I’m a regular user of GitHub. Recently I discovered GitHub also has a build-in CI/CD workflow solution called GitHub Actions. Curious about how this would work I decided to try it out. I had previously build a Jenkins Pipeline to perform several static and dynamic application security tests on a Java project […]
Maarten Smeets
Maarten is a software architect and Oracle ACE. Over the past years he has worked for numerous customers in the Netherlands in developer, analyst and architect roles on topics like software delivery, performance, security and other integration related challenges. Maarten is passionate about his job and likes to share his knowledge through publications, frequent blogging and presentations.
OWASP ZAP: A quick introduction to a versatile open source DAST tool
OWASP ZAP (Zed Attack Proxy) is an open source dynamic application security testing (DAST) tool. It is available here and has a website with documentation here. I recently encountered it when looking for open source security test tools to embed in a CI/CD pipeline (here). I was surprised by how versatile this tool […]
Java Security: Open Source tools for use in CI/CD pipelines
It is often expected of a DevOps team to also take security into consideration when delivering software. Often however, this does not get the attention it deserves. In this blog post I’ll describe some easy to use, CI/CD pipeline friendly, open source tools you can use to perform several checks […]
Java Agent: Rewrite Java code at runtime using Javassist
You might want to change the behavior of a Java application at runtime without having to alter the original sources and recompile them. This can be done by using a Java Agent. Java Agents are used by several products. Dynatrace uses for example a Java Agent to collect data from inside […]
Python: A Google Translate service using Playwright
There are a lot of use-cases in which you might want to automate web-browser actions. For example to automate tedious repetitive tasks or to perform automated tests of front-end applications. There are several tools available to do this such as Selenium, Cypress and Puppeteer. Several blog posts (such as here) […]
Jenkins Pipeline: SonarQube and the OWASP Dependency-Check
The OWASP Foundation plays an important role in helping to improve security of software worldwide. They have created a popular and well-known awareness document called the ‘OWASP Top 10‘. This document lists the following risk: using components with known vulnerabilities. Software nowadays can be quite complex consisting of many direct and […]
Surprisingly easy: Anchore Engine for container vulnerability scanning in a Jenkins pipeline running on Kubernetes
Anchore Engine is a popular open source tool for container image inspection and vulnerability scanning. It is easily integrated in a Kubernetes environment as an admission controller or in a Jenkins build pipeline using a plugin. A while ago I took a look at Anchore Engine and created a small introductory presentation and Katacoda scenario for […]
Jenkins: Building Java and deploying to Kubernetes
Kubernetes is a popular platform to run and manage containerized applications. A CI/CD solution is often needed but not always provided. You might need to set this up for yourself. In this blog post I’ll provide a minimal end-to-end solution for Java applications. This starts with a commit in source […]
OpenEBS: cStor storage engine on KVM
OpenEBS provides a Kubernetes native distributed storage solution which is friendly on developers and administrators. It is completely open source and part of the CNCF. Previously I wrote about installing and using OpenEBS, Jiva storage engine, on the Charmed Kubernetes distribution of Canonical. The Jiva storage class uses storage inside managed […]
Production-like Kubernetes on your laptop. Kubespray on KVM
There are various options to install a production-like Kubernetes distribution on your laptop. Previously I tried out using the Canonical stack (Juju, MAAS, Charmed Kubernetes) for this. This worked nicely but it gave me the feeling that it was a bit Canonical specific and it felt a bit heavy on resources at […]
Anchore Engine: Container image vulnerability scanning
Applications nowadays, are usually deployed inside containers. A container consists of libraries and tools which allow the application to run inside. Since there can be exploitable vulnerabilities, it is not only important to take security into account for your application, but also for the container it runs in. There are […]
OBS Studio + Snap Camera: Putting yourself in your presentation live for free!
When giving online presentations, it helps for personal marketing if people can see you on the screen. Various tools provide features which help you achieve that, for example Microsoft Teams. Sometimes though you do not have that available or want to be able to do more than what the tool […]
OpenEBS: Create persistent storage in your Charmed Kubernetes cluster quick and easy!
As a developer I wanted to experiment with Kubernetes environments which approximate production deployments. In order to do that I wanted a distributed storage solution and chose OpenEBS. Mainly because it was easy to get started and quick to get up and running. In this blog post I’ll describe how […]
Charmed Kubernetes on KVM using MAAS and Juju
Coming to this solution was a journey. I was looking for a Kubernetes installation which was easy to deploy and cleanup on my own laptop (I didn’t want to have to pay for a hosted solution). I did want a solution which was more or less production-like because I wanted […]
Quick and easy: A multi-node Kubernetes cluster on CentOS 7 + QEMU/KVM (libvirt)
Kubernetes is a popular container orchestration platform. As a developer understanding the environment in which your application is going to run is important since this can help you use available services of the platform and fix issues. There are several options to run Kubernetes locally to get some experience with […]
Spring: Blocking vs non-blocking: R2DBC vs JDBC and WebFlux vs Web MVC
Spring Framework version 5, released in Sept 2017, introduced Spring WebFlux. A fully reactive stack. In Dec 2019 Spring Data R2DBC was released, an incubator to integrate relational databases using a reactive driver. In this blog post I’ll show that at high concurrency, WebFlux and R2DBC perform better. They have […]
The size of Docker images containing OpenJDK 11.0.6
When running Java applications in containers, you need to be careful with your resources. If you’re not careful with layering your images (for example using Google’s Jib), you can quickly get into disk-space issues, especially when your base image and/or application gets updated regularly. One of the ways you can save […]
Performance of relational database drivers. R2DBC vs JDBC
R2DBC provides non-blocking reactive APIs to relational database programmers in Java. It is an open specification, similar to JDBC. JDBC however uses a thread per connection while R2DBC can handle more connections using less threads (and thus potentially use less memory). This could also mean threads are available to do other […]
Secure browsing using a local SOCKS proxy server (on desktop or mobile) and an always free OCI compute instance as SSH server
Oracle provides several services as ‘always free’. In contrast to Azure and Amazon, these include compute instances which remain ‘forever’ free to use. Although there are some limitations on CPU, disk, network resources, these instances are ideal to use as a remote SSH server and with a little effort a […]
HTTP benchmarking using wrk. Parsing output to CSV or JSON using Python
wrk is a modern HTTP benchmarking tool. Using a simple CLI interface you can put simple load on HTTP services and determine latency, response times and the number of successfully processed requests. It has a LuaJIT scripting interface which provides extensibility. A distinguishing feature of wrk compared to for example ab […]
pgAdmin in Docker: Provisioning connections and passwords
pgAdmin is a popular open source and feature rich administration and development platform for PostgreSQL. When provisioning Postgres database environments using containers, it is not unusual to also provision a pgAdmin container. The pgAdmin image provided on Docker Hub does not contain any server connection details. When your pgAdmin container […]
Apache Camel + Spring Boot: Different components to expose HTTP endpoints
Apache Camel is an open source integration framework that allows you to integrate technologically diverse systems using a large library of components. A common use-case is to service HTTP based endpoints. Those of course come in several flavors and there is quite a choice in components to use. In this blog post […]
Java Microservices: What do you need to tweak to optimize throughput and response times?
Performance tuning usually goes something like followed: a performance problem occurs an experienced person knows what is probably the cause and suggests a specific change baseline performance is determined, the change is applied, and performance is measured again if the performance has improved compared to the baseline, keep the change, […]
Oracle Database: Write arbitrary log messages to the syslog from PL/SQL
Syslog is a standard for message logging, often employed in *NIX environments. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type generating the message, and assigned […]
Calling an Oracle DB stored procedure from Spring Boot using Apache Camel
There are different ways to create data services. The choice for a specific technology to use, depends on several factors inside the organisation which wishes to realize these services. In this blog post I’ll provide a minimal example of how you can use Spring Boot with Apache Camel to call […]
Microservice framework startup time on different JVMs (AOT and JIT)
When developing microservices, a fast startup time is useful. It can for example reduce the amount of time a rolling upgrade of instances takes and reduce build time thus shortening development cycles. When running your code using a ‘serverless’ framework such as for example Knative or FnProject, scaling and getting […]
Apache Camel and Spring Boot: Calling multiple services in parallel and merging results
Sometimes you have multiple services you want to call at the same time and merge their results when they’re all in (or after a timeout). In Enterprise Integration Patterns (EIP) this is a Splitter followed by an Aggregator. I wanted to try and implement this in Spring Boot using Apache Camel so I […]
A transparent Spring Boot REST service to expose Oracle Database logic
Sometimes you have an Oracle database which contains a lot of logic and you want to expose specific logic as REST services. There are a variety of ways to do this. The most obvious one to consider might be Oracle REST Data Services. ORDS is quite powerful and for example supports […]
Graceful shutdown of forked workers in Python and JavaScript running in Docker containers
You might encounter a situation where you want to fork a script during execution. For example if the amount of forks is dependent on user input or another specific situation. I encountered such a situation in which I wanted to put load on a service using multiple concurrent processes. In […]
Performance! 3 reasons to stick to Java 8 for the moment
It is a smart thing to move to newer versions of Java! Support such as security updates and new features are just two of them but there are many more. Performance might be a reason to stick to Java 8 though. In this blog post I’ll show some results of […]
6 tips to make your life with Vagrant even better!
HashiCorp Vagrant is a great tool to quickly get up and running with a development environment. In this blog post I’ll give some tips to make your life with Vagrant even better! You can find an example which uses these tips here.
Filesystem events to Elasticsearch / Kibana through Kafka Connect / Kafka
Filesystem events are useful to monitor. They can indicate a security breach. They can also help understanding how a complex system works by looking at the files it reads and writes. When monitoring events, you can expect a lot of data to be generated quickly. The events might be interesting […]
Minikube on KVM on Linux Mint 19.1
In a previous blog post I wrote about running Minikube on Windows. I ended with the suggestion that getting Minikube working might be much easier on Linux. Thus I installed Linux Mint (as dual-boot) on my laptop and gave it a shot. The steps I took to get it working […]
Minikube on Windows. Hyper-V vs Vagrant/VirtualBox
Kubernetes is a system for running and coordinating containerized applications across a cluster of machines. Minikube runs a single-node Kubernetes cluster and can be used for local development. In this blog post I’ll compare 2 different ways to get a working Minikube environment on Windows based on experience with a […]
JVM performance: OpenJ9 uses least memory. GraalVM most. OpenJDK distributions differ
In a previous blog post I created a setup to compare JVM performance of several JVMs. I received some valuable feedback on the measures I conducted and requests to add additional JVMs. In this second post I’ll look at some more JVMs and I’ve added some measures like process memory […]
Comparing JVM performance; Zulu OpenJDK, OpenJDK, Oracle JDK, GraalVM CE
There are many different choices for a JVM for your Java application. Which would be the best to use? This depends on various factors. Performance being an important one. Solid performance research however is difficult. In this blog I’ll describe a setup I created to perform tests on different JVMs […]
Monitoring Spring Boot applications with Prometheus and Grafana
In order to compare the performance of different JDKs for reactive Spring Boot services, I made a setup in which a Spring Boot application is wrapped in a Docker container. This makes it easy to create different containers for different JDKs with the same Spring Boot application running in it. […]
Running Reactive Spring Boot on GraalVM in Docker
GraalVM is an open source polyglot VM which makes it easy to mix and match different languages such as Java, Javascript and R. It has the ability (with some restrictions) to compile code to native executables. This of course offers great performance benefits. Recently, GraalVM Docker files and images have […]
Securing Oracle Service Bus REST services with OAuth2 client credentials flow (without using additional products)
OAuth2 is a popular authentication framework. As a service provider it is thus common to provide support for OAuth2. How can you do this on a plain WebLogic Server / Service Bus without having to install additional products (and possibly have to pay for licenses)? If you just want to […]
Docker host and bridged networking. Running library/httpd on different ports
Docker provides different networking options. When using the Docker host networking, you don’t have the option to create port mappings. When using images like library/httpd:2.4, you don’t have the option to update the port on which it runs; it runs by default on port 80. Suppose you want to use […]