As a company heavily invested in community, Snyk is not about hiring security practitioners, but around getting developers to embrace security best practices. On today’s episode of The New Stack Makers, TNS founder Alex Williams sat down with Snyk’s CEO Guy Podjarny to discuss the levels of abstraction in today’s infrastructures, how those impact developers, and the many ways in which infrastructure impacts how developers work with Kubernetes and AWS.
Developers are ultimately those that have to manage and understand what components and libraries are used. “I think it’s around drawing lines. So again, you have an app and written code. What is the app? The minimal description is you wrote code, you decorated it with libraries and a container, and moved it on its way.”
Podjarny went on to explain that now in the container and microservices world, that the key to managing these libraries is the question of whether libraries are infrastructure or code. When thinking of serverless, one is of course not managing servers themselves, but they have to pull in and patch libraries, handle permission management, and a lot of infrastructure-e components.
“We have these sprinkles of infrastructure strewn throughout our apps. They look like code, but they behave like infrastructure.”
Podjarny also noted that the way to differentiate these is by drawing lines and creating boundaries between the application itself, the container, and the service or mesh itself. In some areas, he noted, developers are able to draw these lines with ease. In others, one may need to create a lighter weight definition of the app, as dependencies may require an infrastructure management layer of functionality that defines what infrastructure layers are where. In addition to this, Podjarny stressed that developers need to start to evolve practices about how we handle these concepts when working with both Kubernetes and AWS.
In this Edition:
- 3:10: What is it about libraries and components we’re seeing now that is changing?
- 6:53: What are the sprinkles of infrastructure and how do you identify them?
- 10:23: Defining the blurring line between software, hardware, and how security impacts these infrastructures.
- 15:31: What philosophy do you bring toward topics we hear a lot about observability?
- 19:11: The emergence of behavioral-based security platforms.
- 22:54: How does today’s market speak toward the dual popularity of serverless architectures and Kubernetes?
The Cloud Foundry Foundation sponsored this podcast.