2017 Q1 SecureCI™ Release
Security

I know what you’re thinking…what happened to the 2016 release? Well, 2016 was an interesting year, and unfortunately we weren’t able to get out a mid-year release, and our Q4 release got pushed to Q1 of this year. But, finally, an updated version of SecureCI™ is here! So, what can you expect from this release? Upgrades First and […]

Read more
Sonatype’s New Nexus Lifecycle Helps Teams Migrate Open Source Libraries
Sonatype Lifecycle

For a variety of reasons, a lot of companies are moving to an Agile, DevOps Culture, Continuous Integration and Delivery/Deployment (CI/CD) model. These transformations rely on a variety of tools, including open source. A lot of organizations also use open source tools and libraries to develop their applications and in order to ensure security, these […]

Read more
Security Scanning in non-Standard Applications with Burp Macros: Setup
Security

DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional, as Macros and scanning are not available without a license. Identifying the Target Many web applications are unique and apply complexity which defeats basic security scanning. This can come in the […]

Read more
Creating ‘QA Friendly’ Machines in a Dynamic Environment

I’m currently working on a DevOps project, heavily centered around AWS GovCloud. It’s important to point out I’m working in GovCloud, as opposed to AWS, as this means several key tools are missing. My colleague, Alan Crouch, recently pointed out how NAT Gateways are missing from the offered infrastructure. Another tool we found missing was Route 53, […]

Read more
DevOps in a Regulated and Embedded Environment: Git Flow in a Regulated World

Welcome to the second post in my series, “DevOps in a Regulated and Embedded Environment”. In this part, we’ll take a look at how a normal git workflow needs to adapt in a regulatory environment, and how tooling can support the necessary changes. Namely, regulation may stop the development team from releasing a planned feature, […]

Read more
Running Selenium Tests with Maven

One of the most important things in software testing is integrating tests with the build tool that your project uses. Developers need to be able to run your tests easily, otherwise, they’re probably not going to run them. Another reason for integrating tests is that it encourages clearly defining your project’s build process. In the case […]

Read more
Setting up OpenLDAP

I recently needed to setup OpenLDAP for a client. We setup an entire pipeline, similar to SecureCI and wanted to tie all of the tools into one login system. The installation was pretty straitforward, but we wanted to ensure our tooling stack was secured, so we moved a bit beyond the basics. This is all […]

Read more
Configuring Gitblit post-commit hooks over SSL

I have now twice spent multiple days trying to get a Gitblit server to communicate with a Jenkins server over SSH. This was done as part of ongoing work to update the Coveros SecureCI product with the goal of properly configuring both tools and a self-signed certificate to enable Gitblit’s post-commit jenkins hook to trigger builds. Given that […]

Read more
Completing your CD Pipeline for your PHP Project
Pipeline

On my last two posts I went through setting up CI for your PHP project. As promised, this post will walk through the CD pipeline that I setup for the project. The Continuous Integration jobs were a good start, but I wanted to throw in additional testing, on architecture that better mimics production. I created two additional […]

Read more
X