DevOps / SRE - Top Links Last Week
Week 14 - Issue #73
Week 14 - Issue #73
We use GitHub Actions to build GitHub
GitHub's Security Lab team uses GitHub Actions to automate processes related to reporting vulnerabilities to open source projects. They also use actions to use the CodeQL bug bounty program to test CodeQL's CodeQL code changes. GitHub has seen some great use of GitHub Actions from open source communities and enterprise companies alike, with more than 12,000 community-built actions in the GitHub Marketplace. The Security Lab uses the actions to track and report vulnerabilities to maintain maintainers and track the fix and the disclosure.
6 Reasons Why More Automation Means Secure Software
Software is being produced faster than ever, in smaller and smaller components. 57% of software development teams deploy at least once a week — and 20% deploy multiple times a day. The average organization performs 6,200 component migrations per year. When a developer updates a dependency, they have, on average, 21 versions. The most common type of vulnerability, CRLF injection, was detected in 65% of apps, according to a report by Sonatype and The New Stack.
An Open Letter from the CEO of Puppet: Puppet and Perforce
Puppet + Perforce will be joining forces with Perforce Software. Puppet founder Luke Kanies was one of the original creators of the DevOps movement. Perforce's mission is to help technology teams solve the most challenging problems in DevOps so nothing stalls innovation. Puppet and Perforce both have a deep focus on outstanding customer service, open and transformational leadership, and a people-first culture that empowers team members to do their best work as part of a community that cares, says Kanies.
Deploy a Full-Stack Application with Portainer
Portainer allows you to manage registries, networks, networks and events, volumes, hosts, environments, logs, and even full-stack applications. With Portainer, you can create a single application and assign that stack to teams. This is a great way to learn how to work with everything from simple to complex deployments. The Portainer software is a must-have for container developers looking to enjoy the deployment and management of their containerized applications. To make this work, you'll need a running instance of Portainer, and that's it.
Open source data integration platform Airbyte launches its cloud service
Airbyte is an open-source data integration platform for building ELT data pipelines. The company also details its new compensation plan for open source developers who write and maintain data connectors for the platform. The fast-growing company recently raised a $150 million Series B funding round. It now offers over 165 data connectors and expects to expand to 500 by the end of the year. Airbyte also plans to launch its new command-line interface later this week. In addition, it is working on making it possible for its cloud users to manage the data and control plane.