InfoQ Homepage Continuous Integration Content on InfoQ
-
Docker Desktop Best Practices for Code Sharing
In a recent article, Docker engineer Stephen Turner shared a few best practices to help developers understand file sharing between a Docker container and its local host and how its performance varies across OSes.
-
Google and GitHub Announce OpenSSF Scorecards v4 with New GitHub Actions Workflow
GitHub and Google have announced the version 4 release of the Open Source Security Foundation (OpenSSF)'s Scorecards project. Scorecards is an automated security tool that identifies risky supply chain practices in open source projects. This release includes a new Scorecards GitHub Action, new security checks, and a large increase in the repositories included in the foundations weekly scans.
-
Aqua Security Reports Large Increase in Supply Chain Attacks
Aqua Security's recent report highlights the increasing threat of supply chain attacks. According to the report, supply chain attacks grew by 300% from 2020 to 2021 while the level of security across software development environments remained low. Google and the CNCF have recently released papers detailing approaches to improving the security of the supply chain.
-
HashiCorp Waypoint Adds Triggers and External Data Fetching
HashiCorp has released version 0.7 of Waypoint, their open-source application deployment tool. This release presents a number of redesigns to the user interface, the introduction of scripting and continuous integration lifecycle operations via triggers, external data fetching, and scoping of configurations to specific workspaces.
-
GitLab 14.6 Improves Geo Replication and Adds Support for .NET 6 Projects
GitLab 14.6 new Geo configuration streamlines the process of using the geographically closest replica to speed up clone and pull commands. It also introduces an activity list for GitLab's Agent to log real-time events and brings support for .NET 6.
-
GitHub Improves Code Navigation and Search
GitHub announced improvements to its code search and code navigation capabilities. The new code search, which is still available experimentally, features now the possibility of finding code symbols and using regular expressions. Code navigation has been made available from within pull requests and extended to provide more precise information for Python repos.
-
XCRemoteCache Aims to Speed up iOS App Build Times
Spotify created XCRemoteCache to reduce Xcode compile times. Recently open-sourced, XCRemoteCache can decrease clean build times by 70%, says Spotify.
-
ClusterFuzzLite Brings ClusterFuzz to GitHub Actions and Other CI/CD Pipelines
ClusterFuzzLite, as implied by its name, is a light version of Google ClusterFuzz, a tool aimed to find security and stability issues in software systems through fuzz testing. ClusterFuzzLite is meant to be integrated in a CI pipeline with a few lines of code, says Google.
-
Pants Build System Adds Support for Java, Scala, and Go
In its upcoming release, now available to early adopters, build system Pants adds Java, Scala, and Go to previously supported Python. InfoQ has spoken with Benjy Weinberger, one of the creator of Pants alongside John Sirois, and currently CEO of Toolchain, Pants' main sponsor.
-
HashiCorp Launches Public Beta of HCP Packer
HashiCorp Cloud Platform (HCP) Packer’s new public beta puts the long-standing machine-image building tool in the cloud, and also delivers new features such as release channels and a deeper integration with Terraform. Packer - a tool for building automated machine images which was launched back in 2013 - has been relaunched onto HashiCorp Cloud Platform, with a host of improvements.
-
GitHub Introduces Projects, Updates Codespaces, Copilot, Code Scanning, and More
At its Universe 2021 conference, GitHub promoted its new Issues experience to public beta, providing projects and dynamic tables, expanded Copilot support for Jetbrains and Java, added Ruby support for code scanning, and announced many more features.
-
Travis CI Vulnerability Potentially Leaked Customer Secrets
Popular continuous integration and delivery service Travis CI disclosed a vulnerability that potentially leaked secure environment variables, including signing keys, access credentials, and API tokens. The flaw was quickly fixed on September 10, but the developer community found Travis CI handling of this issue insufficient.
-
How External IT Providers Can Adopt DevOps Practices
IT suppliers can follow the “you build it, you run it” mantra by working in small batches, using an experimental approach to product development, and validating small product increments in production. The supplier has to find out what his client’s goal is, and it has to become the supplier’s goal as well to work in a collaborative way.
-
GitLab Open-Sources Package Hunter, Falco-Based Tool to Detect Malicious Code
GitLab has released a new open-source tool, Package Hunter, aimed to detect malicious code by running your project dependencies inside a sandbox. Package Hunter leverages Falco to detect unexpected application behaviour at runtime.
-
InfoQ Live July 20th: Software Supply Chain for DevOps & Reducing Feature Flag Debt
How can modern DevOps practices accelerate your software delivery without the quality issues? Learn how automation, continuous testing, and supply management techniques can improve software quality and speed of delivery. Get valuable insights from world-class domain experts at InfoQ Live on July 20th.