Operations | Monitoring | ITSM | DevOps | Cloud

May 2021

The Confident Commit | Episode 3: Taming infrastructure with HashiCorp's Armon Dadgar

CircleCI CTO and host of The Confident Commit podcast Rob Zuber is joined by HashiCorp co-founder and CTO Armon Dadgar for a conversation about the inspiration of HashiCorp, infrastructure challenges and opportunities, and the future of security. Listen along for the insight story of HashiCorp's origins and early days, as well as keen insights for managing infrastructure and ways to better deliver software to infrastructure environments from two of tech's top leaders.

Reducing flaky test failures

Testing is vital because it helps you discover bugs before you release software, enabling you to deliver a high-quality product to your customers. Sometimes, though, tests are flaky and unreliable. Tests may be unreliable because of newly-written code or external factors. These flaky tests, also known as flappers, fail to produce accurate and consistent results. If your tests are flaky, they cannot help you find (and fix) all your bugs, which negatively impacts user experience.

Signed Pipelines Build Trust in your Software Supply Chain

Trust isn’t given, it’s earned. As the Russian proverb advises, Доверяй, но проверяй — or as U.S. President Ronald Reagan liked to repeat, “Trust, but verify.” We designed JFrog Pipelines to securely support a large number of teams, applications, users and thousands of pipelines.

Adding IaC security scans to your CI pipeline with Indeni

With CircleCI, there are many different CI/CD flows that can be automated. One such flow is the use of Infrastructure-as-Code (IaC) to build cloud environments. For example, you can use CircleCI to automate the process of building Terraform plans and applying them, in order to create massive production setups in AWS, Azure, GCP, and other cloud environments.

The Industry's First Private Distribution Network

Private Distribution Network (PDN) enables enterprises to easily set up and manage a secure, massively scalable, hybrid distribution network for software updates. This new innovative technology accelerates software distribution 40X to speed up deployments and concurrent downloads across large-scale environments spanning hybrid infrastructure, edges, and IoT devices. PDN provides two integrated network utilization and acceleration technologies - HTTP-based, secure P2P, and CDN - that can be rolled out across large-scale mixed-infrastructure and multi-tiered, customizable network topologies, and are managed as-a-service with usage-based pricing.

Argo Rollouts, the Kubernetes Progressive Delivery Controller, Reaches 1.0 Milestone

Argo Rollouts, part of the Argo project, recently released their 1.0 version. You can see the changelog and more details on the Github release page. If you are not familiar with Argo Rollouts, it is a Kubernetes Controller that deploys applications on your cluster. It replaces the default rolling-update strategy of Kubernetes with more advanced deployment methods such as blue/green and canary deployments.

Announcing the Industry's First Private Distribution Network

Today, at our DevOps user conference swampUP, we were thrilled to announce a new groundbreaking innovation from JFrog: The industry’s first Private Distribution Network! Private Distribution Network (PDN) enables enterprises to easily set up and manage a secure, massively-scalable, hybrid distribution network for software updates.

What's New from JFrog: Binary Lifecycle Management at Scale

JFrog’s annual swampUp DevOps conference always brings new, exciting features to further our vision of accelerating releases through liquid software. This year was no exception, as JFrog CTO Yoav Landman and CPO Dror Bereznitsky revealed innovations for the JFrog DevOps Platform that enable end-to-end binary lifecycle management. Enterprise DevOps and large-scale modern application delivery require robust management of binaries, which are the building blocks of applications.

Finding the Bug in the Haystack: Correlating Exceptions with Deployments

You’re called in. The system is misbehaving. It could be a key metric going crazy, or exceptions starting to fire. You’re troubleshooting, beating around the bush, just to realize that one of the team’s deployments was the one messing things up. Sounds familiar? If you’re practicing continuous deployment, you probably experience that several times a week, if not more. Users report that 50% of their outages are due to infrastructure and code changes, namely deployments.

Benefits and challenges of using monorepo development practices

In a single, monolithic repository, also known as a monorepo, you keep all your application and microservice code in the same source code repository (usually Git). Typically, teams split the code of various app components into subfolders and use Git workflow for new features or bug fixes. This approach is natural for most applications or systems developed using a monolithic architecture. Code in such a monorepo typically has a single build pipeline that produces the application executable.

5 Steps to Starting DevOps with a JFrog Free Subscription

The JFrog Free subscription is a SaaS cloud offering of the JFrog DevOps Platform that provides software developers, DevOps Engineers, System Administrators and students a sandbox environment to explore solutions to common DevOps challenges. Here are examples of common DevOps challenges, where having a free subscription to the JFrog Platform helps.

Continuous deployment for Android libraries to Maven Central with Gradle

This article will take you through setting up CI/CD integration for building, testing, and publishing libraries to Maven Central using Gradle. With jCenter shutting down, Maven Central is once again the primary destination for all Android and Java libraries. Library publishers will need to port their libraries over to Maven Central to keep their libraries available after jCenter shuts down. This article focuses on CI/CD integration.

US Executive Order on Cybersecurity: What it Means for DevOps

The United States Government equates cybersecurity with national security. That’s the crux of the recent Executive Order that will mandate that not only must software applications be vetted, but there will be upcoming regulations on providing all of the components that make up the software. As section 1 notes: “prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security.”

Integrating a Cloudsmith repository with a Semaphore CI workflow

At Cloudsmith, we believe that packaging should be at the centre of any modern build and deployment process. In fact, we think that Continuous Packaging is the glue that ties Continuous Integration and Continuous Deployment or Delivery together. So with that in mind, in this blog, we will take a walk through how easy it is to integrate Cloudsmith with a Semaphore CI workflow and push the artifacts and packages that you build to a private repository. TL:DR – It’s super easy.

Keep OSS supply chain attacks off the menu: Tidelift catalogs + JFrog serve known-good components

How does your organization keep track of all of the open source components being used to develop applications and ensure they are secure and properly maintained? Our recent survey data shows that the larger an organization gets, the less confident they are in in their open source management practices. In companies over 10,000 employees, 39% are not very or not at all confident their open source components are secure, up to date, and well maintained.

Continuous deployment for Azure functions

Serverless computing, a model in which the provider manages the server, lets developers focus on writing dedicated pieces of application logic. Serverless computing has been adopted by many development teams because it auto-scales. Auto-scaling relieves developers of allocation management tasks, so they do not need to worry about the allocation of server resources or being charged for resources they are not consuming.

Turbocharging your Android Gradle builds using the build cache

The Gradle Build Cache is designed to help you save time by reusing outputs produced by previous builds. It works by storing (locally or remotely) build outputs, and allowing builds to fetch these outputs from the cache when it determines that inputs have not changed. The build cache gives you the ability to avoid the redundant work and cost of regenerating time-consuming and expensive processes.

Troubleshooting Kubernetes Clusters as a Developer with Komodor

The container ecosystem is moving very fast and new tools designed specifically for Kubernetes clusters are introduced at a very fast pace. Even though several times a new tool is simply implementing a well-known mechanism (already present in the VM world) with a focus on containers, every once in a while we see tools that are designed from scratch rather than adapting a preexisting idea. One such tool is Komodor.

Continuous delivery with Ketch, GitHub Actions, and k3d

Can we combine the simplicity of deploying applications with Ketch with GitHub Actions and accomplish a fully automated continuous delivery pipeline? Here's what we'll do. We'll create GitHub Actions that will fully automate all the tasks starting from creating a pull request all the way until a release is deployed to production.

Continuous deployment of Node.js to Azure VM

Virtual machines (VM) offer great flexibility for hosting web applications. A developer/engineer is able to configure and control every piece of software and every setting that the application needs to run. Azure, one of the largest cloud hosting platforms, has virtual machine offerings for both Linux and Windows-based operating systems. In this tutorial, you will learn how to set up a continuous deployment pipeline to deploy a Node.js application to an Azure virtual machine.

CircleCI acquires Vamp, adding release orchestration to their CI/CD platform to help engineering teams deliver business growth

CircleCI, the leading continuous integration and continuous delivery (CI/CD) platform, today announced the acquisition of release orchestration platform, Vamp. Combining Vamp's industry-leading release orchestration capabilities with CircleCI's robust CI/CD platform will be transformative for engineering teams amid a growing need for increased change validation in the industry.

What's New with JFrog Xray and DevSecOps

As we look to improve the quality and capabilities of the JFrog DevOps Platform, especially in the world of DevSecOps, we have added powerful new features to further enhance the award-winning JFrog Xray. The capabilities detailed below cement Xray’s position as a universal software composition analysis (SCA) solution trusted by developers and DevSecOps teams globally to quickly and continuously identify open source software vulnerabilities and license compliance violations.

We raised $100M in our Series F: here's what we're building next

Today we announced our Series F round of $100M led by Greenspring Associates, with Eleven Prime, IVP, Sapphire Ventures, Top Tier Capital Partners, Baseline Ventures, Threshold, Scale, Owl Rock, and Next Equity Partners. Thank you to our customers, community, partners, investors, and team. This latest investment allows us to invest as well; in our product, our community, and in our people. We build for the builders of the digital age: developers.

Continuous integration with GitOps

Software development is changing rapidly. On one hand, you must quickly adapt to evolving requirements, while on the other, your applications need to operate continuously without downtime. DevOps helps you quickly adapt to changes. Among other initiatives, continuous integration (CI) and continuous delivery (CD) are intgegral to any DevOps practice.

Preventing SQL injection attacks with automated testing

SQL injection is one of the most destructive ways an application can be attacked. This kind of attack is targeted toward the application database, which can result in consequences that are irreversible, lead to loss of money, and reduce user trust in your company. There are far too many application data breaches happening every day, usually when a malicious agent attacks the database.

Cloud-Hosted of Cloud-Native? Discover Why Cloudsmith Was Born in the Cloud

Today, almost every service now is offered in a “Cloud” variant. But what does that really mean? Are all clouds services equal? It’s easy to see why so many vendors rush to add a Cloud edition/variant of established software they sell. Undoubtedly, there has been a move to Cloud services across the industry, as more and more organizations seek to take advantage of the higher reliability and lower total cost of ownership that Cloud platforms promise.

Run Codefresh pipelines on a Bottlerocket Kubernetes cluster

In August 2020, Amazon announced Bottlerocket OS, a new open source Linux distribution that is built specifically for running container workloads. It comes out of the box with security hardening and support for transactional updates, allowing for greater ease in automating operating system updates, maintaining security compliance and reducing operational costs. Bottlerocket is designed to be able to run anywhere and, at launch, has a pre-built variant for Amazon EKS.

ICYMI: How Honeycomb Can Help You Achieve the Deployment Part of CI/CD

In case you missed it, this webinar includes code walkthroughs that help you to add observability to your pipelines (using a free Honeycomb account!) so that you and your team can speed up your deployments to prod. This is also a risk-free way to get started with observability if your team isn’t quite yet ready to change your production apps.

Launching Argo CD Autopilot: An Opinionated Way to Manage Your Applications Across Environments Using Gitops at Scale

Argo CD has been skyrocketing in popularity with the CNCF China survey naming Argo as a top CI/CD tool for its power as a deployment automation tool. And it’s no wonder, GitOps is a faster, safer, and more scalable way to do continuous delivery. Most of our own users are embracing GitOps to manage infrastructure and applications at scale in gaming, finance, defense, media, and other industries.

Managing Users and Groups with SCIM in the JFrog Platform

When your organization becomes bigger, managing the users and groups lifecycle becomes a significant challenge. Your company grows rapidly, hiring new employees, and giving them access to more and more applications that your organization uses. This means that there are many employee-related actions that need to be taken when an employee changes their team, role, leaves temporarily or permanently (otherwise you may end up with operational, security or compliance issues).

LogicMonitor's Certified Ansible Content Collection Allows You To Do More With Less

Here at LogicMonitor, we’re really big on extensibility and automation. We’re constantly adding to our catalog of monitoring coverage, and we spend a lot of our time ensuring that setup is as simple as possible. We also monitor almost any data you can expose on a network. People have done way more with LogicMonitor than we would have ever imagined, and I’m extremely excited to announce our next step in that commitment to extensibility and automation.

Announcing Native Integration for Hashicorp Vault Secrets

Secret management is one of the most critical areas in deploying and running applications. Codefresh already had native support for native Kubernetes secrets or custom secrets on the Codefresh Runner, but more and more customers have asked us for native support for Hashicorp Vault. Today we are pleased to announce our native integration with Hashicorp vault as another secret provider for Codefresh pipelines.

How to Connect the Dots: Creating Complex CI/CD with JFrog Pipelines

As software gets more complex, so do software builds. With applications being composed of multiple services — often developed by separate teams — it can be challenging to automate a unified continuous integration process. JFrog Pipelines is unique among DevOps CI/CD solutions in empowering developers to create highly complex DevOps Pipeline workflows. Pipelines can be defined with multiple paths, trigger points and trigger types.