InfoQ Homepage Continuous Integration Content on InfoQ
-
Travis CI Vulnerability Potentially Leaked Customer Secrets
Popular continuous integration and delivery service Travis CI disclosed a vulnerability that potentially leaked secure environment variables, including signing keys, access credentials, and API tokens. The flaw was quickly fixed on September 10, but the developer community found Travis CI handling of this issue insufficient.
-
How External IT Providers Can Adopt DevOps Practices
IT suppliers can follow the “you build it, you run it” mantra by working in small batches, using an experimental approach to product development, and validating small product increments in production. The supplier has to find out what his client’s goal is, and it has to become the supplier’s goal as well to work in a collaborative way.
-
GitLab Open-Sources Package Hunter, Falco-Based Tool to Detect Malicious Code
GitLab has released a new open-source tool, Package Hunter, aimed to detect malicious code by running your project dependencies inside a sandbox. Package Hunter leverages Falco to detect unexpected application behaviour at runtime.
-
InfoQ Live July 20th: Software Supply Chain for DevOps & Reducing Feature Flag Debt
How can modern DevOps practices accelerate your software delivery without the quality issues? Learn how automation, continuous testing, and supply management techniques can improve software quality and speed of delivery. Get valuable insights from world-class domain experts at InfoQ Live on July 20th.
-
GitLab 14 Introduces Epic Boards, Improves Pipeline Editor and Kubernetes Agent, and More
With GitLab 14, GitLab is reaffirming its view of a unified DevOps platform integrating all the tools and tech stacks that are required by development teams. The latest release of the platform includes many new features meant to improve development velocity, application security, and analytics.
-
Xcode Cloud Brings CI/CD to iOS App Development
At WWDC21, Apple announced Xcode Cloud, a continuous integration and delivery (CI/CD) system to help developers build, test, and distribute apps. Still in beta, Xcode Cloud supports both releasing to TestFlight and on the App Store.
-
AWS CloudFormation Guard Adds Type Blocks, Filtering, and Reusable Rules
AWS released version 2 of CloudFormation Guard, their open source tool for validating CloudFormation templates. This release introduces a number of new features including type blocks, support for Conjunctive Normal Form, filters, and named rules. Guard enables writing policy-as-code that can then be used to validate any well-formed JSON or YAML file.
-
Ambassador Developer Control Plane Integrates Common Kubernetes Full Lifecycle Tooling
Ambassador Labs announced the release of their Developer Control Plane (DCP). The DCP brings together tooling to support the full development and operations of Kubernetes based services. This includes popular Cloud Native Computing Foundation (CNCF) tools such as Argo, Telepresence, and Envoy Proxy.
-
Adding Security to Testing to Enable Continuous Security Testing
Teams can be trained by security experts to become able to identify areas to add security testing in the test process and add security checks as part of functional test automation. This can lead to continuous security testing where security defects can be spotted at an early stage with higher security testing coverage in every release.
-
GitHub Reacts to Growing Cryptocurrency Mining Attacks Using GitHub Actions
In response to the recent surge in cryptocurrency mining attacks, GitHub has changed how pull requests from public forks are handled in GitHub Actions to prevent abuse.
-
Gradle 7.0 Released with Support for JDK 16
Gradle, the customizable open source build automation tool, has released version 7 with support for JDK 16, faster incremental builds, improved build reliability, and native support for new Macs with Apple Silicon processors. Preview features like dependency verification and support for Java Module System, introduced in previous releases, have been promoted as stable features.
-
Ebay Open-Sources Package to Reduce Test Flakiness Using Swift and Xcode
Targeted Auto Retry is Ebay's approach to dealing with test flakiness that aims to make a continuous integration pipeline more resilient to flaky test steps. To make this approach straightforward to use, Ebay has open sourced a lightweight framework for the Swift language that can be used with Xcode unit testing framework.
-
Community Debates Value, Even Existence of Continuous Deployment
A post by Charity Majors, CTO at Honeycomb, reopened a debate over continuous deployment (CD) as she asserted that when people talk about CI/CD (continuous integration and continuous deployment) they’re only talking about continuous integration (CI), and that’s not enough. The discussion covered not just its importance, but how many organizations are actually using it.
-
How Spotify Leverages Paved Paths and Common Tooling to Improve Productivity
Maria Jernström and Jason Palmer, two product managers at Spotify, shared how the company enables their development teams to operate quickly and in alignment. The Platform Developer Experience tribe builds CI/CD tools, product creation tooling, and paved paths with a focus on automating common processes.
-
GitLab 13.9 Introduces Security Alerts Dashboard, Maintenance Mode, and More
The latest release of GitLab introduces over 60 new features, mostly aimed at improving support for DevSecOps at scale and better handling the complexity of automation at scale.