InfoQ Homepage DevOps Content on InfoQ
-
Unskilled Cybercriminals May Be Leveraging ChatGPT to Create Malware
In a recent report, Israeli cybersecurity company Check Point warned that cybercriminals are already using ChatGPT to develop malicious programs on the Dark Web. According to Check Point, ChatGPT makes it possible for even unskilled threat actors to create functioning malware.
-
Docker Desktop 4.16 Brings Docker Extensions to General Availability
Docker Inc has released their first update of 2023 for the Docker Desktop product - version 4.16. The most significant improvement in this release is to bring Docker Extensions to general availability, and the release also offers a number of performance improvements.
-
Elastic 8.6 Released with Improvements to Observability, Security, and Search
Elastic has released Elastic 8.6 with improvements across the entire Elastic Search Platform including Elastic Enterprise Search, Elastic Observability, Elastic Security, and Kibana. The release includes additional connector clients, better observability of dependencies, improvements to alerts generated from prebuilt security rules, and temporary data views.
-
Google Kubernetes Engine Adds Multishares for Filestore Enterprise
Google Cloud has moved Filestore Enterprise Multishares for Google Kubernetes Engine (GKE) into general availability. With Filestore Enterprise Multishares, multiple persistent volumes can be packed onto a Filestore Enterprise instance to improve storage utilization and reduce costs.
-
Traefik Hub Enables Simple and Secure Container Publishing
Traefik Labs have announced the general availability of Traefik Hub, a tool designed to allow admins to quickly and securely publish Kubernetes and Docker containers.
-
SBOM Quality and Availability Varies Greatly across Projects
A recent assessment of the quality and availability of SBOMs in open-source repositories found the availability and implementation to vary widely. The OpenSSF's Open Source Software Security Mobilization Plan has a dedicated stream to improving the availability, generation, and consumption of SBOMs.
-
HashiCorp Terraform Plugin Framework Now Generally Available
HashiCorp has released the 1.0 version of the Terraform Plugin Framework. This framework improves upon and replaces the current Terraform Plugin SDKv2. It includes support for validators, path expressions, nested attributes, resource private state management, and custom types. Providers written in the new framework are executable binaries written in Go.
-
Java News Roundup: Ideal Graph Visualizer Open-Sourced, TomEE MicroProfile 5.0 Certification
This week's Java roundup for January 2nd, 2023, features news from JDK 20, JDK 21, Ideal Graph Visualizer open-sourced, Spring Tools 4.17.1, Open Liberty 23.0.0.1, Quarkus 2.15.2, Quarkus OpenAPI Generator 2.0, Apache Tomcat CVE, Apache TomEE certification, Apache James 3.7.3, Apache Camel 3.20.1, MyFaces Core 4.0-RC3, Ktor 2.2.2, JHipster Lite 0.25, JobRunr 5.3.3, SourceBuddy 2.1, CircleCI CVE.
-
Report Finds Heavy Use of Open-Source Solutions for Kubernetes Security
A recent survey by Armo on the use of security software solutions with Kubernetes found that over half of respondents leverage open-source tooling. Companies using open-source tooling use on average 3.6 different tools. These open-source tools were predominately used for service mesh, network policy and micro-segmentation, and misconfiguration scanning.
-
PyTorch-Nightly Struck by Supply Chain Attack Exfiltrating Data and Files
Developers who installed the nightly builds of PyTorch between December 25 and December 30, 2022, are recommended to uninstall it and purge their pip cache to get rid of a malicious package, say PyTorch maintainers. The new attack highlights a recent trend.
-
Amazon ECS Adds Automated Rollbacks
Amazon has released native support for automated rollbacks within their Amazon ECS service. This feature leverages Amazon CloudWatch metric alarms to monitor and, if necessary, reverts the in-progress deployment. This feature supports using any system metrics that CloudWatch Container Insights collects for Amazon ECS as well as custom metrics.
-
Zero Trust Access to Corporate Applications with AWS Verified Access
At re:Invent 2022, AWS released a new enterprise application connectivity service, Verified Access. The service provides Zero Trust access to enterprise web applications by employing endpoints and policies to authenticate and authorize user requests against identity providers or device management systems. Verified Access is currently in public preview in 10 AWS regions.
-
Google Cloud Introduces Sensitive Actions to Improve Security for Premium Accounts
Google Cloud announced the preview of Sensitive Actions Service, a premium security feature to identify potentially risky behaviors on the cloud. The service detects when actions are taken in a GCP organization that could be damaging if taken by a malicious actor.
-
Java News Roundup: Jakarta Data Initial Release, Micronaut 3.8, JReleaser 1.4, Gradle 8.0-RC1
It was very quiet for the week of December 26th, 2022, but InfoQ found a few news items of interest that include: Jakarta NoSQL 1.0.0-b5, Jakarta Data 1.0.0-b1, Micronaut 3.8.0, Apache Groovy 4.0.7, Gradle 8.0.0-RC1, and JReleaser 1.4.0.
-
Using Code Instrumentation for Fault Injection at the Application Level at eBay
eBay engineers have been using fault injections techniques to improve the reliability of the notification platform and explore its weaknesses. While fault injection is a common industry practice, eBay attempted a novel approach leveraging instrumentation to bring fault injection within the application level.