2017 Q1 SecureCI™ Release
Security

I know what you’re thinking…what happened to the 2016 release? Well, 2016 was an interesting year, and unfortunately we weren’t able to get out a mid-year release, and our Q4 release got pushed to Q1 of this year. But, finally, an updated version of SecureCI™ is here! So, what can you expect from this release? Upgrades First and […]

Read more
Running Selenium Tests Through ZAP
Security

Many organizations we work with have some understanding of front-end testing using tools like Selenium. However, they struggle to prioritize, understand or properly implement security scanning in their Agile/DevOps Development process. One of the easiest ways to implement security testing with little to no additional effort is to use OWASP Zed Attack Proxy in conjunction […]

Read more
Sonatype’s New Nexus Lifecycle Helps Teams Migrate Open Source Libraries
Sonatype Lifecycle

For a variety of reasons, a lot of companies are moving to an Agile, DevOps Culture, Continuous Integration and Delivery/Deployment (CI/CD) model. These transformations rely on a variety of tools, including open source. A lot of organizations also use open source tools and libraries to develop their applications and in order to ensure security, these […]

Read more
Using Docker to Increase Confidence in Your Products and Deployments
Container

Hey DevOps Engineers, Docker is ready! I started getting into Docker just under a year ago. It obviously had promise, but I couldn’t find many people using it successfully.  Since then Docker has matured, and I’ve been recommending it to everyone doing CI/CD web-services. When the IT services industry first went to the dynamic virtual […]

Read more
Docker in a CI Pipeline

Docker Inside Your Pipeline Docker has many applications in a modern CI/CD pipeline that make it a natural fit. In particular I use it for build containers and integrations testing. With docker you open up several capabilities that are not normally available to you with CI. First off, you can change your build environment without […]

Read more
Hotfixes within DevOps Pipelines

I recently wrote several blog posts about setting up a DevOps pipeline, and it was working great for our code. However, recently, I ran into an issue. My perfectly written and tested code somehow introduced a bug into our production environment! Luckily, we caught this issue quickly, and it was a relatively easy fix. So, I fixed the code, […]

Read more
Creating ‘QA Friendly’ Machines in a Dynamic Environment

I’m currently working on a DevOps project, heavily centered around AWS GovCloud. It’s important to point out I’m working in GovCloud, as opposed to AWS, as this means several key tools are missing. My colleague, Alan Crouch, recently pointed out how NAT Gateways are missing from the offered infrastructure. Another tool we found missing was Route 53, […]

Read more
Essential Quantitative DevOps Metrics

Change is never easy. Change is even harder when you’re unsure whether your DevOps implementation is changing your team/application/organization for the better or worse. One of the biggest mistakes organizations make when adopting sweeping process or technology changes is a failing to identify measures to determine whether they are trending in a positive direction and when they […]

Read more
DevOps in a Regulated and Embedded Environment: Scalability and Resource Concerns

Welcome to the fourth and final post in my series, DevOps in a Regulated and Embedded Environment. In this part, we’ll look at the problems that pop up when the deploy/test environments aren’t virtualizable. I’m assuming that you’ve already read my earlier post on “Git Flow in a Regulated World”. If you haven’t, the short […]

Read more
X