As digital transformation accelerates and more organizations use software solutions to facilitate work operations, security threats have become more commonplace. Cybercriminals tirelessly develop ways to exploit software application vulnerabilities to target organizational networks. A notable example is the 2017 Equifax data breach, which exposed the personal details of 145 million Americans.

By now you’ve probably gotten the message – multi-cloud DevOps (or a hybrid on-prem/cloud approach) is the future of development and deployment architectures. The benefits of this approach are pretty clear: future proofing your business, optimizing for performance and availability, avoiding vendor lock-in, leveraging the best tools/elements of each cloud provider, and more.

Modern software systems are complex, with services distributed across data centers, in many zones, all around the world. Gone are the days when we managed individual servers dedicated to our organization, comfortable with the knowledge of the unique quirks of our setup. Now we rely on others to manage massive data centers where we borrow small slices of virtual space on shared hardware, traveling over shared networks, all in a system we call the cloud.

GitOps. The term appears everywhere, but what are its benefits? And is it as difficult as it sounds? Well, GitOps is a pretty easy paradigm to integrate with your current processes. However, my saying it is “easy” doesn’t help you decide whether you want to adopt it or not. So, let’s talk about it.

Here on the CircleCI Insights team we don’t just develop stuff for CircleCI users, we are CircleCI users. Really, there’s no better way to get to know your product than to use it, and the Insights team is no exception. A few months ago, we realized that our pipeline configuration for the Insights UI left much to be desired.

Developers strive to produce efficient code. Many times, developers will add code to their repositories and test it to make sure it works, but they are forgetting one very important step: benchmarking! Benchmarking allows developers to see the performance impact on their code output. If properly integrated into a CI/CD pipeline, it could prevent catastrophic drops in performance before any code is shipped/deployed at all.

Introducing OpenID Connect identity tokens in CircleCI jobs! This token enables your CircleCI jobs to authenticate with cloud providers that support OpenID Connect like AWS, Google Cloud Platform, and Vault. In this blog post, we’ll introduce you to OpenID Connect, explain its usefulness in a CI/CD system, and show how it can be used to authenticate with AWS, letting your CircleCI job securely interact with your AWS account, without any static credentials.

Adding automated testing to your CI/CD pipelines can help you ensure that you deploy changes safely. But as you continue to shift left, the number and complexity of tests are likely to increase, making them slower to run and harder to troubleshoot. Datadog CI Visibility can help you track the performance of your CI/CD pipelines and tests—and now you can also use Real User Monitoring (RUM) to monitor end-to-end (E2E) Cypress tests.

The new world is “always-on,” hyper-connected, massively distributed, and moving at an accelerated “near-real-time” pace.

Software programs today can be likened to a complex stew, with multiple ingredients sourced from disparate places. In software, open-source tools are a major ingredient. According to the 2020 Open Source Security and Risk Analysis (OSSRA) report produced by the Synopsys Cybersecurity Research Center, 99 percent of the codebases contain at least one open source component, with open source comprising 70 percent of the code overall.