Companies across industries are under tremendous pressure to develop and deploy IT applications and services faster and with far greater efficiency. Traditional enterprise application development falls short since it is not efficient and speedy. IT and business leaders are keen to take advantage of cloud computing as it offers businesses cost savings, scalability at the touch of a button, and flexibility to respond quickly to change.

With the trend towards smaller but more frequent software releases, your binaries and artifacts keep accumulating faster. Our enterprise customers each maintain an average of 20 million unique artifacts, adding 130% more each year. Eventually, a clutter of outdated binaries forms, and fInding the binaries you need becomes unwieldy, difficult, and confusing. Over time, your artifact repository’s performance can suffer from degradation.

I’ve been leading software teams for more than 20 years and one thing I’ve learned about metrics is that leaders tend to put too much emphasis on engineering metrics alone, without considering the bigger picture. After speaking to a range of engineering industry leaders, and poring over millions of jobs processed from software teams worldwide, we found that the most insightful and relevant metrics fall into three categories: What metrics are meaningful for your team to measure?

For the past five years, CircleCI has hired third-party penetration testing firms that hammer our product releases or infrastructure at minimum every 90 days. To date, we’ve done more than 25 of these. Sometimes they cover new product features and other times they cover infrastructure.

JFrog has recently disclosed a directory traversal issue in CivetWeb, a very popular embeddable web server/library that can either be used as a standalone web server or included as a library to add web server functionality to an existing application. The issue has been assigned to CVE-2020-27304.

Bitbucket Pipelines provides a Docker caching feature that can help improve build times. However, the limitation is that only compressed caches under 1GB are saved and can be used. In this blog, we outline a process showing how you can use compressed caches that are larger than 1GB. With Docker versions >= 19.03, you can use the BuildKit feature. With BuildKit, you don’t need to keep the cache locally before building the Docker image since it caches each build layer in your image registry.

Like the historic space race, the competition to plant the flag of DevOps is blasting off. According to market intelligence firm IDC, global business will invest $6.8 trillion in digital transformation by 2023. Yet research also suggests that 70 percent of them will fail to meet their goals. JFrog was the first company to offer a universal, hybrid, end-to-end DevOps platform.

Here’s a common situation that plagues many development teams. You run an application through your CI/CD pipeline and all of the tests pass, which is great. But when you deploy it to a live target environment the application just does not function as expected. You can’t always predict what will happen when your application is pushed live. The solution?

Support for including default values in custom pipelines has been a highly requested feature. We are happy to announce that this feature is now live. Providing a default value helps avoid errors when you manually trigger a custom pipeline. If you often rely on the same value for certain variables, it can be frustrating to get a failed build when you forget to specify the value or have a typo when providing the value.

It’s often necessary to inject secrets into your build or deployment process so that the deployed service can interact with other services. This can be straightforward if you’re only deploying to a single environment. When deploying to multiple environments, though, you might need to dynamically inject different secrets depending on the environment to which you’re deploying.