InfoQ Homepage DevOps Content on InfoQ
-
GitHub Enhances CodeQL, Extends Language Support, Available Queries, and More
After adding support for Ruby at GitHub Universe 2022, CodeQL introduced Kotlin support in beta. Additionally, support for other languages has been extended to include more recent versions. GitHub has also extended available queries to fully cover several industry-wide vulnerability directories, and improved the CodeQL ecosystem.
-
HashiCorp Boundary Adds Multi-Hop Sessions and Credential Templating
HashiCorp has released version 0.12 of Boundary, their open-source identity-based access management service for infrastructure. This release introduces support for multi-hop sessions removing the need to expose Boundary workers running on private networks. Additional improvements include support for credential injection via Vault, assigning network addresses on targets, and credential templating.
-
Sonatype BOM Doctor Evaluates and Helps Patch Java Software Bills of Materials
BOM Doctor is a free, GitHub-hosted tool created by Sonatype to scan software bills of materials (SBOMs) and identify vulnerabilities and legal issues.
-
Sustainability for Development and Operations with DevSusOps
For a sustainability transformation, a business has to figure out how to measure its carbon footprint, come up with a plan to change the way it powers everything, and change the products they’re making, and even the markets that they operate in. Adrian Cockcroft spoke about sustainability in development and operations at QCon San Francisco 2022.
-
Microsoft Joins the FinOps Foundation as a Premier Member
Microsoft has officially joined the FinOps Foundation, a non-profit organization that promotes financial management in cloud technology.
-
New CloudWatch Metrics for AWS Lambda Asynchronous Invocations
AWS recently added three new Amazon CloudWatch metrics for AWS Lambda: AsyncEventsReceived, AsyncEventAge, and AsyncEventsDropped, to monitor the performance of asynchronous event processing.
-
GitLab Improves Merge Requests, GitOps Functionality and More
GitLab has released further point versions of their DevOps software package. Versions 15.3 through 15.9 been released on a monthly cadence. GitLab's first machine-learning powered feature improves merge request approvals, with other significant improvements and fixes ranging from GitOps enhancements, through improvements to IdP, to new functionality for DAST.
-
Platform Engineering Challenges: Small Teams, Build Versus Buy, and Building the Wrong Thing
The team at Syntasso wrote a series of blog posts outlining twelve challenges that platform teams face. These challenges include having a small platform team support a large organization, failing to understand the needs of the platform users, and struggling with the build-vs-buy argument.
-
Google Adds New Pricing Model to Its Security Command Center
Google recently announced several new updates to its Security Command Center (SCC) with a pay-as-you-go pricing model and two capabilities: deployments at the project level and self-service activation.
-
InfluxData Releases Its New Database Engine in InfluxDB Cloud
InfluxData releases into general availability the new version of its database engine called Influx IOx. It is now available to be used in InfluxDB Cloud.
-
Software Supply Chain Framework OSC&R Created to Help Mitigate Security Threats
In collaboration with companies including Google, Microsoft, and GitLab, OX Security has released a security framework for assessing and evaluating software supply chain security risks. The Open Software Supply Chain Attack Reference (OSC&R) is a MITRE-like framework covering containers, open-source software, secrets hygiene, and CI/CD posture.
-
Java News Roundup: JDK 20 RC1, Open Liberty, Micronaut, Helidon, Hibernate, Groovy, Grails
This week's Java roundup for February 6th, 2023, features news from OpenJDK, JDK 20, JDK 21, Open Liberty 23.0.0.1 and 23.0.0.2-beta, Helidon 3.1.1, Quarkus 2.16.2 and 3.0.0.Alpha4, Micronaut 3.8.4, Hibernate ORM 6.2, 6.1.7 and 5.6.15, Grails 5.3.0, Apache Groovy 4.0.9 and 3.0.15, Apache Camel 3.20.2, Eclipse Vert.x 4.3.8, Gradle 8.0.0-RC5, Jarviz 0.2.0, Kotlin K2 compiler and Jfokus conference.
-
Containerd Adds Support for a New Container Type: Wasm Containers
The runwasi project, written in Rust, became an official contained project, which enables containerd to support a new container type: Wasm (or WebAssembly) containers.
-
CloudNativeSecurityCon 2023: Identifying Suspicious Behaviors with eBPF
At CloudNativeSecrityCon 2023 in Seattle, WA, Jeremy Cowan and Wasiq Muhammad, both engineers at AWS, presented on identifying suspicious behaviors with eBPP, its use cases, and how AWS is using it for threat detection and protection.
-
Malicious PyPI Package Removes netstat, Tampers with SSH Config
A recent report by Sonatype security researcher Ax Sharma highlights newly discovered malicious packages on the PyPI registry, including aptx, which can install the Meterpreter trojan disguised as pip, delete the netstat system utility, and tamper with SSH authorized_keys file.