The new world is “always-on,” hyper-connected, massively distributed, and moving at an accelerated “near-real-time” pace.

Software programs today can be likened to a complex stew, with multiple ingredients sourced from disparate places. In software, open-source tools are a major ingredient. According to the 2020 Open Source Security and Risk Analysis (OSSRA) report produced by the Synopsys Cybersecurity Research Center, 99 percent of the codebases contain at least one open source component, with open source comprising 70 percent of the code overall.

Go, an open-source programming language backed by Google, makes it easy to build simple, reliable, and efficient software. Go’s efficiency with network servers and its friendly syntax make it a useful alternative to Node.js. All network applications need well-tested features, and those developed in Go are no different. In this tutorial, we will be building and testing a simple Go blog.

End-to-end testing, also known as E2E testing, is a methodology used for ensuring that applications behave as expected and that the flow of data is maintained for all kinds of user tasks and processes. This type of testing approach starts from the end user’s perspective and simulates a real-world scenario. For example, on a sign-up form, you can expect a user to perform one or more of these actions: You can use end-to-end testing to verify that all these actions work as a user might expect.

We are happy to announce that Bitbucket Pipelines now supports MacOS self-hosted runners. This is currently in beta. You can now create a self-hosted runner and run it on your MacOS infrastructure to run MacOS and IOS builds. Since you’re using your own runner, you won't be charged for Bitbucket Pipelines build minutes. This self-hosted runner will be non-containerised allowing your CI/CD step to access the host's hardware, such as the graphics card or any connected external devices.

Automation goes beyond just building solutions to replace complex or time-consuming manual processes. As the popular saying goes, “anything that can be automated should be automated.” For example, deploying updates to applications can and should be automated. In this tutorial, I will show you how to set up hands-free deployment of a FeathersJS app to Heroku.

A new zero-day exploit in the spring-web package called “SpringShell” (nicknamed “Spring4Shell”) was just leaked and is threatening the internet and the community. The JFrog security research team is investigating the exploit and continuously updating our blog post with technical details on the SpringShell vulnerability.

Shipping complex applications at high velocity lead to increased failures. Longer pipelines, scattered microservices, and more code inherently lead to bigger complexity where small mistakes may cost you big time.

On March 29th, the cyberkendra security blog posted a sensational post about a Log4Shell-equivalent zero-day vulnerability in Spring Framework, but without any solid details about the vulnerability itself.