Articles

The Sword in the Darkness, the Watcher on the Wall

,

What the Game of Thrones Night’s Watch Can Teach Us About DevOps Security

If you are reading this, you probably got sucked into watching Game of Thrones when it first aired on HBO in 2011. It is amazing how much has changed during the eight seasons of the series, but, as a developer and security guy, I find the Night’s Watch story the most interesting. The series debuts with the men in black – a.k.a the Night’s Watch – patrolling the wall. Soon, we learn that, contrary to popular belief, there really are supernatural threats lurking in the darkness that put all of Westeros at risk.

The Wall that the Night’s Watch guard is the only thing standing between the country of Westeros and the deadly White Walkers. However, rather than immediately getting all the resources they need to tackle this danger, the people of the Night’s Watch spend the next seven seasons convincing the rest of Westeros that these threats are real and that leaving the Wall woefully understaffed and poorly defended endangers everyone. Hmm…sounds familiar?

Source de l’article sur DZONE

/par

Struggling With Toolchain Sprawl? You’re not Alone

,

With more and more organizations focusing on DevOps, it’s not surprising to see the number of toolchains — and the complexity of those toolchains — multiply. Afterall, automated testing for function, security, and deliverability is at the core of improving a team’s DevOps.

But, at what point are more tools and toolchains creating more distracting work for your team than they save? Is the complexity of these automated tools actually leading to a better development lifecycle, product, or service? Of course, there’s no simple answer to what the right number of toolchains or tools is, given the complicated and diverse circumstances different teams of developers face.

Source de l’article sur DZONE

/par

DevOps and SRE, Chapter 1: When Innovation Becomes Mainstream

, ,

Abstract

Cloud-native applications are a type of complex system that depends on the continuous effort of software professionals that combines the best of their expertise to keep them running. In other words, their reliability isn’t self-sustaining, but is a result of the interactions of all the different actors engaged in their design, build, and operation.

Over the years the collection of those interactions has been evolving together with the systems they were designed to maintain, which have been also becoming increasingly sophisticated and complex. The IT service management model, once designed to maintain control and stability, is now fading and giving place to a model designed to improve velocity while maintaining stability. Although the combination of those things might seem contradictory at first, this series of articles tries to reveal the reasons why the collection of practices that today we know as DevOps and SRE (Site Reliability Engineering) are becoming the norm for modern systems.

Source de l’article sur DZONE

/par

AppSec in the Age of DevSecOps

,

Awhile back, I had a conversation with a friend that I went to school with (currently a senior member of the engineering team at a large retail chain) who was tasked with the job of identifying potential application security partners (he addressed vendors as partners, which I personally liked) that they could collaborate with on various areas as part of their product security initiative. The following piece emerged as an extension of my immediate thoughts when he shared his views of what could have made his experience of interacting with front line sales and marketing folks better.

In the context of DevSecOps, much has been said about the need for engineering to speak security, security to speak code, DevOps to speak security, etc. But, as a Technology Service Provider (TSP), riding the current wave of application security, its almost mandatory for the Sales and Marketing teams to speak relevant tech!

Source de l’article sur DZONE

/par

Jenkins CI/CD With Git Secrets

,
Connect all your Git secrets to the Jenkins pipeline.

It’s a common practice to encrypt the secrets/credentials we use in our code and then save it in some secure place. We have a number of options to achieve this, with tools like Vault, Git-crypt, and more. However, git-secret is one simple awesome tool that we can use to store our secrets in our Git repo. Git secret uses gpg for encryption and decryption of secrets. 

Here’s how git-secret works. Go to the folder in your repo in which you have files to encrypt. Then, run git init && git secret init. This would initialize your .gitsecret folder. Then you run git secret tell $email , and if you want other users to decrypt the secrets file you have to import their gpg public key and again run git secret tell $otheruseremailid . Now you can run git secret add $secretfilename and git secret hide,which creates $yoursecretfile.secret file, which is an encrypted secret file.

Source de l’article sur DZONE

/par

Enterprise Architecture – Building a Robust Business IT Landscape

,
Simple or ornate, the enterprise architecture forms the structure for IT.
“The goal of enterprise architecture is boundary-less information flow where all systems, IT and non-IT, interoperate.” – Allen Brown

Today, when technology has proven its necessity amongst almost all industry segments around the globe, digitalization seems to be having a great influence on enterprise architecture (EA). Businesses are expanding beyond enterprise limits and IT solutions are encompassing enterprise, clients, stakeholder, ecologies and more. At such times, it is tough to manage a traditional monolithic framework. Now is the time to have a process that offers enough space for planning and managing the entire digital wave.

You may also enjoy: Role of Enterprise Architecture in DevOps Adoption

With this concept in mind, around the 1960s began the start of enterprise architecture. Initiated by Professor Dewey Walker and taken forward by his student John Zachmann, enterprise architecture found its entry into the tech world. Somewhere in the 1980s, enterprises realized that they would need a perfect planning approach to match pace with the fast-growing technological web. That gave further impetus to enterprise architecture, to extend beyond mere IT, trying to encompass all important ingredients of the business. The focus area was large organizations who are already in the digitization mode and need to have a seamless integration of legacy apps and processes.

Source de l’article sur DZONE

/par

What is DevOps? The Beginner’s Guide

,

Originally published August 17, 2016

Turn to page one.

What is DevOps?

Communication, collaboration and integration are the three main principles of the ever-growing, modern approach to software delivery known as “DevOps.” Coined in 2009 by Patrick Debois, the term (development and operations) is an extension of Agile development environments that aims to enhance the process of software delivery as a whole.

Source de l’article sur DZONE

/par

 »Docker Swarm or Kubernetes? »: Is It the Right Question to Ask?

,

First, let’s go to Google trends and see the trend for both the terms "Kubernetes" and "Docker Swarm." What do we see? Clearly, we could see that Kubernetes is beating Docker Swarm. But, is that a valid proof to say Kuberneytes is winning? No way.

Of course, the search volume and trend for "Kubernetes" might be higher, but still, this alone doesn’t prove that Docker Swarm is dead.

Source de l’article sur DZONE

/par

DevSecOps Explained in 5 Minutes

,
The history, tools, and metrics of DevSecOps.

Where Did DevSecOps Come From?

Traditionally, software development involved two separate siloed departments: development and operations. The developers were responsible for writing the code and the operatives were responsible for implementing and managing it.

Back then, this software development process, which essentially followed the waterfall process, was simple and straightforward. Consumer demands were manageable, and if any changes or improvements were needed to be made, the operators could ping back to the developers to make the necessary amendments.

Source de l’article sur DZONE

/par

5 Tips for DevSecOps Education and Training

,
Thinking of a master DevSecOps plan…

Whether it was the millions of users left vulnerable by Fortnite, or hackers gaining access to Dunkin’ customer accounts, 2019 has already seen some of the worst data breaches to date. To combat these types of attacks and vulnerabilities, organizations must be more cognizant of their security, and embrace a DevSecOps approach. And to do so, it is imperative that they provide the proper education and training for every facet of the organization.

You may also enjoy:  10 DevSecOps Implementation Principles

But it is important to note when educating organizations about security that some practices and technologies should be encouraged, while others should be avoided. These teachings need to be tailored for different audiences as needed, and new ways of learning and fitting into a DevSecOps scope should be explored in great detail.

Source de l’article sur DZONE

/par