Do you know what version of your software is running in production? How often is that software deployed, and was it deployed right before last week’s p0 incident? What sort of dependencies are being deployed along with that software, and are any of them potential security risks? These are all common observability questions that may be difficult to answer.

Dynamic application security testing (DAST) is a critical security measure for modern software delivery pipelines. It involves evaluating the security of web applications by actively testing them in real-time, simulating real-world attacks to identify vulnerabilities. As the cybersecurity threat landscape has evolved, DAST has emerged as a key tool for enforcing application security in continuous integration and continuous delivery (CI/CD) pipelines.

As the prevalence of containers continues to expand, managing the push and pull of containers without an enterprise-grade container registry is unwieldy. Many companies utilize JFrog Artifactory as a Docker and Helm registry, but also utilize Docker Desktop strategically to manage their container services.

CI/CD pipelines have become a cornerstone of agile development, streamlining the software development life cycle. They allow for frequent code integration, fast testing and deployment. Having these processes automated help development teams reduce manual errors, ensure faster time-to-market, and deliver enhancements to end-users. However, they also pose risks that could compromise stability of their development ecosystem.

Modern continuous integration (CI) practices enable development teams to quickly and efficiently build and deploy application code to a shared codebase. However, deploying new code is typically accompanied by tests, and as the codebase expands, this results in a proportionately larger test suite.

The zero trust security model is an approach to network security that enforces strict access controls and authentication at every stage of the software development lifecycle. It treats every user, device, and transaction as a security risk and uses the principle of least privilege to restrict access to sensitive resources and minimize the potential attack surface.

If you’re a developer, DevOps engineer, or security technician, you know the feeling of managing multiple tools at once. It’s a phenomenon so prevalent in software development that it has its own name, “tool sprawl,” and it can make it hard for teams to do their jobs efficiently.

Static application security testing (SAST) involves analyzing source code to identify and address potential security vulnerabilities. Using SAST early in development identifies threats before they can affect a live environment. SAST is particularly important for continuous integration and continuous deployment (CI/CD) pipelines. These pipelines automate the integration of new code changes into the main codebase and deploy applications to production environments.

Kubernetes is now the de-facto standard for container orchestration. With more and more organizations adopting Kubernetes, it is essential that we get our fundamental ops-infra in place before any migration. In this post, we will learn about leveraging Jenkins and Spinnaker to roll out new versions of your application across different Kubernetes clusters.

End-to-end visibility into pipelines is crucial for ensuring the health and performance of your CI system, especially at scale. Within extensive CI systems—which operate under the strain of numerous developers simultaneously pushing commits—even the slightest performance regression or uptick in failure rates can compound rapidly and have tremendous repercussions, causing major cost overruns and impeding release velocity across organizations.