Articles about DevOps

New research reveals that CISOs are finding it increasingly difficult to keep their software secure as hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production.

The study from Dynatrace shows 68 percent of CISOs say vulnerability management is more difficult because the complexity of their software supply chain and cloud ecosystem has increased.

Continue reading →

As organizations and their customers become more reliant on digital services, DevOps teams are often required to get together quickly to troubleshoot and resolve outages or user experience problems.

However, against the backdrop of the 24/7 economy and a shortage of technology skills, it’s time to reassess whether these 'war rooms' remain an effective tactic for dealing with urgent issues. Or, could they be exacerbating the challenges organizations face in retaining staff and managing skilled DevOps teams’ workloads?

Continue reading →

The latest report from JFrog looks at the most prevalent vulnerabilities in 2022 with an in-depth analysis of open source security vulnerabilities that have most impact for DevOps and DevSecOps teams.

The report shows that the severity of six of the top 10 CVEs was overrated, meaning they scored higher in the NVD rating than in JFrog's own analysis. In addition the CVEs appearing within enterprises most frequently are low-severity issues that were simply never fixed.

Continue reading →

A new survey of 1,300 CIOs and senior DevOps managers in large organizations finds it's getting harder for IT teams to maintain software reliability and security amid the rapid acceleration of digital transformation and rising complexity of cloud-native environments.

The study from Dynatrace finds 90 percent of organizations say their digital transformation has accelerated in the past 12 months. 78 percent of organizations deploy software updates into production every 12 hours or less, and 54 percent say they do so at least once every two hours.

Continue reading →

Continuous integration and continuous delivery (CI/CD) are critical to achieving DevOps success across organizations -- offering the ability to get software changes into production safely, quickly, and sustainably. By reducing the time between when code is written and deployed, while allowing developers to maintain high quality and minimize risk, CD enables teams to release new features quickly.

However, for CD to be a success, speed cannot come at the detriment of security. By building security validation into the CI/CD pipeline, developers will see benefits in productivity by reducing time to market and build consumer trust by developing more secure apps and data.

Continue reading →

Developers are under more pressure than ever to deliver projects quickly, but at the same time applications and the supply chain need to be kept secure.

So, what things can we expect to see for development in 2023? Here are some expert views on the key trends.

Continue reading →

With the help of Go for DevOps, you'll learn how to deliver services with ease and safety, becoming a better DevOps engineer in the process

Some of the key things this book will teach you are how to write Go software to automate configuration management, update remote machines, author custom automation in GitHub Actions, and interact with Kubernetes.

Continue reading →

APIs allow products and services to communicate with each other and have become essential to digital transformation projects as they make it easy to open up application data and functionality to third-party developers and business partners, or to departments within the enterprise.

Where legacy systems are involved though it's often necessary to modernize the API infrastructure to ensure things work smoothly and this can lead to serious challenges, especially where security is concerned.

Continue reading →

New research from Progress reveals that 73 percent of IT decision makers admit more could be done to improve their DevSecOps practices, with many organizations behind in their goals.

It's culture that is the biggest impediment to success, with 71 percent of respondents agreeing that culture is the biggest barrier to their DevSecOps progress, yet only 16 percent are prioritizing culture as an area to optimize in the next 12-18 months.

Continue reading →

A new study of 400 software engineering and operations professionals by continuous deployment specialist Armory shows that 80 percent rate ensuring reliable deployments as their top priority.

However, 59 percent say that overly complex deployment to multi-cloud environments is the top app development and deployment issue their engineering team needs to address.

Continue reading →

In the implementation of DevOps processes, the choice of tools is crucial to the sustainability of projects and collaboration between developers and ops.

Learning DevOps -- Second Edition presents the different patterns and tools for provisioning and configuring an infrastructure in the cloud, covering mostly open source tools with a large community contribution, such as Terraform, Ansible, and Packer, which are assets for automation.

Continue reading →

With more open source being consumed than ever before, attacks targeting the software supply chain have increased too, both in frequency and complexity. A new report reveals a 633 percent year on year increase in malicious attacks aimed at open source in public repositories -- this equates to a 742 percent average yearly increase in software supply chain attacks since 2019.

The latest State of the Software Supply Chain Report from Sonatype, released today at the DevOps Enterprise Summit, also finds that 96 percent of open source Java downloads with known-vulnerabilities could have been avoided because a better version was available, but was ignored.

Continue reading →

More than half (53 percent) of DevOps professionals in a new study say they will consider multicloud architecture to reduce reliance on a specific cloud provider.

The survey of over 700 development professionals and leaders from Techstrong Research finds that the cloud landscape is changing as buyers increasingly put the developer experience on the same footing as core technical and performance capabilities of cloud infrastructure services.

Continue reading →

Digital transformation has become ubiquitous throughout every industry, as the world grows more reliant on software-driven services. As this trend continues, customers and end users have increasingly heightened expectations that organizations will deliver better-quality, more efficient, and secure digital services, at greater speed. Multicloud environments, which are built on an average of five different platforms, are at the heart of this transformation. They enhance organizations’ agility, so DevOps teams can accelerate innovation.

However, these Multicloud environments have introduced new challenges given their complexity and scale. Applications span multiple technologies and contain millions of lines of code and generate even more dependencies. It is now beyond human capacity for DevOps teams to manually monitor these environments, piece together and analyze logs to gain the insights they need to deliver seamless digital experiences.

Continue reading →

While the rapid adoption of DevOps processes has helped companies assume an agile product position in the market, security has lagged. Specifically, DevOps's prioritization of tools and automation has led to an explosion of machine identities that traditional waterfall-based security mechanisms cannot keep pace with.

Verizon's 2021 Data Breach Investigations report highlighted the extent of the problem by revealing that 61 percent of data breaches involved misused credentials data. These breaches are rarely incidents of a malicious actor stealing a human entity's password. Instead, hackers leverage expired or unused machine identities, also known as workload identities, to penetrate networks. As a result, some 92 percent of respondents to a recent Enterprise Strategy Group (ESG) survey indicated that they see workload identities as "critical" or "very important" risks.

Continue reading →