Security in software is now everyone’s problem. We can no longer simply rely on InfoSec teams or your equivalent Gary “he-likes-security” to handle security-related processes and issues. All software, tools, infrastructure, and services need to be trusted. It is important to us at Cloudsmith to provide you with the ability to build that trust within your teams or with your customers. Cloudsmith allows you to use your own domain name for your repositories.
Bringing a new tool into an organization is no small task. Adopting a CI/CD tool, or any other tool should follow a period of research, analysis and alignment within your organization. In my last post, I explained how the precursor to any successful tool adoption is about people: alignment on purpose, getting some “before” metrics to support your assessment, and setting expectations appropriately.
The CircleCI API provides a gateway for developers to retrieve detailed information about their pipelines, projects, and workflows, including which users are triggering the pipelines. This gives developers great control over their CI/CD process by supplying endpoints that can be called to fetch information and trigger processes remotely from the user’s applications or automation systems.
Your continuous integration (CI) pipelines are at the core of the change management process for your applications. When set up correctly, the CI pipeline can automate many manual tasks to ensure that your application and the environments it runs in are consistent and repeatable. This pipeline can be an integral part of your security strategy if you use it to scan applications, containers, and infrastructure configuration for vulnerabilities.
CircleCI has released a new feature called CircleCI runner. The runner feature augments and extends the CircleCI platform capabilities and enables developers to diversify their build/workload environments. Diversifying build environments satisfies some of the specific edge cases mentioned in our CircleCI runner announcement.
“Serverless computing is a cloud-computing execution model in which the cloud provider runs the server, and dynamically manages the allocation of machine resources. Pricing is based on the actual amount of resources consumed by an application.” — “Serverless Computing”, Wikipedia This mundane description of serverless is perhaps an understatement of one of the major shifts in recent years.
If you are using a CI/CD tool, you likely are already familiar with workflows. Generally, workflows are a set of tasks, activities or processes that happen within a specific order. Within Codefresh, a popular workflow is to trigger Codefresh pipelines from Docker image push events. This moves the workflow forward from Continuous Integration to Continuous Deployment. Images can be promoted from one environment to the other through a variety of ways.
Building containers securely, reliably, and consistently at scale is a daunting task. Yet, it’s an imperative for organizations embracing the rapid delivery of high-quality software. This is the scenario addressed by VMware Tanzu Build Service, which can help any enterprise IT group build and update containers automatically. And it’s flexible enough to slot right into any incumbent CI/CD toolchain.
Code analysis tools are essential to gain an overview and understanding of the quality of your code. This post is going to cover the following While these tools target similar use cases, they differ in their implementation, ease of use, and documentation just to name a few. This post provides an overview of each tool as well as a detailed comparison to help analyse and decide which tool is best suited for your needs.
It’s finally happened. After months of whispers, JFrog have announced the sunsetting date for Bintray - their distribution add-on to their long-standing on-premises Artifactory product. It’s officially shutting down on May 1, 2021. Cloudsmith is a direct replacement for Bintray. And Artifactory. And their X-Ray product. Don’t get us wrong - JFrog has achieved a lot over the years and we would never publicly speak out against them.
In this article, we will build a CI/CD pipeline with the AWS Cloud Development Kit (CDK) and debug a test it using Dashbird’s observability tool. In 2021, continuous integration and continuous delivery, or short CI/CD, should be part of every modern software development process. It helps deliver new features and bug fixes much faster.