|
Kubernetes RBAC: A Practical Guide Kubernetes RBAC is a powerful feature that allows you to fine-tune access to resources in your cluster. By creating roles and role bindings, you can specify exactly which users and processes have access to which resources and actions. This can help you to secure your cluster and prevent unauthorized access to critical resources.
|
|
|
5 Tips to Create a Secure CI/CD Pipeline The purpose of CI/CD security goes beyond identifying and remediating vulnerabilities—it also emphasizes keeping pace with other CI/CD processes. A secure CI/CD pipeline allows teams to find and fix issues without disrupting the overall CI/CD flow, achieving security without delaying or rolling back software releases.
|
|
|
Agile Authentication in Modern Applications—With OAuth 2.0 This article explains how the OAuth 2.0 authorization framework authenticates a user on a third-party HTTP website, and how this kind of social identity provider based authentication makes use of what is called authorization code grant flow.
|
|
|
The DevOps Security Stack: Tools You'll Need to Power a DevSecOps Transformation In most organizations, the transition to DevSecOps cannot happen without tools. A DevSecOps stack is a set of security tools that facilitate fast, automated security checks at every stage of the software development lifecycle (SDLC). This article covers the key principles of a successful DevSecOps stack, and the primary technologies that typically comprise the stack.
|
|
|
What if Someone Steals Your Code? Bob Zeidman, an expert in software forensics, provides a great overview of how to protect your software from predators. You'll learn the difference between copyrights, trade secrets, and patents.
|
|
|
Pitfalls of Developing for the IoT The Internet of Things (IoT) enables amazing software-powered devices designed to make our business and personal lives easier. Lev Lesokhin discusses four fundamental practices you'll need when developing sophisticated software for the IoT.
|
|
|
Your Professional Responsibility for Security and Performance It is Johanna Rothman's belief that security and performance are no longer nonfunctional requirements in modern-day software development. Instead, we must prepare to accommodate security and performance needs in all projects.
|
|
|
A Radical View of Software Licensing and Piracy Software vendors are making extraordinary efforts to protect the installation and use of apps, but have they gone too far? Preventing software piracy can have an adverse effect on genuine users. Software licensing technology, according to Steve, needs to strike the best balance of protecting the asset while trusting the customer.
|
|
|
Containers, Docker, and Kubernetes 101: A Conversation with Ryan Kenney
Video
Ryan Kenney, senior consultant at Coveros, chats with TechWell community manager Owen Gotimer about the difference between containers, container engines, and container orchestration; using containers in your CI/CD pipelines; and the cost of security.
|
|
|
Understanding the Role of QA in DevOps: An Interview with Gene Gotimer
Video
Gene Gotimer, senior architect at Coveros Inc., discusses understanding the role of QA in DevOps, DevOps educational tools, trusting your team, and paid and open source security tools.
|
|
|
Giving Control Back to Software Developers: An Interview with Mike Faulise
Video
In this interview, Michael Faulise, the founder and managing partner at tap|QA, explains how the move toward DevOps and away from release management is giving control back to developers, then details why major companies often need partners to leverage CI, CD, and other modern techniques.
|
|
|
Why You Need to Take Security and DevOps Seriously: An Interview with Jeff Payne
Video
In this interview, Jeff Payne, the CEO and cofounder of Coveros, explains why major companies just aren’t that good at security. He discusses how you can better protect your business, as well as why DevOps can and should be a key to your success.
|
|
|
Rome Wasn't Built in a Day...and Neither is Your DevSecOps
Slideshow
DevSecOps is about more than just the tools—it is an organizational, operational, and strategic transformation. So, as a “thorough or dramatic change in form or appearance” across the three main pillars of an organization, how can we expect a DevSecOps transformation to take place overnight?
|
Brittany Greenfield
|
|
Large-Scale DevSecOps: Bringing Security Confidence to Chaotic Development
Slideshow
Implementing application security (AppSec) programs on a large scale can often seem chaotic and unwieldy. Without the proper knowledge to implement robust AppSec tools, DevSecOps on a large scale can be overwhelming.
|
Dennis Hurst
|
|
Continuous Application Security Testing
Slideshow
Because of its specialized nature, many aspects of application security testing are often assigned to testers from another team or another company, and they may be brought in to perform a point-in-time assessment prior to a release.
|
Josh Gibbs
|
|
QADevSecOps: Leading a Quality-Driven DevOps Transformation
Slideshow
Have you wondered where QA professionals fit into a DevSecOps transformation? Stacy Kirk thinks they should champion the transformation. Regardless of where your company is on its journey to DevSecOps, quality must be at the forefront for optimal effectiveness and customer value. This means promoting feedback loops that use monitoring and reporting tools effectively, and most importantly, it means creating a culture of collaborative communication and continuous improvement. The role of the QADevSecOps practitioner must evolve from ensuring the quality of software to assessing the effectiveness of the company’s security and development processes using retrospectives as the new defect tracking system. Discover how Stacy’s experiences with innovative techniques have infused quality into every aspect of an agile transformation, from development to security to operations.
|
Stacy Kirk
|
Visit Our Other Communities
AgileConnection is a TechWell community.
Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.