Operations | Monitoring | ITSM | DevOps | Cloud

CI CD

The latest News and Information on Continuous Integration and Development, and related technologies.

Security in DevOps Best Practices to Keep Your Pipeline Secure

Software development, DevOps practices have become a cornerstone for organizations looking to streamline their processes and deliver high-quality software. While the agility and efficiency DevOps brings to the table are undeniable, it’s essential to remember that security should never be compromised in the pursuit of speed. In fact, it should be an integral part of the entire DevOps lifecycle.

Risks and rewards of generative AI for software development

Generative artificial intelligence (AI) is a form of AI that can create new, original content such as text, code, images, video, and even music. Generative AI-powered tools like GitHub’s Copilot and OpenAI’s ChatGPT have the potential to revolutionize the way you develop software, enabling you to be more efficient and creative. Used in the right way, generative AI can streamline workflows, accelerate development cycles, and unlock the potential for innovation.

Migrating from Travis to Github Actions

For CFEngine we manage several public and private repositories of code in GitHub for our Open Source and Enterprise products. In order to ensure quality we run many checks on the code both with nightly builds as well as on each pull request. We use a Jenkins server for nightlies which also includes more extensive deployment tests on all of the platforms we support. Previously we had used Travis for many of these checks but that system started to show its age and limitations.

Key Principles of Successful DevOps Implementation

Software development, DevOps has emerged as a game-changer. It’s not just a buzzword; it’s a cultural and technological shift that allows organizations to accelerate their software delivery while maintaining high quality and reliability. However, successful DevOps implementation is not merely about adopting a set of tools or following a predefined set of rules. It’s a holistic approach that requires a deep understanding of key principles.

2023 State of DevOps Report Takeaways

Don: The debate is over - how should you structure your software teams? That question is now answered in this year's State of DevOps report 2023. Other questions answered include: How does AI affect my company and team performance? How can we quantify the impact of culture on performance burnout? What even is culture in the first place? All these things are included in the State of DevOps report 2023. We have a very special guest, Eric Maxwell from the DORA group, to offer his takes on the report.

The Dangers Lurking in Open Source Software

Our 1st blog in our series on securely consuming OSS. Today, I'll give an overview of some of the most common types of attacks from consuming OSS. Open-source software (OSS) fuels innovation. Over 96% of commercial applications rely on at least one OSS component (Synopsys, 2023). At Cloudsmith, we champion OSS and understand its indispensable role in today's software landscape. However, the escalating threat of supply chain attacks targeting OSS demands a robust defence.

What is Continuous Delivery? The Benefits of a Well-Tuned Continuous Delivery Software Pipeline

What is continuous delivery? And what are the benefits of the continuous delivery pipeline? This strategy has evolved in a world where platform engineering is on the rise and more and more organizations rely on automation through code to achieve their goals. Times have changed. Most organizations now rely on continuous delivery as an essential part of their development pipelines.

Introducing enhanced webhook security

We are excited to announce webhook secrets, a powerful new feature that will provide an extra layer of security for your webhook payloads in Bitbucket Cloud. With the ability to add secrets to webhooks, you can now sign webhook payloads to ensure they are coming from Bitbucket Cloud and protect against unauthorized access.