Static application security testing (SAST) involves analyzing source code to identify and address potential security vulnerabilities. Using SAST early in development identifies threats before they can affect a live environment. SAST is particularly important for continuous integration and continuous deployment (CI/CD) pipelines. These pipelines automate the integration of new code changes into the main codebase and deploy applications to production environments.
Kubernetes is now the de-facto standard for container orchestration. With more and more organizations adopting Kubernetes, it is essential that we get our fundamental ops-infra in place before any migration. In this post, we will learn about leveraging Jenkins and Spinnaker to roll out new versions of your application across different Kubernetes clusters.
End-to-end visibility into pipelines is crucial for ensuring the health and performance of your CI system, especially at scale. Within extensive CI systems—which operate under the strain of numerous developers simultaneously pushing commits—even the slightest performance regression or uptick in failure rates can compound rapidly and have tremendous repercussions, causing major cost overruns and impeding release velocity across organizations.
CircleCI supports GitLab as a version control system (VCS). In this tutorial you will learn how to set up your first CircleCI CI/CD pipeline for a project hosted on GitLab. As GitLab can be used either as a SaaS tool, as well as self-managed on-premise installation, I will cover the steps to connect it with CircleCI for both.
To learn more about CircleCI or sign up for a free account, visit: https://circleci.com/signup/
One of the unique advantages of Codefresh is the easy way for sharing data between pipeline steps. In other CI solutions it is your responsibility to decide what files should be shared with the next pipeline step or not and you need to manually upload/download or save/restore the exact folders that need to be shared. This is not only cumbersome to setup but also super slow in the case of big artifacts.
At one particular time, a developer would spend a few months building a new feature. Then they’d go through the tedious soul-crushing effort of “integration.” That is, merging their changes into an upstream code repository, which had inevitably changed since they started their work. This task of Integration would often introduce bugs and, in some cases, might even be impossible or irrelevant, leading to months of lost work.
Yesterday we launched the third iteration of cloudsmith.com.
In our article on managing static credentials, we discussed the necessity of secrets — the passwords, tokens, and API keys that connect digital services together — and the importance of keeping them secure so that your infrastructure and data are kept safe from intrusion and misuse. For organizations delivering software at scale, managing credentials across multiple teams and projects can quickly become tedious and error-prone, creating bottlenecks and unnecessary risk.
Sleuth's new Goals dashboard helps teams set, track, and achieve their goals. Here's how it works.