Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on Continuous Integration and Development, and related technologies.

How to integrate security checks into your deployment workflow

As software applications grow in scale and complexity, the surface areas for security vulnerabilities and exploits grow with it. Modern development practices include large amounts of code reuse. First, in the form of language-specific standard libraries such as the C++ STL, the Golang standard library, and Microsoft.NET. Second, in the form of open-source libraries found on places like Github. Much of this code is built using other libraries, introducing a web of dependencies into modern software.

Cloudsmith Raises $15m in Series A to Evolve the Future of Software Supply Chains

Today, we are excited to announce that Cloudsmith has secured $15 million of funding in our recent Series A round. This latest round will help us continue to build best-in-class technology for today’s software engineers and their organizations by evolving cloud-native package management and providing a secure, single source of truth for all software artifacts and assets.

Set Up a Remote Repository in Artifactory To Proxy Iron Bank Images

U.S. Department of Defense (DoD) teams that manage DevSecOps software factories or that use DevSecOps factories to develop, secure and operate mission applications, need a trusted repository management system to store their local artifacts as well as artifacts pulled from Iron Bank, the DoD’s central repository of hardened container images. Artifacts that are stored include VM images, container images, binary executables, archives, documentation and many more package types.

Delivering on Our Commitments to the Public Sector with Iron Bank Certification

Serving our customers in the public sector, including government agencies and contractors, is both a great honor and a major responsibility for JFrog. The applications and digital services that they release have a direct impact on the well-being of our communities, across critical areas including national defense, healthcare, public safety, education and more. Today, I’m proud to share that JFrog is further strengthening its position in the government sector with the U.S.

Continuous Deployment of Deno APIs to Heroku

The first time I was tasked with maintaining a production server, I relied on a checklist my predecessor had left for me. The checklist contained all the maintenance steps along with their corresponding commands. In those early days, I religiously copied each command, double- and triple-checking each character before pressing the Enter key. Slowly but surely, the commands got committed to memory until one day I realized I did not need the checklist.

Private Package Repositories Part 1: What's a package again?

Package repositories were never something I thought about as a developer unless something didn’t work. For example, if it was slow, wouldn’t connect, wouldn’t install, or was overly complicated to configure. Mostly I wanted something I barely noticed. Something simple and easy to use.

What's New in Software Supply Chain Security

With new software supply chain attacks reaching the spotlight at an accelerating pace, security research uncovering novel attack methods, and new mandates and guidelines starting to come into effect -- it can be hard to stay on top of the latest developments and their implications. Catch this session as we break down the recent news related to software supply chain security and what you can do to meet new requirements and protect your software from such attacks.