As digital transformation accelerates and more organizations use software solutions to facilitate work operations, security threats have become more commonplace. Cybercriminals tirelessly develop ways to exploit software application vulnerabilities to target organizational networks. A notable example is the 2017 Equifax data breach, which exposed the personal details of 145 million Americans.

Modern software systems are complex, with services distributed across data centers, in many zones, all around the world. Gone are the days when we managed individual servers dedicated to our organization, comfortable with the knowledge of the unique quirks of our setup. Now we rely on others to manage massive data centers where we borrow small slices of virtual space on shared hardware, traveling over shared networks, all in a system we call the cloud.

Here on the CircleCI Insights team we don’t just develop stuff for CircleCI users, we are CircleCI users. Really, there’s no better way to get to know your product than to use it, and the Insights team is no exception. A few months ago, we realized that our pipeline configuration for the Insights UI left much to be desired.

Introducing OpenID Connect identity tokens in CircleCI jobs! This token enables your CircleCI jobs to authenticate with cloud providers that support OpenID Connect like AWS, Google Cloud Platform, and Vault. In this blog post, we’ll introduce you to OpenID Connect, explain its usefulness in a CI/CD system, and show how it can be used to authenticate with AWS, letting your CircleCI job securely interact with your AWS account, without any static credentials.

Go, an open-source programming language backed by Google, makes it easy to build simple, reliable, and efficient software. Go’s efficiency with network servers and its friendly syntax make it a useful alternative to Node.js. All network applications need well-tested features, and those developed in Go are no different. In this tutorial, we will be building and testing a simple Go blog.

End-to-end testing, also known as E2E testing, is a methodology used for ensuring that applications behave as expected and that the flow of data is maintained for all kinds of user tasks and processes. This type of testing approach starts from the end user’s perspective and simulates a real-world scenario. For example, on a sign-up form, you can expect a user to perform one or more of these actions: You can use end-to-end testing to verify that all these actions work as a user might expect.

Automation goes beyond just building solutions to replace complex or time-consuming manual processes. As the popular saying goes, “anything that can be automated should be automated.” For example, deploying updates to applications can and should be automated. In this tutorial, I will show you how to set up hands-free deployment of a FeathersJS app to Heroku.

For the latest full-stack applications to work, a backend service is required. That is especially true when the frontend service depends on the backend service to render data. In many cases, it can be difficult to replicate the setup of the backend services so that you can test the application. This tutorial will show you how to mock HTTP requests from an API so that you can test endpoints without actually calling them in your tests.

In this k6 series I have covered HTTP request testing with k6 and performance testing with k6. I designed these tutorials to introduce you to k6 and to show you how to use k6 for performance testing of microservices. As the third tutorial in the k6 series, this will cover how you can store your k6 test results locally and also how to schedule your load tests using CircleCI’s scheduled pipelines feature.

At Lightspeed, we maintain multiple large iOS projects as well as their modularized dependencies. The last year of acquisitions brought together many different approaches to CI/CD at our company. I recently led the initiative to bring these projects and practices into alignment. In this post, I will explain the goals we had for our continuous integration pipeline and the implementations we used to achieve them.