Software package repositories are becoming a popular target for supply chain attacks. Recently, there has been news about malware attacks on popular repositories like npm, PyPI, and RubyGems. Developers are blindly trusting repositories and installing packages from these sources, assuming they are secure.

Continuous Packaging (CP) is a term that we use a lot at Cloudsmith, and it is one that we think will become a cornerstone in a secure software development process.

Being a software developer is an amazing job with a growing job field ensuring there is great security and need in the market. But, with a great job that is highly skilled comes the demand of having a high understanding of the tools and languages needed to properly develop software efficiently.

JFrog customers will soon enjoy end-to-end, holistic security across their software lifecycle — from development to devices — as the technology of recently-acquired Vdoo gets integrated into the JFrog DevOps Platform. That was the pledge made by JFrog and Vdoo leaders during their first joint webinar, in which they explained why JFrog acquired Vdoo, how the platform’s security and compliance capabilities will expand, and what’s the integration timeline.

Datadog CI Visibility, now available in beta, provides critical visibility into your organization’s CI/CD workflows. CI Visibility complements Datadog’s turn-key CI provider integrations and the integration of synthetic tests in CI pipelines to give you deep insight into key pipeline metrics and help you identify issues with your builds and testing.

Engineering teams can only be as efficient as the processes they employ during development. The need for increased efficiency is why software development has shifted from the “waterfall” approach to a more responsive, agile methodology. In an agile development environment, quality software can be delivered consistently to suit the ever-changing needs of stakeholders and end users.

This series was co-written by Musa Barighzaai and Tyler Sullberg. In the previous post, we explored high-level differences between thinking in Clojure compared to thinking in JavaScript. We are now ready to start building our first Clojure microservice. The microservice we are going to build will be very simple. It will be an HTTP server that uses a Redis data store to count how many times a given IP address has pinged the /counter endpoint.

This series was co-written by Tyler Sullberg and Musa Barighzaai. This is the third and final post in a series of posts for JavaScript developers about how to set up Clojure microservices. The previous posts were: Those previous posts are useful context, but you can clone the repo and jump into this post without reading them.

The larger your team grows and the faster your teams move, the harder it is for engineering leaders to find trust but verify moments, the moments where you should dig in and make sure your team's health is improving. Imagine a world where all your engineering tools are working together such that accurate and insightful trust but verify moments come to you. Imagine a world where you have the finest Sleuth in the world, working just for you.