I am Stéphane ROBERT, infrastructure engineer at Outscale France, working from Yffiniac in Brittany, France.
I spend my days hardening pipelines and my evenings writing about it. Everything I learn ends up in one of two places: a free tutorial on my blog, or a lab you can actually run from one of the repositories below. Nothing here is a demo that only works on my laptop.
The problem: most hands-on labs grade you on the commands you typed. Real exams — RHCSA, LFCS — grade the state of the machine, after a reboot. That gap is exactly where candidates fail.
dsoxlab is a domain-agnostic CLI framework driving training labs that live in their own repositories. Each catalog declares itself through a root meta.yml and one lab.yaml per lab, so adding a domain means writing a file, not patching the engine.
- Validation proves, it does not trust. Labs are graded on the actual state of the system with
pytest-testinfra, including persistence after reboot. - Three runtimes. A plain shell, an Incus container, or a full KVM/libvirt virtual machine — chosen per lab.
- Progress that sticks. Scores, hint costs and history persisted in a local SQLite database, XDG-compliant.
- Bilingual by design. Every user-facing string ships in English and French (
DSOXLAB_LANG=en|fr).
git clone https://github.com/stephrobert/dsoxlab.git && cd dsoxlab
uv tool install --editable .
dsoxlab doctor # diagnoses (and repairs) the local toolchain
git clone https://github.com/stephrobert/linux-dsoxlab-training.git && cd linux-dsoxlab-training
dsoxlab list-labs # the active catalog is detected from the repo's meta.ymlFree, in French, and updated far more often than this README. Roughly a hundred articles and a full DevOps course live at blog.stephane-robert.info.
- Une usine logicielle sécurisée sur Incus, pas sur Kubernetes 2026-07-06
- AWX n'a plus de release depuis deux ans : le risque et la solution 2026-07-03
- Chainguard Actions : une excellente initiative pour durcir vos GitHub Actions 2026-07-02
- Incus OS : j'ai monté un cluster sans jamais ouvrir l'interface 2026-07-01
- Strix : le pentester IA open-source à l'épreuve de la souveraineté 2026-06-26
- secure-python-pipeline
Python— Lab : API Python avec pipeline CI/CD securise (supply chain, SLSA, SBOM, cosign)
Self-hosted, runnable, no signup wall.
- linux-dsoxlab-training ★ 16 — Linux DevSecOps training (RHCSA + LFCS) driven by the dsoxlab CLI
- containers-training ★ 159 — Formation Conteneurisation Gratuite
- ansible-training ★ 107 — Une formation Ansible complète
- python-training ★ 41 — Une formation Python pour les Admin Sys
- github-actions-training ★ 5 — Hands-on training repository.
| Infrastructure as code | Terraform · OpenTofu · Pulumi · Packer · Vagrant |
| Configuration | Ansible · Chef / CINC · InSpec |
| Runtime | Kubernetes · Talos · K3s · Docker · Incus · KVM/libvirt |
| CI/CD | GitHub Actions · GitLab CI · Dagger |
| Supply chain | SLSA · SBOM · Cosign · Sigstore · Trivy · OpenSSF Scorecard · Semgrep |
| Observability | Prometheus · Grafana · Loki |
| Languages | Python · Go · Shell · HCL |
| Cloud | Outscale · AWS · GCP |
Why this page has no stats widget
Because the popular ones stopped working. github-readme-stats has been returning HTTP 503 since June 2026 and is no longer maintained; github-profile-trophy answers 402 and now relies on sixteen volunteer mirrors. Thousands of profiles are quietly displaying broken images right now — including, at the time of writing, its own author's.
Everything on this page is either a static SVG committed in this repository or a shields.io badge reflecting real state: a CI run, a release tag, an OpenSSF Scorecard rating. The counters at the top are computed from the GitHub API by build.py and committed by a scheduled workflow.
On a profile about supply chain security, not hotlinking someone else's free Vercel deployment seemed like the least I could do.
Rendered by build.py from README-TEMPLATE.j2 · refreshed daily by GitHub Actions





