Operations | Monitoring | ITSM | DevOps | Cloud

CI CD

The latest News and Information on Continuous Integration and Development, and related technologies.

DevSecOps is a practice. Make it visible

Security should be embedded in DevOps by default, but for many organizations, it is not. Enter “DevSecOps”. What is DevSecOps? It is a practice to build more secure applications, secure the software factory, and secure cloud workloads. Because it is a practice it needs to be visible. In this session hear about the ways tech-enabled enterprises approach a DevSecOps practice, how they make it visible, and how Splunk + JFrog can accelerate your journey.

Reducing microservice overhead with shared libraries

It’s a common story: the product team gets early success and grows into a large monolithic code base. While everything is in a single code base, features can be added quickly. This is partly due to the ability to leverage shared code across each feature in the codebase. When your team is adding a new feature, a developer can leverage the existing codebase for needs such as logging or special error handling.

We've Agreed to Acquire Vdoo, Unifying Developers and Security Teams from Source to Device

We’re extremely excited to announce we’ve agreed to acquire Vdoo, a leading, Israeli-based product security company with its roots in binaries and IoT/devices. Vdoo’s team and entire technology portfolio will be incorporated into JFrog, delivering a solution that truly unifies development and security teams with a holistic security approach.

Securing pipelines through secret management

Secrets management plays a critical role in keeping your pipelines and applications secure. While secrets management tools help, you need to implement best practices and processes to successfully manage secrets in a DevOps environment. Standardizing, automating and integrating these processes also helps secure secrets by reducing the chance of human error.

Understanding and tracking the impact of your ever-changing k8s deployments

As developers we’re not always fully aware of security implications stipulated from changes to our code whether these are done in the CI, CD or an artifact database. It is always challenging to predict the impact of a changed 3rd party library, a security context or an RBAC permission, accessing a different network to the same resource or even using an API in a different way than we used to. Understanding the impact immediately and being able to make a change without disrupting the pipeline is therefore an important requirement. This session will present best practices to cope with these day to day changes and will propose a set of tools to address them cohesively.