Presentation by Hui Song, Senior Scientist, SINTEF. We would like to share our research journey towards enabling DevOps for IoT applications, and how Open Source makes the journey feasible and fun.
DevOps is widely adopted for developing cloud applications, which supports developers in continuously placing software changes directly to production. As companies are including IoT and Edge devices into their IT infrastructures, supporting DevOps for IoT is a must. However, IoT challenges some fundamental assumptions behind DevOps, such as the homogeneous infrastructure and centralized governance, and therefore, breaking-through research is needed. Funded by H2020, 30 people from 12 partners crossing academia and industry gathered to solve these fundamental challenges, which results in full-stack open source tools for automatic deployment, learning-based operation and security monitoring of IoT applications, and risk management of the development process. The tools are evaluated on industrial use cases in intelligent transportation, smart building, and eHealth.
The mass open source tools and communities around IoT development provides the sound foundation for this design research and the opportunities for the further exploitation of the results. In particular, we are proud of spinning off a start-up to commercialize the risk management services in the open source + SaaS model.
This talk digs into the fundamentals of DevSecOps, exploring the key principles required to advance your security practices. Considering the changes in culture, methodologies, and tools, it will demonstrate how to accelerate your team journey's from endpoint security to built-in security and how to avoid the common mistakes faced when implementing your chosen DevSecOps strategy.
Introducing GitSwarm: Pure Git with Globally Scalable DevOpsPerforce
Developers want the productivity of distributed version control like Git. DevOps benefit from a scalable mainline repository. With our new Helix GitSwarm you no longer need to choose between the two.
In this presentation, you will see:
- The challenges of using Git at enterprise scale
- The conflicting requirements of developers and DevOps
- A demonstration of Helix GitSwarm in action
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Jerika Phelps
Learn how fast-growing authentication and mobile security solutions provider Entersekt leverages Black Duck Hub for competitive advantage by automating open source security risk management throughout the Software Development Lifecycle (SDLC)
DevSecOps Training Bootcamp - A Practical DevSecOps CourseTonex
DevSecOps means considering application and infrastructure security from the beginning. This also means automating some security doors to prevent the DevOps workflow from slowing down.
The goal of DevSecOps (development, security, and operations) is to make everyone responsible for security, with the main target on implementing security decisions and actions at an equivalent scale and speed as development and operations decisions and actions.
Implementing DevSecOps are often an elaborate process for a corporation , but well worthwhile when considering the advantages .
Implementation usually includes the subsequent stages:
Planning and development
Building and testing
Deployment and operation
Monitoring and scaling
Tonex's DevSecOps Training Bootcamp
DevSecOps training Bootcamp is a practical DevSecOps course, participants can acquire in-depth knowledge and skills to apply, implement and improve IT security in modern DevOps.
Participants understand DevOps and DevSecOps to take full advantage of the agility and responsiveness of the secure DevOps method, IT security on SDLC, and the entire life cycle of the application.
DevSecOps Training Bootcamp focuses on:
Concepts
Principles
Processes
Policies
Guidelines
Mitigation
Applied Risk Management Framework (RMF)
Technical Skills
Audience:
Security Staff
IT Leadership
IT Infrastructure
CIOs / CTOs /CSO
Configuration Managers
Developers and Application Team Members and Leads
IT Operations Staff
IT Project & Program Managers
Product Owners and Managers
Release Engineers
Agile Staff and ScrumMasters
Software Developers
Software Team Leads
System Admin
Training Objectives:
Identify and explain the phases of the DevOps life cycle
Define the roles and responsibilities that support the DevOps environment
Describe the security components of DevOps and determine its risk principles
Analyze, evaluate and automate DevOps application security across SDLC
Identify and explain the characteristics required to meet the definition of DevOps computing security
Discuss strategies for maintaining DevOps methods
Perform gap analysis between DevOps security benchmarks and industry standard best practices
Evaluate and implement the safety controls necessary to make sure confidentiality, integrity and availability (CIA) in DevOps environments
Perform risk assessments of existing and proposed DevOps environments
Integrate RMF with DevOps
Explain the role of encryption in protecting data and specific strategies for key management
And more.
Course Content:
DevOps vs. DevSecOps
DevOps Security Requirements
DevOps Typical Security Activities
Tools for Securing DevOps
Principles Behind DevSecOps
DevSecOps and Application Security
How to DevSecOps
DevSecOps Maturity
RMF, DevOps and DevSecOps
For More Information:
https://www.tonex.com/training-courses/devsecops-training-bootcamp/
José Vila - ¿Otro parche más? No, por favor. [rooted2018]RootedCON
Sigue siendo una tendencia mayoritaria en el ámbito del desarrollo de software que el analizar la seguridad del producto se postergue a las últimas etapas del proceso. Uno de los motivos suele ser el impacto económico de contar con un ciclo seguro de desarrollo, pesa demasiado al inicio del proyecto y por tanto se descarta tener una metodología integrada durante todo el proceso.
Este planteamiento se está volviendo cada vez más en contra de los desarrolladores y demás actores implicados. Una vez lanzado el producto al mercado, acaban teniendo que invertir recursos inesperados por culpa de problemas de seguridad. Parches, hotfixes, actualizaciones… se convierten en la solución monótona que, lo que consigue es acabar dificultando la usabilidad del producto. Seguro que a todos se nos vienen nombres a la cabeza.
El propósito de esta presentación es el exponer la necesidad de integrar metodologías de seguridad desde las etapas más tempranas del ciclo de vida de sus productos, los beneficios de tener presente el desarrollo seguro de productos y mostrar buenas practicas que favorecen a la mejora de la seguridad de los productos, generando software de mayor calidad.
Y si esto ya te lo han contado en otra CON… ¿por qué no lo estás poniendo en práctica?
Node.js core contributor James M Snell will highlight the unique benefits that the Node.js core project brings to the enterprise, as well as share tips and tricks on tools and frameworks that Node.js developers can use when building enterprise-scale cloud apps.
This talk digs into the fundamentals of DevSecOps, exploring the key principles required to advance your security practices. Considering the changes in culture, methodologies, and tools, it will demonstrate how to accelerate your team journey's from endpoint security to built-in security and how to avoid the common mistakes faced when implementing your chosen DevSecOps strategy.
Introducing GitSwarm: Pure Git with Globally Scalable DevOpsPerforce
Developers want the productivity of distributed version control like Git. DevOps benefit from a scalable mainline repository. With our new Helix GitSwarm you no longer need to choose between the two.
In this presentation, you will see:
- The challenges of using Git at enterprise scale
- The conflicting requirements of developers and DevOps
- A demonstration of Helix GitSwarm in action
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Jerika Phelps
Learn how fast-growing authentication and mobile security solutions provider Entersekt leverages Black Duck Hub for competitive advantage by automating open source security risk management throughout the Software Development Lifecycle (SDLC)
DevSecOps Training Bootcamp - A Practical DevSecOps CourseTonex
DevSecOps means considering application and infrastructure security from the beginning. This also means automating some security doors to prevent the DevOps workflow from slowing down.
The goal of DevSecOps (development, security, and operations) is to make everyone responsible for security, with the main target on implementing security decisions and actions at an equivalent scale and speed as development and operations decisions and actions.
Implementing DevSecOps are often an elaborate process for a corporation , but well worthwhile when considering the advantages .
Implementation usually includes the subsequent stages:
Planning and development
Building and testing
Deployment and operation
Monitoring and scaling
Tonex's DevSecOps Training Bootcamp
DevSecOps training Bootcamp is a practical DevSecOps course, participants can acquire in-depth knowledge and skills to apply, implement and improve IT security in modern DevOps.
Participants understand DevOps and DevSecOps to take full advantage of the agility and responsiveness of the secure DevOps method, IT security on SDLC, and the entire life cycle of the application.
DevSecOps Training Bootcamp focuses on:
Concepts
Principles
Processes
Policies
Guidelines
Mitigation
Applied Risk Management Framework (RMF)
Technical Skills
Audience:
Security Staff
IT Leadership
IT Infrastructure
CIOs / CTOs /CSO
Configuration Managers
Developers and Application Team Members and Leads
IT Operations Staff
IT Project & Program Managers
Product Owners and Managers
Release Engineers
Agile Staff and ScrumMasters
Software Developers
Software Team Leads
System Admin
Training Objectives:
Identify and explain the phases of the DevOps life cycle
Define the roles and responsibilities that support the DevOps environment
Describe the security components of DevOps and determine its risk principles
Analyze, evaluate and automate DevOps application security across SDLC
Identify and explain the characteristics required to meet the definition of DevOps computing security
Discuss strategies for maintaining DevOps methods
Perform gap analysis between DevOps security benchmarks and industry standard best practices
Evaluate and implement the safety controls necessary to make sure confidentiality, integrity and availability (CIA) in DevOps environments
Perform risk assessments of existing and proposed DevOps environments
Integrate RMF with DevOps
Explain the role of encryption in protecting data and specific strategies for key management
And more.
Course Content:
DevOps vs. DevSecOps
DevOps Security Requirements
DevOps Typical Security Activities
Tools for Securing DevOps
Principles Behind DevSecOps
DevSecOps and Application Security
How to DevSecOps
DevSecOps Maturity
RMF, DevOps and DevSecOps
For More Information:
https://www.tonex.com/training-courses/devsecops-training-bootcamp/
José Vila - ¿Otro parche más? No, por favor. [rooted2018]RootedCON
Sigue siendo una tendencia mayoritaria en el ámbito del desarrollo de software que el analizar la seguridad del producto se postergue a las últimas etapas del proceso. Uno de los motivos suele ser el impacto económico de contar con un ciclo seguro de desarrollo, pesa demasiado al inicio del proyecto y por tanto se descarta tener una metodología integrada durante todo el proceso.
Este planteamiento se está volviendo cada vez más en contra de los desarrolladores y demás actores implicados. Una vez lanzado el producto al mercado, acaban teniendo que invertir recursos inesperados por culpa de problemas de seguridad. Parches, hotfixes, actualizaciones… se convierten en la solución monótona que, lo que consigue es acabar dificultando la usabilidad del producto. Seguro que a todos se nos vienen nombres a la cabeza.
El propósito de esta presentación es el exponer la necesidad de integrar metodologías de seguridad desde las etapas más tempranas del ciclo de vida de sus productos, los beneficios de tener presente el desarrollo seguro de productos y mostrar buenas practicas que favorecen a la mejora de la seguridad de los productos, generando software de mayor calidad.
Y si esto ya te lo han contado en otra CON… ¿por qué no lo estás poniendo en práctica?
Node.js core contributor James M Snell will highlight the unique benefits that the Node.js core project brings to the enterprise, as well as share tips and tricks on tools and frameworks that Node.js developers can use when building enterprise-scale cloud apps.
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Join Black Duck and our customer experts on best practices for application security in DevOps.
You’ll learn:
-New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments
-Best practices for designing and incorporating an automated approach to application security into your existing development environment
-Future development and application security challenges organizations will face and what they can do to prepare
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your RiskWhiteSource
Have you considered what truly separates accidental vulnerabilities in open source from intentionally malicious releases? Although often grouped together as "vulnerabilities", malicious open source components are very different, right from their very creation through to the way you mitigate and remediate them as an end user. The past 12 months saw a record-breaking time for detection of malicious components in the world's most popular package registries.
Join Rhys Arkins, Director of Product at WhiteSource, as he will discuss:
The key differences between accidental vulnerabilities and malicious releases,
How to manage the risk for each type of vulnerability,
Lessons learned from the most interesting malicious packages spotted during 2019.
Organizations enjoy the speed that DevOps brings to development and delivery. However, most security and compliance monitoring tools have not been able to keep up, becoming the most significant barrier to continuous delivery.
Now some good news: you can easily integrate security into your existing processes to solve this challenge.
In this session, Shiri Ivtsan, Senior Product Manager at WhiteSource, will discuss:
- Leveraging the DevSecOps approach to help speed up security
- Scaling security into your agile processes
- 5 easy ways to start driving DevSecOps in your organization
Welcome & The State of Open Source SecurityJerika Phelps
Open Source software is the foundation for application development today. Open source use is growing rapidly worldwide because of the development cost reductions and innovation it enables. Black Duck discovers open source in nearly every application it analyzes and finds that 35% of the average commercial software application is open source. Home-grown applications typically contain 50% or more open source.
The dramatic growth in open source use has been accompanied by an array of security and management challenges related to a lack of visibility into and control of the open source in use. Leading organizations are aggressively pursuing ways to increase their use of open source and do so without compromising effective security or management.
Containers are rapidly being adopted by many organizations. Developers gain huge advantages from fast prototyping, quick development cycles, and a purpose-built environment for their applications. But when these new apps go into production, those responsible for operations and security may find them difficult to manage.
In this webinar we will discuss some of the pitfalls that we have seen when moving container-based apps through the continuous integration pipeline from development to production, and introduce Anchore, a set of open-source tools designed to provide visibility and transparency into your container environment.
GitHub Gone Wrong - Lessons learned from organic open sourceAll Things Open
Presented by: Charles Eckel
Presented at the All Things Open 2021
Raleigh, NC, USA
Raleigh Convention Center
Abstract: Creating a GitHub organization with public repos is free, fast, and easy. This fosters a wild west of GitHub usage within corporations that is as confusing and troubling as it is liberating and empowering. We explore how GitHub has been used organically throughout Cisco and efforts to establish best practices that enable efficient open source collaboration that is responsible and sustainable.
Tackling the Container Iceberg:How to approach security when most of your sof...WhiteSource
Container images are based on many direct and indirect open source dependencies, which most developers are not aware of. What are the security implications of only seeing the tip of the iceberg? What are the challenges one faces when relying so heavily on open source? And how can teams overcome these?
Join Codefresh and WhiteSource, as they embark on a journey to tackle:
The container iceberg - learn what are your blind spots
The main security challenges when using open source in containerized applications
The role of automation in open source security in containers
A live demo showing how WhiteSource & Codefresh can allow you to automate open source security in containers throughout the DevOps pipeline
As presented by Patrick Carey in San Jose at a Lunch & Learn. Open source reduces development costs, frees internal developers to work on higher-order tasks, and accelerates time to market. Quite simply, open source is the way applications are developed today.
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Denim Group
A web application’s attack surface is the combination of URLs it will respond to as well as the
inputs to those URLs that can change the behavior of the application. Understanding an
application’s attack surface is critical to being able to provide sufficient security test coverage,
and by watching an application’s attack surface change over time security and development
teams can help target and optimize testing activities. This presentation looks at methods of
calculating web application attack surface and tracking the evolution of attack surface over
time. In addition, it looks at metrics and thresholds that can be used to craft policies for
integrating different testing activities into Continuous Integration / Continuous Delivery (CI/CD)
pipelines for teams integrating security into their DevOps practices.
30+ Nexus Integrations to Accelerate DevOpsSonatype
No single tool can deliver on the promise of DevOps. Instead it’s a collection of tools, easily integrated, tightly managed, and effectively automated. Learn how Nexus integrates with more DevOps tools you use everyday.
This was presented as part of JNTU A 2021 2 days workshop.. Ganesan Narayanasamy from IBM presented this to many young developers and faculties where he described about Why OpenPOWER foundation , what are the tools and features available for community development , value creation for members etc.
Containers, the next wave of virtualization, are changing everything! As companies learn about the value of DevOps practices and containerization they are flocking to containers. Now with Docker running on Windows and Docker Containers built into both Azure and Windows Server, containers are poised to take over the virtualization landscape. Come to the session to learn all about containers and how you can put these technologies to use in your organization. You will learn about DevOps, Docker Containers, Running Containers on Windows 10, Windows Server 2016 and Linux on-premises or in the Azure cloud. You will learn about the tools and practices for leveraging containers, deploying containers as well as how you can continue on your journey to becoming a container expert as you grow your technical career.
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Join Black Duck and our customer experts on best practices for application security in DevOps.
You’ll learn:
-New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments
-Best practices for designing and incorporating an automated approach to application security into your existing development environment
-Future development and application security challenges organizations will face and what they can do to prepare
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your RiskWhiteSource
Have you considered what truly separates accidental vulnerabilities in open source from intentionally malicious releases? Although often grouped together as "vulnerabilities", malicious open source components are very different, right from their very creation through to the way you mitigate and remediate them as an end user. The past 12 months saw a record-breaking time for detection of malicious components in the world's most popular package registries.
Join Rhys Arkins, Director of Product at WhiteSource, as he will discuss:
The key differences between accidental vulnerabilities and malicious releases,
How to manage the risk for each type of vulnerability,
Lessons learned from the most interesting malicious packages spotted during 2019.
Organizations enjoy the speed that DevOps brings to development and delivery. However, most security and compliance monitoring tools have not been able to keep up, becoming the most significant barrier to continuous delivery.
Now some good news: you can easily integrate security into your existing processes to solve this challenge.
In this session, Shiri Ivtsan, Senior Product Manager at WhiteSource, will discuss:
- Leveraging the DevSecOps approach to help speed up security
- Scaling security into your agile processes
- 5 easy ways to start driving DevSecOps in your organization
Welcome & The State of Open Source SecurityJerika Phelps
Open Source software is the foundation for application development today. Open source use is growing rapidly worldwide because of the development cost reductions and innovation it enables. Black Duck discovers open source in nearly every application it analyzes and finds that 35% of the average commercial software application is open source. Home-grown applications typically contain 50% or more open source.
The dramatic growth in open source use has been accompanied by an array of security and management challenges related to a lack of visibility into and control of the open source in use. Leading organizations are aggressively pursuing ways to increase their use of open source and do so without compromising effective security or management.
Containers are rapidly being adopted by many organizations. Developers gain huge advantages from fast prototyping, quick development cycles, and a purpose-built environment for their applications. But when these new apps go into production, those responsible for operations and security may find them difficult to manage.
In this webinar we will discuss some of the pitfalls that we have seen when moving container-based apps through the continuous integration pipeline from development to production, and introduce Anchore, a set of open-source tools designed to provide visibility and transparency into your container environment.
GitHub Gone Wrong - Lessons learned from organic open sourceAll Things Open
Presented by: Charles Eckel
Presented at the All Things Open 2021
Raleigh, NC, USA
Raleigh Convention Center
Abstract: Creating a GitHub organization with public repos is free, fast, and easy. This fosters a wild west of GitHub usage within corporations that is as confusing and troubling as it is liberating and empowering. We explore how GitHub has been used organically throughout Cisco and efforts to establish best practices that enable efficient open source collaboration that is responsible and sustainable.
Tackling the Container Iceberg:How to approach security when most of your sof...WhiteSource
Container images are based on many direct and indirect open source dependencies, which most developers are not aware of. What are the security implications of only seeing the tip of the iceberg? What are the challenges one faces when relying so heavily on open source? And how can teams overcome these?
Join Codefresh and WhiteSource, as they embark on a journey to tackle:
The container iceberg - learn what are your blind spots
The main security challenges when using open source in containerized applications
The role of automation in open source security in containers
A live demo showing how WhiteSource & Codefresh can allow you to automate open source security in containers throughout the DevOps pipeline
As presented by Patrick Carey in San Jose at a Lunch & Learn. Open source reduces development costs, frees internal developers to work on higher-order tasks, and accelerates time to market. Quite simply, open source is the way applications are developed today.
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Denim Group
A web application’s attack surface is the combination of URLs it will respond to as well as the
inputs to those URLs that can change the behavior of the application. Understanding an
application’s attack surface is critical to being able to provide sufficient security test coverage,
and by watching an application’s attack surface change over time security and development
teams can help target and optimize testing activities. This presentation looks at methods of
calculating web application attack surface and tracking the evolution of attack surface over
time. In addition, it looks at metrics and thresholds that can be used to craft policies for
integrating different testing activities into Continuous Integration / Continuous Delivery (CI/CD)
pipelines for teams integrating security into their DevOps practices.
30+ Nexus Integrations to Accelerate DevOpsSonatype
No single tool can deliver on the promise of DevOps. Instead it’s a collection of tools, easily integrated, tightly managed, and effectively automated. Learn how Nexus integrates with more DevOps tools you use everyday.
This was presented as part of JNTU A 2021 2 days workshop.. Ganesan Narayanasamy from IBM presented this to many young developers and faculties where he described about Why OpenPOWER foundation , what are the tools and features available for community development , value creation for members etc.
Containers, the next wave of virtualization, are changing everything! As companies learn about the value of DevOps practices and containerization they are flocking to containers. Now with Docker running on Windows and Docker Containers built into both Azure and Windows Server, containers are poised to take over the virtualization landscape. Come to the session to learn all about containers and how you can put these technologies to use in your organization. You will learn about DevOps, Docker Containers, Running Containers on Windows 10, Windows Server 2016 and Linux on-premises or in the Azure cloud. You will learn about the tools and practices for leveraging containers, deploying containers as well as how you can continue on your journey to becoming a container expert as you grow your technical career.
The most important element in Jenkins architecture is the Jenkins slave. It is a java executable running on a remote machine that hear the requests from the Jenkins master instance .
Read more...
The lessons I learned is that Open source quickly becomes the natural choice wherever commoditization is happening in the software stack. Thus we expect business-to-business open source, which is already a significant trend in recent history, to become an increasingly common form of open source collaboration. Companies who understand the ground rules of business-to-business open source will be better positioned to identify and take advantage of open source opportunities in the competitive spaces that they share with other companies.
So I will share why open strategy is import for the enterprise. And how to do contributions for the open source projects n today’s topic.
DevOps (development & operations) is an endeavor software development express used to mean a type of agile connection amongst development & IT . V Cube is one of the best institute for DevOps training in Hyderabad, We offers the comprehensive and in-depth training in DevOps. DevOps is an endeavor software development express used to mean a type of agile connection amongst development & IT operations.
DevOps is an IT cultural revolution sweeping through today’s organizations that want to develop, design, test, and deploy software more quickly and effectively. DevOps training in Hyderabad will enable you to master key DevOps principles, tools, and technologies such as automated testing, Infrastructure as a Code, Continuous Integration/Delivery, and more.
Software development (Dev) and IT operations (Ops) are combined in DevOps (Ops). Its goal is to shorten the systems development life cycle and provide high-quality software delivery on a continuous basis. DevOps is an add-on to Agile software development; in fact, several aspects of DevOps came from the Agile methodology.
Academics and practitioners have not developed a universal definition for the term “DevOps” other than it being a cross-functional combination (and a portmanteau) of the terms and concepts for “development” and “operations.” DevOps is typically defined by three key principles: shared ownership, workflow automation, and rapid feedback.
DevOps is defined as “a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality,” according to Len Bass, Ingo Weber, and Liming Zhu, three computer science researchers from the CSIRO and the Software Engineering Institute. The term is, however, used in a variety of contexts. DevOps is a combination of specific practices, culture change, and tools at its most successful.
Under a DevOps model, development and operations teams are no longer “siloed.” Sometimes, these two teams are merged into a single team where the engineers work across the entire application lifecycle, from development and test to deployment to operations, and develop a range of skills not limited to a single function.
In some DevOps models, quality assurance and security teams may also become more tightly integrated with development and operations and throughout the application lifecycle. When security is the focus of everyone on a DevOps team, this is sometimes referred to as DevSecOps.
These teams use practices to automate processes that historically have been manual and slow. They use a technology stack and tooling which help them operate and evolve applications quickly and reliably. These tools also help engineers independently accomplish tasks (for example, deploying code or provisioning infrastructure) that normally would have required help from other teams, and this further increases a team’s velocity to know more about the DevOps.
What is DevOps And How It Is Useful In Real life.anilpmuvvala
DevOps (development & operations) is an endeavor software development express used to mean a type of agile connection amongst development & IT . V Cube is one of the best institute for DevOps training in Hyderabad, We offers the comprehensive and in-depth training in DevOps. DevOps is an endeavor software development express used to mean a type of agile connection amongst development & IT operations.
DevOps is an IT cultural revolution sweeping through today’s organizations that want to develop, design, test, and deploy software more quickly and effectively. DevOps training in Hyderabad will enable you to master key DevOps principles, tools, and technologies such as automated testing, Infrastructure as a Code, Continuous Integration/Delivery, and more.
Software development (Dev) and IT operations (Ops) are combined in DevOps (Ops). Its goal is to shorten the systems development life cycle and provide high-quality software delivery on a continuous basis. DevOps is an add-on to Agile software development; in fact, several aspects of DevOps came from the Agile methodology.
Academics and practitioners have not developed a universal definition for the term “DevOps” other than it being a cross-functional combination (and a portmanteau) of the terms and concepts for “development” and “operations.” DevOps is typically defined by three key principles: shared ownership, workflow automation, and rapid feedback.
DevOps is defined as “a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality,” according to Len Bass, Ingo Weber, and Liming Zhu, three computer science researchers from the CSIRO and the Software Engineering Institute. The term is, however, used in a variety of contexts. DevOps is a combination of specific practices, culture change, and tools at its most successful.
Under a DevOps model, development and operations teams are no longer “siloed.” Sometimes, these two teams are merged into a single team where the engineers work across the entire application lifecycle, from development and test to deployment to operations, and develop a range of skills not limited to a single function.
In some DevOps models, quality assurance and security teams may also become more tightly integrated with development and operations and throughout the application lifecycle. When security is the focus of everyone on a DevOps team, this is sometimes referred to as DevSecOps.
These teams use practices to automate processes that historically have been manual and slow. They use a technology stack and tooling which help them operate and evolve applications quickly and reliably. These tools also help engineers independently accomplish tasks (for example, deploying code or provisioning infrastructure) that normally would have required help from other teams, and this further increases a team’s velocity to know more about the Devops get your Devops training Now.
SESSION TITLE
DevOps - IaC
SESSION THEME
DevOps
SESSION OVERVIEW
This is a hands-on experience workshop on "DevOps - IaC" and Automation from Infrastructure prospective. The session provides valuable insights on How "IaC" is going to be future for traditional DC, VM's and for Cloud, and How to setup or start with "IaC", what tool set and pipelines can be used and followed to move from traditional manual approach to automated DevOps approach.
SESSION AGENDA
What is DevOps? and Why you need DevOps?
What is DevOps - IaC?
Overview of some essential tools like Git, Jenkins, Docker/Ansible
Live Demo
Q&A
SESSION TAKEAWAYS
DevOps - IaC Framework
Overview of Tool Set
Pipeline Creation Overview
Automation Idea
And at last confidence to start a change towards DevOps
DURATION
45 Mins
Eclipse DemoCamp Budapest 2016 November: Best of EclipseCon Europe 2016Istvan Rath
Ebben a DemoCamp előadásban az EclipseCon Europe 2016 és SiriusCon 2016 konferenciák legfontosabb témáit, technológiáit foglalom össze, kiegészítve néhány szubjektív véleménnyel és megérzéssel a technológiai trendekről.
Summit 16: NetIDE: Integrating and Orchestrating SDN ControllersOPNFV
NetIDE is a EU-funded project that is known to the OpenDaylight community, because we have contributed a component to the Beryllium release. However, the full NetIDE ecosystem is much more. It is an extended SDN controller framework that allows users to cherry-pick the best of breed both for the network facing controller and the SDN framework for applications. In addition it provides an application composition engine that allows network operators to introduce software development concepts like code reusability in their production cycle. In this talk, I will introduce the whole Network Engine as well as the NetIDE Eclipse plugin that allows us to create SDN applications, test them and run them on the NetIDE engine and reflect on why we contributed what we contributed to OpenDaylight.
Eclipse Che - A Revolutionary IDE for Distributed & Mainframe DevelopmentDevOps.com
Eclipse Che introduces a new kind of developer tool that runs directly on Kubernetes and is accessible through a web-based IDE. The container architecture enables easy and rapid onboarding of new team members while eliminating workstation maintenance costs and limitations, all while leveraging a VS Code-like experience. The release of Che 7.0 by the open source community goes further by making the developer environment consistent, repeatable and reproducible. Now available for mainframe-based code with the Che4z subproject, teams can collaborate on cross-platform applications and bridge the distributed/mainframe divide.
The panel with discuss how the Eclipse Che IDE and workspace server drive developer productivity and improve overall software delivery.
The future of you application development platforms, the ability to create applications that are cloud native with elastic services and network aware application policies, and microservices is strategic to your company. When the decision to build you next product is made, Openstack and Microservices became central to your application architectures and becomes strategic to your vision.
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...Cisco DevNet
Nowadays, we heard a lot regarding micro services and DevOps but then, what are the impacts for an application development and how to really achieve this? The demo will demonstrate the benefits of using Docker (and related tools / technologies) for a micro services application and then having a continuous integration / tests / deployment workflow on CCS/Nimbus.
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...Ashnikbiz
This was presented by Steven Thwaites, Technical Solutions Engineer at Docker at Cloud Expo Asia. Docker is the only Containers-as-a-Service platform for IT that manages and secures diverse applications across disparate infrastructure, both on-premises and in the cloud. It covers topics like:
VMs vs Containers
The Docker Ecosystem
How to Build and Ship your Docker Image
Unique Advantages with Docker EE and more
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in RomaOW2
This presentation is given by Stefano Pampaloni at the RIOS Open Source Week, Nov. 2022 in Roma.
Abstract: Established in 2007 as a non-profit organisation, OW2 is an independent community dedicated to promoting open source software for information systems and fostering their business ecosystems. OW2 federates 50+ organizations and 2500+ IT professionals worldwide. OW2 hosts 50+ technology Projects. RIOS is an Italian network of companies established in 2015 aiming to improve open source adoption and to build sustainable businesses around it
OW2 and RIOS are working together to foster collaboration between European open-source stakeholders.
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...OW2
The Good Governance Initiative (GGI) proposes a methodological framework to assess open-source awareness, compliance and governance in any kind of organizations, helping them to structure and improve the use of FOSS towards an OSPO. The GGI was initiated by OW2 and is developed by the OSPO Alliance. This presentation will give an overview of the initiative, its organization, roadmap, first achievements and next steps.
GLPi v.10, les fonctionnalités principales et l'offre cloudOW2
Presentation de la solution open source GLPi lors de la session "Open cloud by OW2" dans la conférence Cloud Datacenter + infra des 29 et 30 juin 2022 à Paris.
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...OW2
Presentation de la solution open source Centreon lors de la session "Open Cloud by OW2" à la conférence Cloud Datacenter+Infra des 29 et 30 juin à Paris.
FusionIAM : la gestion des identités et des accés open sourceOW2
La solution FusionIAM est présentée dans la session "Open Cloud by OW2", organisée lors de la conférence Cloud Datacenter + Infra les 29 et 30 juin 2022 à Paris.
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...OW2
Connaissez-vous OW2 ? Aventure commencée en 1999 à Grenoble sur la base d'un consortium industriel dédié au middleware open source, devenu association sans but lucratif d'échelle européenne en 2006 sous le nom d'OW2, nous agissons pour la diffusion du libre dans le monde professionnel depuis plus de 20 ans.
OW2 compte des adhérents de toute taille : 2.600 individuels en adhésion gratuite, et 30 institutionnels, de la TPE unipersonnelle à Orange, Microsoft ou Huawei, de l'Inria ou le Fraunhofer Fokus à la Gendarmerie Nationale ou la ville de Paris.
Nos projets sont plus célèbres que nous : ASM, Centreon, Lutece, PrestaShop, Sympa ou Rocket.Chat vous diront peut-être quelque chose ?
Philosophiquement, OW2 se trouve quelque part entre Eclipse et Apache : culture technique, infrastructure d'hébergement et d'assistance pour les projets, sur la ligne de crête entre l'esprit du libre et les contraintes du business, nous sommes un acteur de l'économie sociale, persuadé que l'open source est central dans une transformation sociétale nécessaire qui ne pourra se faire sans l'adhésion du monde industriel et académique.
A un tournant de notre histoire, nous investissons le créneau de la qualité industrielle des projets avec notre méthodologie "Market readiness Levels", et la gouvernance de l'open-source comme membre fondateur de l'OSPO Alliance (ospo.zone) et éditeur du guide méthodologique "OSS Good Governance handbook".
Ne nous y trompons pas : OW2 est un acteur éminemment politique, porteur d'une vision fondée sur la transformation du monde professionnel et de ses valeurs par le code et la coopération. Et cette présentation, avec un survol de notre histoire, adhérents, initiatives et projets, est également l'occasion d'en débattre.
This presentation by Cedric Thomas (OW2 CEO) details three OW2 initiatives to engage with mainstream open source software users, including the H2020 ReachOut project, Market Readiness and Good Governance.
Towards a sustainable solution to open source sustainability, OW2online20, Ju...OW2
A few years ago, Heartbleed epitomized a massive open source sustainability problem for critical parts of the internet infrastructure. The bug, which affected the popular OpenSSL cryptographic software library, notably compromised the confidentiality of 4.5 million US patient records and cost the industry an estimated $500M. It was soon revealed that the root cause of the issue was that OpenSSL was precariously understaffed. Open source sustainability became a major theme overnight. Stories of maintainer burn-out made the headlines. And tentative solutions started to emerge, most of them donation-based. In this talk we’ll explore a number of existing strategies to fund open source and make it more sustainable, from patronage to dedicated ad networks. And we’ll defend the idea that the best path to open source sustainability is to help companies understand the tangible business value they can get from contributing to open source.
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...OW2
Presentation of the advanced optimization concepts for cloud computing application using open source Melodic/Morphemic platform. It will cover application architecture polymorphing and proactive adaptation based on forecasted applications needs.
Open Source governance and the Eclipse Foundation, OW2online, June 2020OW2
Presentation by Gael Blondelle, Managing Director at Eclipse Foundation.
Abstract:
In this talk, we will cover two complementary topics: The different Eclipse projects related to Open Source governance, like Eclipse SW360, SW360 Antenna, and Eclipse Steady, as well as the opportunity to leverage SW360 as the core of a larger Open Source governance initiative.
The Eclipse IP Process that has been applied to hundreds of Eclipse projects for more than 15 years and is going through a modernization process that involves both simplification from the developer point of view, and openness to new source of trusted data like Clearly Defined.
Open source contribution policies, OW2online, June 2020OW2
Open source contribution policies are long, boring, overlooked documents, that generally suck. They're designed to protect the company at all costs. But in the process, end up hurting engineering productivity, and morale. Sometimes they even unknowingly put corporate IP at risk.
But that's not inevitable.
It's possible to write open source contribution policies that make engineers lives easier, boost morale and productivity, reduce attrition, and attract new talent. And it's possible to do so while reducing the company's IP risk, not increasing it.
In this talk, we'll look at the general structure of contribution policies, examples in the wild, and tactics to make them suck less.
We'll also look at how to turn these policies into self-service software, preventing the tedious email back and forth between engineering and legal in most cases and making open source contribution a breeze. Presentation by Tobbie Langel, UnLockOpen.
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...OW2
Presentation by Jose Manrique, CEO at Bitergia.
Abstract: 2020 has started intense for many countries. It's been just a few months, but the things we have lived make us feel like it's been years. Covid-19 pandemic has hit everywhere and forced many people to work from home. If you were lucky enough to be in one of these modern companies that have adopted digital transformation years ago, would that be a problem? Many people have thought it wasn't, but it has really been. And what about the rest of the software developers involved in companies not ready for remote work at all?
It's been said that nothing has boosted more companies' digital transformation than covid-19. But, are their managers ready for such change? Managing software development at scale is not an easy task, and this pandemic has disrupted the way projects are being developed in many companies.
During this talk, I would like to share lessons learned from open source development at scale that might help companies to adapt to these changes. But more specifically, lessons about how software development analytics help managers to understand collaborative remote work.
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020OW2
Presentation by Olivier Fendt, Senior Manager Open Source Software at Siemens.
Abstract: The well-known OpenChain project launched in Sept 2019 a Tooling Group. The objective of this group is to realize a turn-key Open Source toolchain for Open Source Compliance, which is / can be easily integrated in the software development CI/CD pipelines. The Tooling Group uses open source principles to accomplish this, creating a meritocracy producing real world solutions for real world challenges, and sharing these results with all interested parties. The presentation gives an overview of the Tooling group its objectives, the areas of focus, the current state and future plans.
Open Source Compliance at Orange, OW2online, June 2020OW2
Presentation by Nicolas Toussaint, Software Architect, Orange.
Abstract: Orange and Orange Business Services have turned to full open source solutions to tackle the complex problem of respecting the open source legal compliance constraints.
This talk presents the journey undertaken the past few years to build and improve the existing tooling and processes to make compliance validation possible, as well as allow overseeing progresses.
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020OW2
Presentation by Boris Baldassari, Consultant, Castalia Solutions.
Abstract: While Open Source Software has become mainstream, the understanding of its key principles, from ethics and collaboration to governance and community management, is gaining more interest and attention. There is a comprehensive volume of studies and reports backing up our individual and collective experience, yet we still cannot reliably measure these characteristics, and even less clearly define or assess them.
In an attempt to build up confidence and foster maturity in this area, this talk will look at the various existing models and metrics related to OSS compliance and governance, and build upon them to propose methods and tools for their evaluation and analysis. We will discuss the requirements and essential questions to ask, offer guidelines for implementation and suggest efficient ways to present results.
Intelligent package management with FASTEN, OW2online, June 2020OW2
Presentation by Amir Mir, TUDelft.
As recent events, such as the leftpad incident and the Equifax data breach, have demonstrated, dependencies on networks of external libraries can introduce projects to significant operational and compliance risks as well as difficult to assess security implications. FASTEN introduces fine-grained, method-level, tracking of dependencies on top of existing dependency management networks. In our talk, we will present how FASTEN works on top of the Rust/Cargo and Java/Maven ecosystems.
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020OW2
The DECODER project simplifies software library and component reuse, while ensuring that they will behave as expected by the developer. The DECODER central database (PKM) stores code-related artifacts and establish bindings between them, notably by generating formal specification from informal requirements or semi-formal models from source code. Presentation by Virgile Prevosto, CEA List.
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...OW2
Artificial Intelligence is now smarter than ever, showing human-like abilities at complex tasks such as images classification or natural language processing.
But despite its recent advances, it's still not a silver bullet. This talk will present a few challenges in the research and development of artificial intelligence that slow down its progress and adoption. In particular, problems around fairness, the training of models and how to share them will be introduced as well as possible Free Software solutions. Presentation by Vincent Lequertier, PhD Student, Lyon UNiverversity.
Cacti and Big Data at Orange France, OW2online, June 2020OW2
We propose a walkthrough of current utilization of Open Source Software in capacity planning for the Orange network infrastructure.
The objective of our project is to have a platform that helps engineers to carefully plan the resources available to them as well as to correlate different incidents within remote parts of the infrastructure.
In order to achieve this we started using Cacti with the Spine collector which worked great, but Orange France is a very large company with many entities, each with its own governance, and so we began to see some limitations.
There was a need to centralize some information from different parts in Orange France as well as to integrate the equipment capacity and load values into BigData Orange.
In order to achieve this we developed the “Puits de donneés” platform completely based on Open Source Software.
The visualization and statistical analysis part is handled by Grafana while the ETL runs on Apache Software Foundation products like NiFi, Zookeeper and Ambari with a storage solution from MariaDB for which we did extensive performance tuning and customization due to the large amounts of data.
Open Source Geographic Information System at Orange, OW2online, June 2020OW2
We will present the platform, its component, and will discuss the challenges we met with its deployment.
Our platform is for engineer deploying Fiber to Home/Office , providing GIS capabilities among several layers on a Map. Developed by an Orange team of 30 people, half based in Lannion (Britany) and half in Tunis(Tunisia). components : Angular/OpenLayer, Springboot/PostgreSql(with Gis extensions)/GeoServer/QGIS, mapfishprint for PDF. Available on thin client or via APi.
The team was able to develop the platform according to business requirements, thanks to the technical support of our open source partner : Oslandia.
Moreover, Orange played the open source game by giving back to the community the evolutions on the components.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Enabling DevOps for IoT software development, powered by Open Source, OW2online, June 2020
1. www.enact-project.eu
1
Enabling DevOps for IoT software
development: A research journey powered
by Open Source
Hui Song, Nicolas Ferry, SINTEF, Norway
Recorded on May 17, 2020
4. www.enact-project.eu
4
DevOps in a nutshell
• DevOps core values:
• Culture: Practice of operation and
development engineers participating
together in the entire system lifecycle
• Automation: Infrastructure as Code,
Continuous Delivery
• Feedback: Measure everything,
feedback from Ops to Dev
CODE
BUILD TEST
RELEASE &
DEPLOY
OPERATE
5. www.enact-project.eu
5
DevOps is challenging for IoT
Distribution and Diversity
• Heterogeneous and unstable devices, software, stacks, etc.
Multi-context & scalability
• Distributed components running in different context.
• More context means higher exposure to trustworthiness treats.
Actuators
• Impact on the physical world!
12. www.enact-project.eu
12
• Challenges
• Large number of sub-systems
• Different contexts -> Diverse software
• Main innovation
• Decoupling between deployment model
and particular device groups
• Typical operations for DevOps teams
• Achievements
• Integration with Microsoft IoT Hub
• Working with multiple companies for
further development
• Integration with GeneSIS for the "last-
mile deployment" Code
A fleet of similar device-sets
(The TellU use case!)
CODE
BUILD TEST
RELEASE &
DEPLOY
OPERATE
An example: DivEnact
14. www.enact-project.eu
14
Innovation: Building DevOps toolchain
for 3 teams from different domains
Rail Domain Smart Building eHealth
Enhancing train integrity
control
Smart Energy Efficiency and
Smart User Comfort
applications
Personal health gateway
Customization to end user
needs
15. www.enact-project.eu
15
Continuous Risk Management
• Start-up created in January 2019 in ENACT in collaboration with H2020
PDP4E project (focused on GDPR and privacy aspects)
• Offers: Easy-to-use solution to continuously control risks in complex
digital systems and collect evidence of risk control efficiency
• Early Adopters: eHealth and construction (internal & external to ENACT)
Measure mitigation
effectiveness through
evidence collection
Continuous and real-time
analysis and automation
for risk assessment
Support for legal regulation
compliance with multiple
stakeholders
17. www.enact-project.eu
17
Conclusion
• Novel research is needed to support DevOps for IoT
• Open source tools provides strong support for software engineering
research
• We also use open source as the carrier of further innovation
Thank you very much!