Throughout my career within the compliance and security space, I’ve seen the practice of proactively managing digital risk move from a nice-to-have to a must-have for enterprise organizations. And over the last 5 years, things have shifted drastically. Personally, it reminds me of the classic “Dry Bones” nursery rhyme song that my son loves so much which points out how all the different bones are connected to make one body.

Using modules, you can add custom promise types to CFEngine, to manage new resources. In this blog post, I’d like to introduce some of the first official modules, namely git and systemd promise types. They were both written by Fabio Tranchitella, who normally works on our other product, Mender.io. He decided to learn some CFEngine and within a couple of weeks he’s contributed 3 modules, showing just how easy it is to implement new promise types. Thanks, Fabio!

If you are using HAProxy 2.0 or newer, it is important that you update to the latest version. A vulnerability was found that makes it possible to abuse the HTTP/2 parser, allowing an attacker to prepend hostnames to a request, append top-level domains to an existing domain, and inject invalid characters through the :method pseudo-header.

In the Kubernetes ecosystem there are a variety of ways for you to provision your cluster, and which one you choose generally depends on how well it integrates with your existing knowledge or your organization’s established tools. Kubespray is a tool built using Ansible playbooks, inventories, and variable files—and also includes supplemental tooling such as Terraform examples for provisioning infrastructure.

At Sportsbet, an Australian online betting company with more than 1.25 million customers, one thing we’re not willing to take a gamble on is customer security. That means having strict identity and access management protocols in place to protect customer data and get better visibility into whom our employees are and what they have access to.

If you’re a developer who lives and breathes code all day, you probably don’t mind having to write complex configuration files to set up an automation tool or configure a management policy. But the fact is that many of the stakeholders who stand to benefit from security automation are not developers.

I recently had a minor task involving changing an option - on one of our command line tools - from taking a required argument, to taking an optional argument. This should be easy they said; just change the respective option struct to take an optional argument, add a colon to the optstring, and get on with your life. Well, it proved to be easier said than done. My initial expectation was that a solution similar to the one below should just work. And it does work, just not in the way I expected.

Open Source Robotics Challenges is a series of blogs that will share guidelines and advice for open source companies to overcome market barriers. We will touch on topics regularly raised by companies in our open source community such as security awareness, prototyping strategies, safety architecture, adoption and more.