DevOpsDays Austin 2016 talk. Compliance and security are the next steps after Infrastructure as Code and Test-Driven Infrastructure in expanding your DevOps workflow. Chef's open-source InSpec and audit cookbooks provide an accessible pattern for building compliance into your continuous delivery pipelines.
InSpec is an open source testing framework for infrastructure with a human-readable language for specifying compliance, security, and other policy requirements. Easily integrate automated tests that check for advherence to policy into any stage of your deployment pipeline.
Compliance Automation with InSpec
InSpec is an open source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security, and policy requirements. Using a combination of command-line and remote-execution tools, InSpec can help you keep your infrastructure aligned with security and compliance guidelines on an ongoing basis, rather than waiting for and then remediating from arduous annual audits. InSpec’s flexibility makes it a key tool choice for incorporating security into a complete continuous delivery workflow, reducing the risk of new features and releases breaking established host-based security guidelines. This talk covers the basics of working with InSpec, writing tests to reflect your organization’s security guidelines, and managing InSpec as part of a high-velocity workflow.
Effective Testing with Ansible and InSpecNathen Harvey
Ansible is an incredibly easy way to manage infrastructure and configuration. But what's the best way to ensure the changes to your Ansible playbooks have the intended outcome and do not introduce unwanted changes? And how can you verify your your playbook changes do not negatively impact the compliance status of your infrastructure?
In this session, we will learn about InSpec and how it's incredibly easy-to-read language allows for integration and compliance requirements to be expressed as code. We will look at how Test Kitchen and InSpec can be used to validate your Ansible playbooks and empower developers to test for compliance earlier in the development cycle. Additionally, we will also explore how to use and modify InSpec profiles created by others.
Presentation to the Perth MS Cloud Computing User Group on November 14, 2017. Covered off on how Chef, InSpec, Habitat and Chef Automate work with Windows, Azure and the Microsoft ecosystem.
Using Habitat to Unify Dev to CI to Production - Configmgmt Camp Feb/2018 GentSalim Afiune Maya
This talk is about the journey of a developer that starts working in a company (day one) and goes through the process from getting her computer setup all the way until she makes her first contribution to an application in production.
We will talk about Habitat, a tool to build, deploy, and manage applications. We will explain what is the Habitat Studio and the benefits of doing development in it and how we can leverage it to unity our application workflow.
Find here a recording of the demo: https://asciinema.org/a/160762
DevOpsDays Austin 2016 talk. Compliance and security are the next steps after Infrastructure as Code and Test-Driven Infrastructure in expanding your DevOps workflow. Chef's open-source InSpec and audit cookbooks provide an accessible pattern for building compliance into your continuous delivery pipelines.
InSpec is an open source testing framework for infrastructure with a human-readable language for specifying compliance, security, and other policy requirements. Easily integrate automated tests that check for advherence to policy into any stage of your deployment pipeline.
Compliance Automation with InSpec
InSpec is an open source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security, and policy requirements. Using a combination of command-line and remote-execution tools, InSpec can help you keep your infrastructure aligned with security and compliance guidelines on an ongoing basis, rather than waiting for and then remediating from arduous annual audits. InSpec’s flexibility makes it a key tool choice for incorporating security into a complete continuous delivery workflow, reducing the risk of new features and releases breaking established host-based security guidelines. This talk covers the basics of working with InSpec, writing tests to reflect your organization’s security guidelines, and managing InSpec as part of a high-velocity workflow.
Effective Testing with Ansible and InSpecNathen Harvey
Ansible is an incredibly easy way to manage infrastructure and configuration. But what's the best way to ensure the changes to your Ansible playbooks have the intended outcome and do not introduce unwanted changes? And how can you verify your your playbook changes do not negatively impact the compliance status of your infrastructure?
In this session, we will learn about InSpec and how it's incredibly easy-to-read language allows for integration and compliance requirements to be expressed as code. We will look at how Test Kitchen and InSpec can be used to validate your Ansible playbooks and empower developers to test for compliance earlier in the development cycle. Additionally, we will also explore how to use and modify InSpec profiles created by others.
Presentation to the Perth MS Cloud Computing User Group on November 14, 2017. Covered off on how Chef, InSpec, Habitat and Chef Automate work with Windows, Azure and the Microsoft ecosystem.
Using Habitat to Unify Dev to CI to Production - Configmgmt Camp Feb/2018 GentSalim Afiune Maya
This talk is about the journey of a developer that starts working in a company (day one) and goes through the process from getting her computer setup all the way until she makes her first contribution to an application in production.
We will talk about Habitat, a tool to build, deploy, and manage applications. We will explain what is the Habitat Studio and the benefits of doing development in it and how we can leverage it to unity our application workflow.
Find here a recording of the demo: https://asciinema.org/a/160762
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017AgileNZ Conference
For too long, audits and security reviews have been seen as resistant to the frequent release of software. Auditors require access to static systems and environments, which would seem to make continuous delivery impossible. Too frequently audits are a fire drill sampling of the current state and temporary fixes are put in place to appease the compliance audit without being integrated into future releases.
About Matt Ray:
Matt Ray is the Manager and Solutions Architect for Asia Pacific and Japan for Chef. He has worked in large enterprise software companies and founded his own startups in a wide variety of industries including banking, retail and government.
He has been active in open source communities for over two decades and has spoken at, and helped organise, many conferences and Meetups. He currently resides in Sydney, Australia after relocating from Austin, Texas. He podcasts at SoftwareDefinedTalk.com, blogs at LeastResistance.net and is @mattray on Twitter, IRC, GitHub and too many Slacks.
Prescriptive Security with InSpec - All Things Open 2019Mandi Walls
What is Chef InSpec, and how can it help you manage and maintain system security through the full lifecycle of your applications? See how this powerful tool can keep your systems secure. Demo slides included in the appendix
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...Amazon Web Services
In this session, you will learn how to deploy complex Windows workloads and ways AWS CloudFormation, AWS OpsWorks, and AWS CodeDeploy enable you to automate your Windows application life-cycle management. We will also discuss the monitoring, logging, and automatically scaling of Windows applications. Learn More: https://aws.amazon.com/government-education/
Explore seamless development with Continuous Integration using Jenkins and Python. Learn the essentials of integrating Jenkins with Python for efficient software deployment and management.
Adding Security to Your Workflow with InSpec (MAY 2017)Mandi Walls
An introduction to InSpec and its motivations for teams looking for a security and compliance tool for their organizations. May 2017 edition. Atmosphere.pl Krakow and Netways OSDC Berlin.
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecNETWAYS
InSpec is an open source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security, and policy requirements. Using a combination of command-line and remote-execution tools, InSpec can help you keep your infrastructure aligned with security and compliance guidelines on an ongoing basis, rather than waiting for and then remediating from arduous annual audits. InSpec’s flexibility makes it a key tool choice for incorporating security into a complete continuous delivery workflow, reducing the risk of new features and releases breaking established host-based security guidelines.
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsNETWAYS
InSpec is an open source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security, and policy requirements. Using a combination of command-line and remote-execution tools, InSpec can help you keep your infrastructure aligned with security and compliance guidelines on an ongoing basis, rather than waiting for and then remediating from arduous annual audits. InSpec’s flexibility makes it a key tool choice for incorporating security into a complete continuous delivery workflow, reducing the risk of new features and releases breaking established host-based security guidelines.
Continuous Integration Testing Techniques to Improve Chef Cookbook QualityJosiah Renaudin
Chef, Puppet, and other tools that implement “infrastructure as code” are great for configuration management and automated deployments, but it is difficult to test these infrastructure scripts before putting them into production. Since infrastructure as code is a relatively new technology, methodologies for its testing are not yet standardized. Glen Buckholz shares a way to solve the two major problems with testing Chef scripts—[1] capturing a start state similar to your target environment, and [2] rolling back to the starting state when your script fails. Development techniques are typically ad-hoc with most developers creating a personal method of testing in their own environment or circumstance. Glen shows how to use established continuous integration (CI) techniques to allow an automated platform to more quickly generate test results and automatically stage the code to the Chef server. By linking together established CI and testing techniques, we can hold Chef code development to the same mature standard as application programming.
Habitat-managed Chef with Policyfiles: Learn how to leverage the power of Habitat, chef-client and Policyfiles to produce an immutable application containing all of your chef cookbooks that can be locally tested and provides a consistent and guaranteed picture of desired configuration state across all target environments.
This talk is an in-depth look at all we, at Chef, have learned and what we love and what could be better about Configuration Management, Continuous Delivery and DevOps. We'll explore the pain points that still exist, especially as teams try to bring containers and microservices into production. We’ll then explore how to ensure the apps you build, deploy, and manage behave consistently in any runtime — metal, VMs, containers, and PaaS. You'll spend less time on the environment and more time building features.
Presented by Simon Fisher at DevOps World London November 2016
How to Accelerate Agile, Lean and DevOps Adoption Across Your OrganizationChef
Implementing lean, agile and devops is never a ‘big bang’ top-down process. Your role as managers is crucial though. Learn which barriers will stand in the way of scale, how to avoid tissue rejection and what you can do to embrace the 3 m’s… mapping, magnifying and maximising.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
135. 1500 Attendees! 55+ Speakers! Registration Open! Community Celebration!CHEFCONF 2016 AT A GLANCE
Workshops & Chef Training
Community Summit
Partner Summit
Welcome Reception
Keynotes
Technical Sessions
Happy Hour
Keynotes
Technical Sessions
Awesome Chef Awards
Community Celebration
DAY 1 // JULY 11 DAY 2 // JULY 12 DAY 3 // JULY 13
THREE DAYS OF OPPORTUNITY TO ENGAGE THE CHEF CUSTOMERS AND PARTNER ECOSYSTEM
chefconf.chef.io
DAY 1 // JULY 11
« Workshops & ChefTraining
« Community Summit
« Partner Summit
« Welcome Reception
DAY 2 // JULY 12
« Keynotes
« Technical Sessions
« Happy Hour
DAY 3 // JULY 13
« Keynotes
« Technical Sessions
« Awesome ChefAwards
« Community Celebration
THREE DAYS OF OPPORTUNITY TO ENGAGE THE CHEF CUSTOMERS AND PARTNER ECOSYSTEM