As Kubernetes becomes the key target environment across many organizations, it automatically becomes an essential topic for developers. However, Kubernetes was created for operations and, unless you spend a considerable amount of time learning and specializing yourself, it is still challenging to use. Developers should rather focus on delivering applications instead, and a developer or application-focused platform is needed to enable that.

Code signing is an important part of testing and distributing your desktop and mobile applications. It ensures that the end user’s system can verify the legitimacy of your application. Because of the need for security around signed certificates, they are stored locally and not uploaded to the cloud. This constraint could prevent your team from fully automating your CI/CD pipeline.

The MSIX orb is the first “Windows-only” orb from CircleCI. When Microsoft approached us with the opportunity to build an orb that would help Windows developers build on our platform, we were enthusiastic. Most of our orbs, and general workload, revolve around Linux and utilize Bash. However, we recognized the deep need to provide good CI/CD solutions for building applications on Windows, and with use of PowerShell growing steadily within Linux, it was time to take the plunge.

NestJS is fast becoming the de facto framework for NodeJS projects. Unlike older frameworks, NestJS was built with TypeScript, which has become commonplace in the JavaScript community. Frameworks like NestJS seem to be preferred by teams that adopt TypeScript. NestJS supports building APIs in REST and GraphQL. The goal of this tutorial is to show how you can add unit and integration tests to a NestJS GraphQL project and automate the testing process with CircleCI.

As developers, we’re passionate about creating and delivering high-quality software to our end-users and customers. Simply knowing that our software was shipped, deployed, and is being used is a great achievement. And it looks like we did a good job. Everything around us in our lives depends on high-quality software. Software needs to run for us to get water, energy, electricity, transportation, food, etc. Developers have a huge responsibility to keep this software updated and running efficiently.

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to report vulnerable and malicious packages to repository maintainers. Earlier this year we disclosed several malicious packages targeting developers’ private data that were downloaded approximately 30K times. Today, we will share details about 11 new malware packages that we’ve recently discovered and disclosed to the PyPI maintainers (who promptly removed them).

JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in one of the utilities shipped with Tensorflow, a popular Machine Learning platform that’s widely used in the industry. The issue has been assigned to CVE-2021-41228. This disclosure is hot on the heels of our previous, similar disclosure in Yamale which you can read about in our previous blog post.