If you deploy container-based services in Kubernetes, chances are you’re also using infrastructure-as-code to help automate the provisioning and maintenance of the cloud environments where your applications will run. Up until recently, Terraform was “the name” in infrastructure-as-code. However, HashiCorp’s decision in the second half of 2023 to change Terraform from an open source license …
What it means to be “enterprise grade” has changed. In software development, the size of new artifacts and the pace of development has increased dramatically. Developers are now releasing new components daily, if not multiple times a day. With containerization, and now AI/ML models, new pieces of software can be multiple GBs or larger. In …
In celebration of International Women’s Day, I had the pleasure of speaking with two incredible female leaders in the software industry on our live panel session, “Women in DevOps: Moments of Leadership and Tech Evolution.” During the conversation with Jyostna Seelam, Senior Manager at Capital One, and Tracy Ragan, CEO of DeployHub, we discussed the …
It’s a scenario many developers know all too well: a configuration works flawlessly for one team member but doesn’t work for you. Starting a new job brings with it the excitement of fresh challenges and opportunities. However, it also entails the often painful task of setting up your development environment—a process that can be both …
Note: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright’s blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company’s software applications. They have many common …
Update April 1st – Updated “What is the malicious payload of CVE-2024-3094?” due to newly released OSS tools Update April 7th – Updated “What is the malicious payload of CVE-2024-3094?” due to more published payload research On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within …
In today’s fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. With that in mind, it’s important to assess whether your organization is set up to handle the continuous expansion of the open-source ecosystem and an ever-growing array of tools to incorporate into your …
Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a …
Trust is vital to success in our industry. Whether you’re creating and managing software for use internally, by other businesses, or direct-to-consumer, you need to be able to create trust with your end users. This can be accomplished, in part, by showing evidence of security measures, bringing the right people and tactics to the table, …
In today’s digitally-driven world, organizations rely heavily on software applications to streamline services, provide operations, engage customers, and drive innovation through digital transformation. Software has also become the lynchpin for securing an entire business’ services and keeping them up and running. Yet, this omnipresent force comes with its own set of challenges. The importance of …
