Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on Continuous Integration and Development, and related technologies.

Real World Strategies for Securing the Software Supply Chain - Cloudsmith's Unpacked Conference 2023

While "secure software supply chain" can feel like a buzzword, the past 18 months have shown companies, open-source communities, and vendors making significant progress toward making it a reality. In this panel discussion, real-world practitioners will share their insights and experiences in securing the software supply chain. The panelists will cover a range of topics, from best practices in vulnerability management, risk assessment of open-source dependencies, and generating authenticated provenance, to the challenges of integrating security into the DevOps workflow. They will provide actionable strategies for improving security while maintaining development speed, and share real-world examples of how their organizations have successfully secured their software supply chains.

Introduction to SBOMs - What is it and do I need one? - Cloudsmith's Unpacked Conference 2023

Software Bill of Materials (SBOM) are new and exciting, but what do they actually do and do you REALLY need one? If you read any security news lately, it seems like everyone is talking about how an SBOM can solve whatever problem they have, and they are years into their SBOM journey. But many of us don’t even know what they are.

Reduce cycle time with effective pull requests

A pull request (PR) is (quite literally) a request to pull a change into a project’s code or documentation. It is a popular change management process supported by many VCS providers including GitHub, GitLab, Bitbucket, Codeberg, and others. Typically these come with features to track open pull requests, tools to assist in reviewing the changes, the ability to approve—or reject—PRs, and finally to merge approved PRs.

How Jackpocket scaled to 220% more software deploys a week

How Jackpocket scaled to 220% more software deploys a week. Check out how Sleuth helps lottery app Jackpocket scale, adopt a DevOps culture, and improve rollbacks by 220 percent. Key moments: Give Sleuth a try and see how we empower software teams to build faster by making engineering efficiency easy to improve and measurable — in a way that both managers and developers love.

The case for engineering automation

When you survey developers on how to improve engineering practices and their daily job experience, their answers invariably include getting rid of little annoying things - what's called toil. Toil is manual and repetitive tasks that waste your time. Toil is arguably worse than crisis, because a crisis is temporary and firefighting can feel rewarding when it's over. Toil is more like a death march - an insidious force that eventually leads to burnout.

Demo of Jira Software's CI/CD integration | Atlassian

Integrating your CI/CD tools with Jira Software is one of the easiest things you can do to get more value out of Jira Software for free, whether you’re using Bitbucket Pipelines, GitHub, GitLab, Jenkins, CircleCI, Octopus Deploy or others. Did you know that integrating your CI/CD tools with Jira Software unlocks several highly valuable and free native Jira Software features? During this office hours, we demo and talk through.

Pipelines Full of Context: A GitLab CI/CD Journey

Do you know what version of your software is running in production? How often is that software deployed, and was it deployed right before last week’s p0 incident? What sort of dependencies are being deployed along with that software, and are any of them potential security risks? These are all common observability questions that may be difficult to answer.

A guide to dynamic application security testing (DAST)

Dynamic application security testing (DAST) is a critical security measure for modern software delivery pipelines. It involves evaluating the security of web applications by actively testing them in real-time, simulating real-world attacks to identify vulnerabilities. As the cybersecurity threat landscape has evolved, DAST has emerged as a key tool for enforcing application security in continuous integration and continuous delivery (CI/CD) pipelines.