InfoQ Homepage DevOps Content on InfoQ
-
SBOM Quality and Availability Varies Greatly across Projects
A recent assessment of the quality and availability of SBOMs in open-source repositories found the availability and implementation to vary widely. The OpenSSF's Open Source Software Security Mobilization Plan has a dedicated stream to improving the availability, generation, and consumption of SBOMs.
-
HashiCorp Terraform Plugin Framework Now Generally Available
HashiCorp has released the 1.0 version of the Terraform Plugin Framework. This framework improves upon and replaces the current Terraform Plugin SDKv2. It includes support for validators, path expressions, nested attributes, resource private state management, and custom types. Providers written in the new framework are executable binaries written in Go.
-
Java News Roundup: Ideal Graph Visualizer Open-Sourced, TomEE MicroProfile 5.0 Certification
This week's Java roundup for January 2nd, 2023, features news from JDK 20, JDK 21, Ideal Graph Visualizer open-sourced, Spring Tools 4.17.1, Open Liberty 23.0.0.1, Quarkus 2.15.2, Quarkus OpenAPI Generator 2.0, Apache Tomcat CVE, Apache TomEE certification, Apache James 3.7.3, Apache Camel 3.20.1, MyFaces Core 4.0-RC3, Ktor 2.2.2, JHipster Lite 0.25, JobRunr 5.3.3, SourceBuddy 2.1, CircleCI CVE.
-
Report Finds Heavy Use of Open-Source Solutions for Kubernetes Security
A recent survey by Armo on the use of security software solutions with Kubernetes found that over half of respondents leverage open-source tooling. Companies using open-source tooling use on average 3.6 different tools. These open-source tools were predominately used for service mesh, network policy and micro-segmentation, and misconfiguration scanning.
-
PyTorch-Nightly Struck by Supply Chain Attack Exfiltrating Data and Files
Developers who installed the nightly builds of PyTorch between December 25 and December 30, 2022, are recommended to uninstall it and purge their pip cache to get rid of a malicious package, say PyTorch maintainers. The new attack highlights a recent trend.
-
Amazon ECS Adds Automated Rollbacks
Amazon has released native support for automated rollbacks within their Amazon ECS service. This feature leverages Amazon CloudWatch metric alarms to monitor and, if necessary, reverts the in-progress deployment. This feature supports using any system metrics that CloudWatch Container Insights collects for Amazon ECS as well as custom metrics.
-
Zero Trust Access to Corporate Applications with AWS Verified Access
At re:Invent 2022, AWS released a new enterprise application connectivity service, Verified Access. The service provides Zero Trust access to enterprise web applications by employing endpoints and policies to authenticate and authorize user requests against identity providers or device management systems. Verified Access is currently in public preview in 10 AWS regions.
-
Google Cloud Introduces Sensitive Actions to Improve Security for Premium Accounts
Google Cloud announced the preview of Sensitive Actions Service, a premium security feature to identify potentially risky behaviors on the cloud. The service detects when actions are taken in a GCP organization that could be damaging if taken by a malicious actor.
-
Java News Roundup: Jakarta Data Initial Release, Micronaut 3.8, JReleaser 1.4, Gradle 8.0-RC1
It was very quiet for the week of December 26th, 2022, but InfoQ found a few news items of interest that include: Jakarta NoSQL 1.0.0-b5, Jakarta Data 1.0.0-b1, Micronaut 3.8.0, Apache Groovy 4.0.7, Gradle 8.0.0-RC1, and JReleaser 1.4.0.
-
Using Code Instrumentation for Fault Injection at the Application Level at eBay
eBay engineers have been using fault injections techniques to improve the reliability of the notification platform and explore its weaknesses. While fault injection is a common industry practice, eBay attempted a novel approach leveraging instrumentation to bring fault injection within the application level.
-
Learnings from Spotify Mobile Engineering’s Recent Platform Migration
Recently, Spotify Mobile Engineering Team elaborated on their experience with a recent platform migration. Working on an initiative under the Mobile Engineering Strategy program, the team migrated their Android and iOS codebases to build with Bazel, Google’s open-source build system.
-
Microsoft’s New Memory Optimized Ebsv5 VM Sizes in Preview Offer More Performance
Microsoft recently announced two additional Memory Optimized Virtual Machines (VM) sizes, E96bsv5 and E112ibsv5, to the Ebsv5 VM family developed with the NVMe protocol providing performance up to 260,000 IOPS and 8,000 MBps remote disk storage throughput.
-
Kubernetes 1.26 Released with Image Registry Changes, Enhanced Resource Allocation, and Metrics
The Cloud Native Computing Foundation (CNCF) released Kubernetes 1.26 with the name Electrifying. The release has new features, such as Image Registry Changes, Dynamic Resource Allocation, and Improved Metrics.
-
Snyk Announces General Availability of Snyk Cloud and Enhancements to its Platform
Snyk, a developer security platform, recently announced the general availability of their cloud security tool, Snyk Cloud, and improvements to their platform. Extending support for software bill of materials (SBOM), the improvements include new reporting capabilities and self-service resources.
-
Eclipse Migration Toolkit for Java (EMT4J) Simplifies Upgrading Java Applications
Adoptium announced Eclipse Migration Toolkit for Java (EMT4J), an open source Eclipse project capable of analyzing and upgrading applications from Java 8 to Java 11 and from Java 11 to Java 17. EMT4J will support upgrading to future LTS versions.