Five Easy Steps to Keep on Your Organization’s DevOps Security Checklist

The discovery of a significant container-based (runc) exploit sent shudders across the Internet. Exploitation of CVE-2019-5736 can be achieved with “minimal user interaction”; it subsequently allows attackers to gain root-level code executi… Continue reading Five Easy Steps to Keep on Your Organization’s DevOps Security Checklist

GitHub launches Actions, its workflow automation tool

For the longest time, GitHub was all about storing source code and sharing it either with the rest of the world or your colleagues. Today, the company, which is in the process of being acquired by Microsoft, is taking a step in a different but related direction by launching GitHub Actions. Actions allow developers to […] Continue reading GitHub launches Actions, its workflow automation tool

Armory lands $10M Series A to bring continuous delivery to enterprise masses

Armory, a startup that has built a CI/CD platform on top the open source Spinnaker project, announced a $10 million Series A today led by Crosslink Capital. Other investors included Bain Capital Ventures, Javelin Venture Partners, YCombinator and Robin Vasan. Software development certainly has changed over the last several years, going from long cycles between […] Continue reading Armory lands $10M Series A to bring continuous delivery to enterprise masses

GitHub and Google reaffirm partnership with Cloud Build CI/CD tool integration

When Microsoft acquired GitHub for $7.5 billion smackeroos in June, it sent some shock waves through the developer community as it is a key code repository. Google certainly took notice, but the two companies continue to work closely together. Today at Google Next, they announced an expansion of their partnership around Google’s new CI/CD tool, […] Continue reading GitHub and Google reaffirm partnership with Cloud Build CI/CD tool integration

OpenStack spins out its Zuul open source CI/CD platform

There are few open source projects as complex as OpenStack, which essentially provides large companies with all the tools to run the equivalent of the core AWS services in their own data centers. To build OpenStack’s various systems the team also had to develop some of its own devops tools, and in 2012, that meant […] Continue reading OpenStack spins out its Zuul open source CI/CD platform

Information security in the DevOps age: Aligning conflicting imperatives

DevOps is quickly becoming the default development methodology for government agencies. Forty-two percent of states are now adopting DevOps and another 37 percent of states have DevOps pilots underway, according to the latest survey of state CIOs from the National Association of State Chief Information Officers. The benefits of DevOps are undeniable, but the current model may be creating security blind spots in applications that could have ramifications for the entire enterprise. A new CyberScoop tech brief, sponsored by Tenable, explores how organizations can narrow the collaboration gaps between developers and information security professionals that can lead to costly enterprise security vulnerabilities. It also explains how a new generation of automated tests can quickly identify coding vulnerabilities in ways that jointly support the needs of DevOps and information security teams. The report delves into the increasing importance of software containers for DevOps team. Containers speed application development and deployment by providing […]

The post Information security in the DevOps age: Aligning conflicting imperatives appeared first on Cyberscoop.

Continue reading Information security in the DevOps age: Aligning conflicting imperatives

Security Strategies for DevOps, APIs, Containers and Microservices

More and more IT professionals see DevSecOps, a practice which integrates security measures earlier in the development process to improve production code quality, as a mainstay for future application development. Much of this stems from the growing tre… Continue reading Security Strategies for DevOps, APIs, Containers and Microservices