Codefresh has a very clear mission to enable enterprise teams to confidently deliver software at scale. We are incredibly grateful to our customers who are succeeding with deployments to the cloud, on-prem, and at the edge. Codefresh is powering critical software delivery for some of the world’s most popular gaming and media companies as well as regulated environments in hospitals, at banks, and for defense. So this post is dedicated to all of you who have enabled Codefresh to grow!

GitOps has become a buzzword. Developers love it, because it folds DevOps into Git, a frequently used and familiar tool. Using one tool to manage multiple DevOps activities sounds fantastic, and it can be helpful for many. The truth is GitOps has limits. In this article, we explore DevOps and GitOps, compare their similarities and differences, and examine how their principles can work together to support your software development goals.

This article discusses the background, impact, identification, and mitigation of Log4Shell, one of the worst vulnerabilities to arise in the past decade. Here at Cloudsmith, security and privacy are paramount. As a hosted package management service helping customers distribute millions of packages worldwide, we're part of the story for securing software supply chains. Read on further to see how the vulnerability works and what you can protect yourself and your users.

When your development team is under pressure to keep releasing new functionality in order to stay ahead of the competition, the time spent on quality assurance (QA) activities can feel like one overhead that you could do without. After all, with automated CI/CD pipelines enabling multiple deployments per day, you can get a fix out pretty quickly if something does go wrong – so why invest the time in testing before release? The reality is that scrimping on software testing is a false economy.

Marshmallow is a Python library that converts complex data types to and from Python data types. It is a powerful tool for both validating and converting data. In this tutorial, I will be using Marshmallow to validate a simple bookmarks API where users can save their favorite URLs along with a short description of each site.

If you are already a GitHub user, you may know that GitHub Actions provides you with powerful tools to increase efficiencies in your software delivery life cycle. Actions can be impactful for team collaborations and process simplification. For example, you can automate things like building a container, welcoming new users to your open source projects, managing branches, or triaging issues.

In our big guide for GitOps problems, we briefly explained (see points 3 and 4) how the current crop of GitOps tools don’t really cover the case of promotion between different environments or how even to model multi-cluster setups. The question of “How do I promote a release to the next environment?” is becoming increasingly popular among organizations that want to adopt GitOps.

Automating the deployment of a new web application and the release of feature updates goes a long way towards improving the productivity and efficiency of your development team. Another benefit of automation is that it minimizes or even eliminates repeated manual deployments. Manual deployments introduce the risk of human error during this critical part of the development process.

If you have been following the Codefresh blog for a while, you might have noticed a common pattern in all the articles that talk about Kubernetes deployments. Almost all of them start with a Kubernetes cluster that is already there, and then the article explains how to deploy an application on top. The reason for this simplification comes mainly from brevity and simplicity. We want to focus on the deployment part of the application and not its infrastructure just to make the article easier to follow.

Another amazing year in the books! And even though we’ve done the ‘By the Numbers’ series for a few years now, this year’s numbers are the best (and biggest) yet. But even better than that? The people behind the numbers. Carrying on the growth we saw in 2020, the most important number to highlight this year is the massive increase in awesome Cloudsmithers we added to the team!

It is no secret that software development is becoming an increasingly complex process. The individual elements of software like apps, libraries, and services are interconnected and dependent on many other elements. Development teams deal with a whole ecosystem of services that they develop, maintain, or depend on, which in turn are dependent on other software ecosystems, maintained by separate teams. Maintaining this ecosystem is as complex as you might imagine.

When planning our 2021 roadmap this time last year, one of the most prominent themes was security. Although we’re not solely in the security category, as a fully managed service in the heart of our customers’ software supply chains, it was always paramount for what we do and still is. Ensuring the integrity and privacy of customer data is our top priority.

Anyone who builds a lot of Argo workflows knows that after a while you end up reusing the same basic steps over and over again. While Argo Workflows has a great mechanism to prevent duplicate work, with templates, these templates have mostly stayed in people’s private repositories and haven’t been shared with the broader community.

Elastic Observability 7.16 introduces curated data exploration views for ad hoc analysis and further extends visibility into complex and distributed systems with the general availability (GA) of dozens of prebuilt Elastic Agent data integrations, observability tooling for continuous integration and continuous delivery (CI/CD) pipelines, and a new native data source integration with Amazon Web Services (AWS) FireLens. These new features allow customers to.

Several companies nowadays offer a cloud-native solution that manages Kubernetes applications and services. While these solutions seem easy at first glance, in reality, they still require manual maintenance. As an example, an important decision for any Kubernetes cluster is the number of nodes and the autoscaling rules you define.

Gatsby is a static website and application generator that makes building powerful React-based frontend applications easy and effective. With over fifty thousand stars on GitHub (51.5k as at the time of this writing), Gatsby stands as one of the most widely used React frameworks. Gatsby is so popular that most hosting platforms offer custom support for the framework. Netlify is one of those platforms.

Software is one of the most complex tools invented for practical use. One misplaced character can break an entire application. So, careful testing is an essential requirement before publishing any code. In this article, you will learn about two fundamental types of software testing, unit testing and integration testing, and how your team can implement them in your CI/CD pipelines to validate your code quickly and deliver new features to your users with confidence.

A key goal for any DevOps team is to shorten the software development cycle and provide continuous delivery of high-quality software. Instead of continuing to the next logical goal, continuous deployment, most companies stop here. Developed code reaches the testing phase automatically, then, successful testing triggers a manual acceptance step. Only then is the application deployed into production.

Have you always wanted to have different settings between production and staging but never knew how? You can do this with Kustomize! Kustomize is a CLI configuration manager for Kubernetes objects that leverage layering to preserve the base settings of the application. This is done by overlaying the declarative YAML artifacts to override default settings without actually making any changes to the original manifest.