In our previous post, we discussed the recent security incident at Codecov and the following investigation at Mattermost. As a follow-up to that we wanted to share some of the basic design principles as well as a handful of more technical tips and tricks around CI/CD pipeline security that helped Mattermost come out of the incident unscathed.

Bitbucket Cloud’s code review experience is highlighted by the pull request view – a central place to view and discuss proposed changes, create actionable tasks from discussion, and reach a consensus on the changes making their way to your codebase.

We all want to develop everything super fast. So, when something like a “simple” database sync process takes ages, we need to think outside the box. Here are the solutions we implemented, in JFrog Xray, to improve our DB performance, reducing the sync time from 16 hours to 2 hours!

Codefresh is an awesome platform for doing GitOps deployments to Kubernetes. Starting last year, the Codefresh team has been adding rich integrations with Argo CD and Argo Rollouts, GitOps observability dashboards, and more. Codefresh pipelines, in particular, have played an integral role in our customers’ progressive delivery workflows by allowing them to orchestrate all of the testing, analysis, and rollback activities that work in conjunction with Argo CD synchronization.

Codefresh is a DevOps automation platform with Kubernetes and Docker native tools and features. You can create powerful pipelines and utilize the provided dashboards by connecting different Kubernetes clusters and registries to receive further insights into your deployments. Additionally, by enabling GitOps for your repositories you can reach the highest level of confidence in your Kubernetes deployments.

A few months ago, I was asked if I wanted to develop an open-source Terraform provider. Eleanor Saitta, principal at Systems Structure Ltd, had a client who was setting up JFrog Xray across their Github repositories but didn’t want to configure each repository by hand. As an SRE who enjoys working on projects that automate away those sorts of pain points (and someone who works extensively with Terraform during their day job), this sounded like an interesting project to work on.

Docker v20 was officially released a few months ago, bringing new features that will make your builds faster and more secure. We will be progressively rolling out the new version to Bitbucket Pipelines throughout the month of June 2021.

‍In Sleuth’s continuing efforts to help our customers to deliver faster and safer, we have always put security as a top-level business priority. Security and privacy of our customers’ data is always in the forefront of our design, development, and deployment concerns. We understand the level of trust our customers put in us when they connect key systems together with Sleuth.

Argo Rollouts is a progressive delivery controller created for Kubernetes. It allows you to deploy your application with minimal/zero downtime by adopting a gradual way of deploying instead of taking an “all at once” approach. Argo Rollouts supercharges your Kubernetes cluster and in addition to the rolling updates you can now do In the previous article, we have seen blue/green deployments.

With software supply chain attacks on the rise, are you wondering how you can recover quickly from the recent SolarWinds breach at your company? Months after its discovery, the devastating SolarWinds hack remains a top concern for business, government and IT leaders. This destructive supply chain attack put the spotlight on software development security — a critical issue for the DevOps community.