Operations | Monitoring | ITSM | DevOps | Cloud

September 2021

Using Helm with GitOps

This is the first of many posts highlighting GitOps topics that we’ll be exploring. Within this post, we will explore Helm, a tool used for Kubernetes package management, that also provides templating. Helm provides utilities that assist Kubernetes application deployment. In order to better understand how Helm charts are mapped to Kubernetes manifests, we’ll explain more details below and how to use Helm with and without GitOps.

Performing database tests on SQL databases

Testing is one of those activities that if not exhaustive will not have its complete impact on your software development process. Oftentimes developers are only concerned about testing the application layer of the system (a.k.a the codebase) and ignore testing the data layer (the database) which is also as important as testing the code itself.

The Importance of Prioritizing Product Security

Achieving comprehensive security for the products delivered and deployed by organizations is becoming more difficult, due to a variety of factors. A key one is the growing volume, variety and complexity of software and connected devices in use. Another is the overwhelming risk of inherited software supply chain exposures. The result: Companies struggle every day to provide software with optimal security and protection against malicious activities, takeovers, data theft, and commercial sabotage.

The Confident Commit | Ep. 12: Tenth Anniversary Reflections from Our Newest & Oldest Engineers

In this special episode of The Confident Commit, Rob celebrates CircleCI's 10 year anniversary with two CircleCI guests: the company's longest-tenured engineer, Gordon Syme, and one of our newest employees, our SVP Engineering, JP LeBlanc, to discuss the company's past, present, and future. Join us as we celebrate 10 years of working to help organizations build software better and faster. And don't forget to Like and Subscribe to The Confident Commit podcast playlist for alerts to new episodes published biweekly.

CircleCI delivers 664% ROI and $13.98M NPV according to Total Economic Impact Study

Today we’re sharing findings from The Total Economic Impact™ Of CircleCI, a commissioned study conducted by Forrester Consulting on behalf of CircleCI. The study revealed that CircleCI delivered a 664% return on investment (ROI) over a three-year period and highlighted that our platform increased developer productivity by 10%. This results in a greater efficiency value of more than $4.3 million, enabling organizations to increase engineering velocity that drives business success.

Publishing to Rubygems with CircleCI

If you maintain a Ruby gem, you are definitely familiar with the recurring manual tasks surrounding the release of a new version. After doing this for a while, you inevitably start thinking that some of these steps could be automated. They can! With a few lines of code, you can bring the amazing world of continuous delivery to your project and increase the reliability of the whole process while freeing up some of your time. Double win!

Fireside Chat: Going GitOps with Argo

Argo CD is the world's most popular, and fastest-growing open source GitOps tool. In this fireside chat, we'll explore just what makes Argo tools so popular for GitOps. Including: Argo CD Argo Rollouts Argo Workflows Argo Events Join Alexander Matyushentsev, one of the principle engineers and maintainers on the Argo Project as he shares his stories and experience leading this popular project.

Conan Center Celebrates 1,000+ Recipes

We’re delighted to thank the Conan community on reaching a major milestone, the public contribution of over 1,000 Conan recipes to Conan Center, the repository for hosting C/C++ packages! Conan recipes are Python-language files that describe how a Conan package is consumed. Each recipe is used to produce hundreds of C/C++packages, so this is an achievement with huge community impact.

Private Package Repositories Part 2: The Influencers

In part 1 of our package repositories series, important terms like packages, metadata, dependencies, and upstreams were explained. In this part 2, we will take it further, diving into trends within the software landscape that have changed what developers and organizations want from a package repository. In recent years we’ve seen a push to use managed services in the cloud, automation, supply chain security.

A Peek at JFrog's Iron Bank Accreditation for Xray and Artifactory

JFrog Artifactory and JFrog Xray recently underwent a rigorous hardening process to earn accreditation for inclusion in the U.S. Department of Defense’s Iron Bank, a centralized repository of digitally-signed and hardened container images. In this blog post, we’re pulling back the curtain on the process, in order to share our insights and lessons learned with our customers and with the DevOps community at large.

Tips for designing distributed systems

With companies expecting software products to handle constantly increasing volumes of requests and network bandwidth use, apps must be primed for scale. If you need resilient, resource-conserving systems with rapid delivery, it is time to design a distributed system. To successfully architect a heterogeneous, secure, fault-tolerant, and efficient distributed system, you need conscientiousness and some level of experience.

How to integrate security checks into your deployment workflow

As software applications grow in scale and complexity, the surface areas for security vulnerabilities and exploits grow with it. Modern development practices include large amounts of code reuse. First, in the form of language-specific standard libraries such as the C++ STL, the Golang standard library, and Microsoft.NET. Second, in the form of open-source libraries found on places like Github. Much of this code is built using other libraries, introducing a web of dependencies into modern software.

Cloudsmith Raises $15m in Series A to Evolve the Future of Software Supply Chains

Today, we are excited to announce that Cloudsmith has secured $15 million of funding in our recent Series A round. This latest round will help us continue to build best-in-class technology for today’s software engineers and their organizations by evolving cloud-native package management and providing a secure, single source of truth for all software artifacts and assets.

Set Up a Remote Repository in Artifactory To Proxy Iron Bank Images

U.S. Department of Defense (DoD) teams that manage DevSecOps software factories or that use DevSecOps factories to develop, secure and operate mission applications, need a trusted repository management system to store their local artifacts as well as artifacts pulled from Iron Bank, the DoD’s central repository of hardened container images. Artifacts that are stored include VM images, container images, binary executables, archives, documentation and many more package types.

Delivering on Our Commitments to the Public Sector with Iron Bank Certification

Serving our customers in the public sector, including government agencies and contractors, is both a great honor and a major responsibility for JFrog. The applications and digital services that they release have a direct impact on the well-being of our communities, across critical areas including national defense, healthcare, public safety, education and more. Today, I’m proud to share that JFrog is further strengthening its position in the government sector with the U.S.

Private Package Repositories Part 1: What's a package again?

Package repositories were never something I thought about as a developer unless something didn’t work. For example, if it was slow, wouldn’t connect, wouldn’t install, or was overly complicated to configure. Mostly I wanted something I barely noticed. Something simple and easy to use.

Continuous Deployment of Deno APIs to Heroku

The first time I was tasked with maintaining a production server, I relied on a checklist my predecessor had left for me. The checklist contained all the maintenance steps along with their corresponding commands. In those early days, I religiously copied each command, double- and triple-checking each character before pressing the Enter key. Slowly but surely, the commands got committed to memory until one day I realized I did not need the checklist.

What's New in Software Supply Chain Security

With new software supply chain attacks reaching the spotlight at an accelerating pace, security research uncovering novel attack methods, and new mandates and guidelines starting to come into effect -- it can be hard to stay on top of the latest developments and their implications. Catch this session as we break down the recent news related to software supply chain security and what you can do to meet new requirements and protect your software from such attacks.

How to Simplify Your Kubernetes Helm Deployments

Is your Helm chart promotion process complicated and difficult to automate? Are rapidly increasing Helm chart versions making your head spin? Do you wish you had a way to quickly and easily see the differences between deployments across all of your environments? If you answered “yes” to any of these questions, then read on! My purpose for writing this article is to share a few of the techniques that I’ve seen make the biggest impact for Codefresh and our customers.

Self-hosted CI/CD: CircleCI server on your infrastructure

CircleCI’s self-hosted solution provides best-in-class CI/CD power and functionality. It’s the same functionality offered in the cloud, but it provides protection and control by using your own infrastructure. This self-hosted option comes with capabilities that address the unique needs of people like you; people tasked with running and maintaining machines. CircleCI self-hosted tools and features enable your team to move quickly.

International Programmers Day 2021: Celebrating Those on the Front Lines of Digital Transformation

Happy International Day of the Programmer to the coders out there programming our digital world. It is your work and commitment that make the technical community thrive. You create the foundation for the innovations transforming the way we work and live.

Trusted SBOMs Delivered with the JFrog Platform and AWS

In this webinar, you’ll learn what an SBOM is, how it will benefit you, the misconceptions that exist around it and why it must be a key element of your software development life cycle's (SDLC) security and compliance. We’d also like to invite you to register for a joint JFrog-AWS webinar, where we’ll do a deep dive on SBOMs and share insights and best practices on SBOM creation and usage.

Continuous integration of Deno APIs

Development teams provisioning software services face a constant trade-off between speed and accuracy. New features should be made available in the least possible time with a high amount of accuracy, meaning no downtime. Unforeseen downtime due to human error is common for any manual integration processes your team uses to manage codebases. This kind of unexpected interruption can be one of the key drivers for a team to take on the challenge of automating their integration process.

Goodbye Dispatch, Hello FluxCD!

We are announcing the deprecation of Dispatch, our DKP 1.x CI/CD tool, based on Tekton and ArgoCD. As another step in the continuous improvement of the DKP platform, in DKP 2.0 we have made the move to FluxCD, a CNCF incubator project. Why did we make this decision? Our customers have significant investments in their build pipelines using battle tested technologies such as Jenkins, TeamCity, and CircleCI. It would be a significant change in their workflows to introduce a new CI tool like Tekton.

Removing CI/CD Blockers: Navigating K8s with Codefresh & Komodor

Komodor can help plot a safe voyage through the ever-changing sea of microservices. In this webinar you’ll learn how to ensure continuous delivery with Codefresh, and quickly detect and fix hazardous k8s deployments with Komodor. We will demonstrate how you can.

Risk Mitigation Strategies for Tcp/IP Vulnerabilities in OT

JFrog in collaboration with Forescout Research Labs recently released the fourth study from Project Memoria - the industry’s most comprehensive study of TCP/IP vulnerabilities. INFRA:HALT covers 14 vulnerabilities affecting the popular closed source TCP/IP stack NicheStack. These vulnerabilities can cause Denial of Service or Remote Code Execution, allowing attackers to take targeted OT and ICS devices offline or take control of them.

[Webinar] Removing CI/CD Blockers: Navigating Kubernetes with Codefresh & Komodor

Ah, Kubernetes; she is a harsh mistress… Join us to find out how Codefresh and Komodor can help plot a safe voyage through the ever-changing sea of microservices. In this webinar you’ll learn how to ensure continuous delivery with Codefresh, and quickly detect and fix hazardous k8s deployments with Komodor. We will demonstrate how you can.

The Confident Commit ep. 10 | Observability improving speed and reliability with Ben Sigelman

Rob sits down with Lightstep CEO, Ben Sigelman to discuss observability and how it connects with delivering change with confidence. Get answers to questions like: Watch, learn, and leave us a comment with your thoughts, questions, or ideas for future podcast episodes. And don't forget to Like and Subscribe to The Confident Commit Podcast playlist for alerts to new episodes published biweekly. The Confident Commit: A podcast for developers, engineering managers, and business leaders alike to join in the conversation on how to deliver software better and faster.

Pipelines as Code

One of the reasons we define items as code is it allows for the programmatic creation of resources. This could be for infrastructure, for the packages on your machines, or even for your pipelines. Like many of our clients, at Codefresh we are seeing the benefits of an “everything as code” approach to automation. One of the great things about defining different layers in the stack as code is that these code definitions can start to build on each other.

Creating integrations, dashboards, notifications, and more using CircleCI webhooks

Webhooks allow for communication between services and APIs, which makes them the glue of our interconnected, cloud-based application environment. If you are familiar with APIs, you can learn to use webhooks. CircleCI offers a webhooks feature for our CI/CD platform that lets you subscribe and react to CircleCI events such as workflow and job completed. This tutorial showcases the webhooks feature and gives you steps for getting started.

Create customizable experiences with CircleCI webhooks

Over the past 10 years, CircleCI customers have used our platform to customize their software development process. Orbs have helped standardize and scale CI/CD pipelines with reusable packages of configuration. The CircleCI API has allowed users to create robust internal tools for their developers and integrate with other products for more granular monitoring. As of today, CircleCI users have yet another way to react to events and customize their software delivery experience with webhooks.

Top 6 advantages of software as a service

Of the many challenges faced by modern enterprises, managing a remote workforce is near the top of the list. Keeping distributed teams organized, engaged, and happy is crucial in today’s highly competitive and globalized business environment. Providing reliable, secure, and cost-effective software tooling is just one piece of this increasingly complex puzzle.

GitLab CI

In today’s world of software development, one of the most emphasized practices is CI, or Continuous Integration. Continuous Integration is the first step of the CI/CD pipeline and acts as an enabler for the whole DevOps mindset and methodology. CI is the foundation of modern software development. Given the fact that this is the first stage of a proper DevOps setup, it’s crucial that it must be done correctly.