Operations | Monitoring | ITSM | DevOps | Cloud

At many organizations, the surprise discovery that the widely used Apache log4j open source software has harbored a longtime critical vulnerability was as if Scrooge and the Grinch had teamed up for the biggest holiday heist of all. Incident response teams across the globe have scrambled to remediate thousands, if not millions of applications. “For cybercriminals this is Christmas come early,” explained Theresa Payton, former White House CIO and current CEO of Fortalice Solutions.

Looking at where major DevOps trends are headed, a common theme across many tools and practices is improving the Developer Experience or DX. One paradigm of thinking is that if you improve your internal customer experience, then your external customers will benefit too. However, up until now, the Developer Experience has been quite siloed and segregated for a multitude of reasons, such as scaling or having best-of-breed technologies to support individual concerns. Presentation on DX.

If you’re looking for an alternative to Docker Desktop or to integrate Docker into your Multipass workflow, this how-to is for you. Multipass can host a docker engine inside an Ubuntu VM in a manner similar to Docker Desktop. That Docker instance can be controlled either directly from the VM, or remotely from the host machine with no additional software required. This allows you to run Docker locally on your Windows or Mac machine directly from your host terminal.

Last week, we took a look at how shareable activities - specifically the link made available to a particular activity’s logs in the management console - could be surfaced as a part of a GitHub integration using GitHub actions. It was a nice bit of fun playing around with GitHub actions for the first time, and it let me make something new and useful for my team’s work. But I caught a little bit of the curiosity bug.

Modern day software development approaches such as DevOps, have certainly reduced development time. However, tighter release deadlines push security practices to a corner. This blog explains how Shifting Security to the Left introduces security in the early stages of DevOps Lifecycle, thus fixing software bugs proactively. We have come a long way in the DevOps lifecycle, from releasing the code every month(or sometimes more than that) to every day(or every hour).

GitOps has become a buzzword. Developers love it, because it folds DevOps into Git, a frequently used and familiar tool. Using one tool to manage multiple DevOps activities sounds fantastic, and it can be helpful for many. The truth is GitOps has limits. In this article, we explore DevOps and GitOps, compare their similarities and differences, and examine how their principles can work together to support your software development goals.

This blog is the continuation of the blog “Get the best out of Azure Data Factory – Part 1“. It explains how Serverless360 addresses the pain points and enhances the usage of Azure Data Factory. Serverless360 is a single platform solution that enables Operations and Support Teams to manage and monitor Azure Serverless services more efficiently. Let us have a quick recap of part 1 before looking into new features that Serverless360 provides for Azure Data Factory.

Accelerating software distribution is a critical part to enabling enterprise delivery at scale. Throughout the SDLC processes, we’re required to continuously distribute software packages — either to remote development teams as part of CI cycles, to production environments or devices for deployments, or for public downloads by your developers or partners ecosystem. The key attributes of Distribution workflows create network challenges around bandwidth, resiliency and availability.

Accelerating software distribution is a critical part of the modern DevOps stack. Modern application development has created new challenges around distribution at scale, leading organizations to rethink their software distribution infrastructure.

This article discusses the background, impact, identification, and mitigation of Log4Shell, one of the worst vulnerabilities to arise in the past decade. Here at Cloudsmith, security and privacy are paramount. As a hosted package management service helping customers distribute millions of packages worldwide, we're part of the story for securing software supply chains. Read on further to see how the vulnerability works and what you can protect yourself and your users.