Entries Tagged as 'DevOps'

DevOps Technologies: Gauntlt

DevOps , DevOps Tips No Comments »

By Chris Taschner
Project Lead
CERT Cyber Security Solutions Directive

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Chris TaschnerTools used in DevOps environments such as continuous integration and continuous deployment speed up the process of pushing code to production. Often this means continuous deployment cycles that could result in multiple deployments per day. Traditional security testing, which often requires manually running multiple tests in different tools, does not keep pace with this rapid schedule. This blog post introduces a tool called Gauntlt, which attempts to remedy this issue.

Read more...

Build DevOps Tough!

DevOps , DevOps Tips No Comments »

By Chris Taschner
Project Lead
CERT Cyber Security Solutions Directive

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Chris Taschner “Software security” often evokes negative feelings among software developers since this term is associated with additional programming effort and uncertainty. To secure software, developers must follow a lot of guidelines that, while intended to satisfy some regulation or other, can be very restricting and hard to understand. As a result a lot of fear, uncertainty, and doubt can surround software security. This blog posting describes how the Rugged Software movement attempts to combat the toxic environment surrounding software security by shifting the paradigm from following rules and guidelines to creatively determining solutions for tough security problems.

Read more...

DevOps Technologies: Fabric or Ansible

DevOps , DevOps Tips No Comments »

By Tim Palko
Senior Member of the Technical Staff 
CERT Cyber Security Solutions Division

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Tim PalkoThe workflow of deploying code is almost as old as code itself. There are many use cases associated with the deployment process, including evaluating resource requirements, designing a production system, provisioning and configuring production servers, and pushing code to name a few. In this blog post I focus on a use case for configuring a remote server with the packages and software necessary to execute your code. This use case is supported by many different and competing technologies, such as ChefPuppetFabricAnsibleSalt, andForeman, which are just a few of which you are likely to have heard on the path to automation in DevOps. All these technologies have free offerings, leave you with scripts to commit to your repository, and get the job done. This post explores Fabric and Ansible in more depth. To learn more about other infrastructure-as-code solutions, check out Joe Yankel's blog post on Docker or my post on Vagrant.

Read more...

Addressing the Detrimental Effects of Context Switching with DevOps

DevOps , DevOps Tips No Comments »

By Todd Waits
Project Lead
Cyber Security Solutions Directorate

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Todd Waits In a computing system, a context switch occurs when an operating system stores the state of an application thread before stopping the thread and restoring the state of a different (previously stopped) thread so its execution can resume. The overhead incurred by a context switch managing the process of storing and restoring state negatively impacts operating system and application performance. This blog post describes how DevOps ameliorates the negative impacts that "context switching" between projects can have on a software engineering team’s performance.

Read more...

Can’t Buy Me DevOps

DevOps , DevOps Tips 1 Comment »

By Aaron Volkmann
Senior Research Engineer
CERT Cyber Security Solutions Directorate

This post is the latest installment in a series aimed at helping organizations adopt DevOps.

Aaron VolkmannThe DevOps movement is clearly taking the IT world by storm. Technical feats, such as continuous integration (CI), comprehensive automated testing, and continuous delivery (CD) that at one time could only be mastered by hip, trendy startups incapable of failure, are now being successfully performed by traditional enterprises who have a long history of IT operations and are still relying on legacy technologies (the former type of enterprises are known in the DevOps community as “unicorns,” the latter as “horses”). In this post, I explore the experience of a fictional horse, Derrick and Anderson (D&A) Lumber, Inc., a company that hit some bumps in the road on its way to DevOps. As D&A finds out, a DevOps transformation is not a product that can be purchased from the outside, but rather a competency that must be grown from within.

Read more...