/tljun-lindefor | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 contributions/executable-tutorial/tljun-lindefor diff --git a/contributions/executable-tutorial/tljun-lindefor b/contributions/executable-tutorial/tljun-lindefor new file mode 100644 index 0000000000..04aabe5886 --- /dev/null +++ b/contributions/executable-tutorial/tljun-lindefor @@ -0,0 +1,26 @@ +# Assignment Proposal + +## Title + +Working with Kubernetes and Docker to deploy and scale a web application + +## Names and KTH ID + +- Tobias Ljunggren (tljun@kth.se) +- Martin Lindefors (lindefor@kth.se) + +## Deadline + +- Task 2 + +## Category + +- executable-tutorial + +## Description + +This tutorial provides a guide to building, containerizing, and deploying a Node.js application using Docker and Kubernetes on a single local system. Participants will start by creating a small Node.js application. They will then learn how to create a Dockerfile to containerize the application and run it locally to verify functionality. The tutorial continues with setting up a local Kubernetes cluster using Minikube. Participants will deploy the Docker container to Kubernetes, expose it via a Service, and scale the application by increasing the number of replicas. + +**Relevance** + +This tutorial is relevant to DevOps since it teaches important skills in containerization and orchestration using Docker and Kubernetes. By learning how to build, deploy, and scale applications in a consistent and automated way, tutorial participants will be more prepared to work in complex application environments. Furthermore, Docker is a DevOps tool that everyone should be familiar with, and Kubernetes is required for scaling up a growing application. \ No newline at end of file