Security best practices for CI/CD
Welcome to the DevSecOps and CI/CD security guide. Browse through each section to discover various relevant resources to ensure security of your applications and infrastructure.
Welcome to the DevSecOps and CI/CD security guide. Browse through each section to discover various relevant resources to ensure security of your applications and infrastructure.
Welcome to 2023! The year of the Linux Desktop, the rise of AI, Software Bill of Materials (SBOM), DevOps is Dead, Platform Engineering is Alive, and a CNCF landscape that won’t be getting any simpler! Seriously, the technology and software sector is growing at a faster pace than any time I can ever recall. Where do we even begin? I hope you enjoy some predictions and trends that will become more and more evident in 2023.
Adopting Kubernetes has introduced several new complications on how to verify and validate all the manifests that describe your application. There are several tools out there for checking the syntax of manifests, scanning them for security issues, enforcing policies etc. But at the most basic case one of the major challenges is to actually understand what each change means for your application (and optionally approve/reject the pull request that contains that change).
On January 4, 2023, we alerted customers to a security incident. Today, we want to share with you what happened, what we’ve learned, and what our plans are to continuously improve our security posture for the future.
Customers can now integrate Cloudsmith with Roadie, letting users monitor key Cloudsmith data within the Roadie developer portal. Cloudsmith has just announced an exciting new integration with Roadie, a start-up that provides SaaS for Backstage, a service catalog open-sourced by Spotify that automatically tracks your microservices. Organizations use Roadie to build a software catalog and developer portal for internal systems, centralizing information in one convenient location.
Continuous delivery is a software development approach in which code changes are automatically staged for production release. A foundation for modern application development, continuous delivery extends continuous integration by automatically deploying code changes to test and production environments after the build phase. When properly implemented, developers have deployable build artifacts that have passed a standardized testing process and can be deployed to environments as needed.