I know what you’re thinking…what happened to the 2016 release? Well, 2016 was an interesting year, and unfortunately we weren’t able to get out a mid-year release, and our Q4 release got pushed to Q1 of this year. But, finally, an updated version of SecureCI™ is here! So, what can you expect from this release? Upgrades First and […]
Many organizations we work with have some understanding of front-end testing using tools like Selenium. However, they struggle to prioritize, understand or properly implement security scanning in their Agile/DevOps Development process. One of the easiest ways to implement security testing with little to no additional effort is to use OWASP Zed Attack Proxy in conjunction […]
For a variety of reasons, a lot of companies are moving to an Agile, DevOps Culture, Continuous Integration and Delivery/Deployment (CI/CD) model. These transformations rely on a variety of tools, including open source. A lot of organizations also use open source tools and libraries to develop their applications and in order to ensure security, these […]
Hey DevOps Engineers, Docker is ready! I started getting into Docker just under a year ago. It obviously had promise, but I couldn’t find many people using it successfully. Since then Docker has matured, and I’ve been recommending it to everyone doing CI/CD web-services. When the IT services industry first went to the dynamic virtual […]
Docker Inside Your Pipeline Docker has many applications in a modern CI/CD pipeline that make it a natural fit. In particular I use it for build containers and integrations testing. With docker you open up several capabilities that are not normally available to you with CI. First off, you can change your build environment without […]
I recently wrote several blog posts about setting up a DevOps pipeline, and it was working great for our code. However, recently, I ran into an issue. My perfectly written and tested code somehow introduced a bug into our production environment! Luckily, we caught this issue quickly, and it was a relatively easy fix. So, I fixed the code, […]
I’m currently working on a DevOps project, heavily centered around AWS GovCloud. It’s important to point out I’m working in GovCloud, as opposed to AWS, as this means several key tools are missing. My colleague, Alan Crouch, recently pointed out how NAT Gateways are missing from the offered infrastructure. Another tool we found missing was Route 53, […]
Change is never easy. Change is even harder when you’re unsure whether your DevOps implementation is changing your team/application/organization for the better or worse. One of the biggest mistakes organizations make when adopting sweeping process or technology changes is a failing to identify measures to determine whether they are trending in a positive direction and when they […]
Welcome to the fourth and final post in my series, DevOps in a Regulated and Embedded Environment. In this part, we’ll look at the problems that pop up when the deploy/test environments aren’t virtualizable. I’m assuming that you’ve already read my earlier post on “Git Flow in a Regulated World”. If you haven’t, the short […]
Welcome to the third part in my series, DevOps in a Regulated and Embedded Environment. In this part, we’re going to look at doing deployments in a restricted environment. What exactly am I talking about? Remember that the target device was missing a whole lot of tooling but was ultimately rather complex. In particular, while […]
