So you’ve got a great DevOps pipeline that builds, tests and deploys your application. You might still be running manual security scans for vulnerabilities or you could be passively scanning with OWASP ZAP as your functional tests run. Here are some ways you can automate OWASP ZAP to actively scan your entire application for vulnerabilities. […]
Rugged DevOps, or DevSecOps, is a method for developing software that is gaining much traction in recent years. However, the security tools and practices may not merge well with automation. This produces bottlenecking or delays security processes until time-consuming manual tests at the end of a release cycle. Such delays in security testing greatly increase […]
When going to a new environment, it would be nice if someone had already thought out the networking and authentication needs. It would be nice if we had a sane DNS solution and a good LDAP server. Regrettably, Life in operations is not always that nice. We are frequently asked to quickly set up a […]
In my previous post, I covered the initial installation of Sonatype LifeCycle (aka IQ Server). In this post, I will show you how to integrate it into Eclipse IDE, but first a quick background on the benefits of this integration and the value it adds to your software development process. As I mentioned previously, IQ […]
Last month I talked about the need for Docker-aware configuration management (CM) tools to effectively build and test containers in a CI/CD pipeline. The goal is to not install any extra tooling inside of the docker container that gets published for production use; not sshd, nor any CM tooling. This technical post documents the major […]
This is part 2 of my blog series about Nexus Lifecycle. If you missed my first part you can find by clicking this link. Here I will talk about how to properly roll out Nexus Lifecycle in an Enterprise Environment based on a past experience. The first thing you need to do is to make […]
When I attended STARWEST in Anaheim in October 2016, I had the opportunity to sit down for an interview with Jennifer Bonine, VP, Global Delivery and Solutions at tap|QA LLC. In the interview, Jennifer and I discussed how to integrate test automation with DevOps to create a continuous testing environment. Jennifer Bonine: Hello, and welcome […]
When I attended STARWEST in Anaheim in October 2016, I had the opportunity to sit down for an interview with Jennifer Bonine, VP, Global Delivery and Solutions at tap|QA LLC. In the interview, Jennifer and I discussed how and why companies should be testing with continuous delivery. Jennifer Bonine: Hi, and welcome back to the […]
Last month, I discussed using Docker containers because they increase confidence in our deployed infrastructure. Now that we’ve decided to use this new tool, we need to learn how to use it well. After spending some more time with containers, I’d like to dive deeper into their benefits and the process of building (and rebuilding […]
It has become standard practice for modern software development organizations to integrate open source components into their products, as it enables them to leverage existing solutions and technologies, thereby avoiding the need to reinvent the wheel. In fact, open source repositories like Maven Central are reporting record increases in downloads annually (30 Billion in 2015, […]
