Training as Code - Applying CI/CD to training

The document summarizes navigating open source communities and contributions. It provides statistics on open source usage and diversity. It then presents a case study of the Kubernetes community and CNCF, detailing its growth and impact. Finally, it outlines different levels of involvement from consumer to leader and offers advice on finding sponsors and navigating unspoken rules to contribute effectively.

From Zero to DevOps Superhero: The Container Edition (JenkinsWorld SF)

Jessica Deen

This document contains a presentation on containers and DevOps. It discusses how modern life runs on code, with intelligent vehicles, smart cities, and other technologies relying on millions of lines of code. It then discusses how containers can help developers and operations teams by enabling portable and standardized applications. The rest of the presentation demonstrates container concepts like layers, compares containers to virtual machines, and discusses tools like Kubernetes, Helm, and best practices for using containers in a DevOps workflow.

The document discusses a career day presentation about DevOps engineering and cloud career paths. The presentation covers what DevOps is, the roles of developers and operations teams, DevOps practices like continuous integration and delivery, and AWS services that can be used as part of a DevOps approach like CodePipeline, CodeBuild, and CloudFormation. It emphasizes that DevOps is a culture of collaboration between development and operations and encourages automating as many processes as possible.

Cloud native past, present and future, Accenture Technology Workshop, IL

This document summarizes Cheryl Hung's presentation on cloud native computing. The presentation covered the Kubernetes community and role of the CNCF in growing it, current architectural trends like serverless computing and service meshes, and new norms for companies engaging in open source like individual contributions over company reputation. It encourages companies to establish open source program offices to guide compliance, outreach and executive support for open source contributions.

The As, Bs, and Four Cs of Testing Cloud-Native Applications

Security assessments are a critical part of any security program. Being able to identify – and communicate about – vulnerabilities systems is required to get vulnerabilities prioritized for remediation. For web and mobile applications, assessment methodologies are reasonably straightforward and established. However, for cloud-native applications, the combination of new technologies and architectural elements has introduced questions about how to scope, plan, and execute security assessments. This presentation looks at how the assessment landscape has changed with the introduction of cloud-native applications and explores how threat modeling is central to testing their security. In addition, the “Four C’s” conceptual model for looking at cloud-native application security is introduced, including a discussion of how both automated and manual testing methodologies can be used to accomplish assessment goals. Finally, vulnerability contextualization and reporting are discussed, so that teams running cloud-native application assessments can properly characterize the results of their efforts to aid in the prioritization and remediation of identified issues.

Cloud native past, present and future

This document summarizes a presentation about cloud native computing from a community perspective. It discusses the growth of Kubernetes and the Cloud Native Computing Foundation (CNCF) community. It provides statistics on member companies and countries involved in CNCF. It also outlines the CNCF's role in fostering open source cloud native projects and describes some of the services it provides. Finally, it discusses the importance and impact of cloud native technologies, including their role in improving efficiency and reducing carbon emissions.

Enabling Developers in Your Application Security Program With Coverity and Th...

Developers need to move quickly and efficiently. Coverity’s speed, accuracy, ease of use, and scalability meet the needs of even the largest, most complex environments. ThreadFix allows you to centralize all test and vulnerability data in one place so your software security team can spend less time on manually correlating results and more time focusing on higher-level risk decisions. Join us to get a firsthand look at how Coverity and ThreadFix arm development teams with the tools they need to advance security programs in real time.

Secured Technology Platform Provider in Enterprise IT

WIKI LABS SDN BHD

Wiki Labs As a Secured Technology Platform provider in Enterprise IT space, Wiki Labs strive to be the next generation Solution Provider to provide many gaps in the technology world. A decade of experience in IT Business makes our clienteles grow exponentially across the region from financial services to Telco industry, from large corporation to public sector and GLC. Our motive is to progress mankind with what we can deliver, our aim is to make this world a better place through technologies we offer. We enjoy our growths, always stay ahead at the curve and be the best in what we do!

Enabling Developers in Your Application Security Program With Coverity and Th...

This document discusses how Coverity static analysis and ThreadFix application security management can work together. Coverity finds defects and security issues in code during development. ThreadFix consolidates vulnerabilities from multiple scanners, prioritizes risks, and translates issues for developers in their existing tools. When integrated, Coverity results are imported into ThreadFix to give context and be tracked through remediation. This allows securing the entire software development lifecycle.

How to (Permanently) Fix the Most Common DevOps Security Blunders

This document discusses achieving greater speed and agility in continuous deployment while maintaining security. It advocates shifting security practices left in the development process to foster a DevOps culture. Some anti-patterns like security teams operating in silos are highlighted. The document recommends minding default configurations, treating applications like user identities with least privilege access, and auditing everything. A new secrets management product coming in December is mentioned that can securely store and manage secrets for DevOps workflows using microservices, containers, and APIs. In conclusion, the document recommends following general best practices while shifting security left in the development process.

A Guided Journey of Cloud Native, featuring Monzo

The document discusses the Cloud Native Computing Foundation (CNCF) and provides an overview of cloud native concepts. It describes the CNCF's mission to foster open source, vendor-neutral cloud native projects and some of its activities. It then outlines a scale from houses to cities to describe how cloud native practices become more important as software systems increase in complexity and size, from source control and continuous integration for small systems, to high availability, storage and security for large systems with 500+ services. The document promotes upcoming KubeCon + CloudNativeCon conferences in Europe, China and North America.

Cloud native past, present and future

The document summarizes Cheryl Hung's presentation on cloud native computing past, present and future. The presentation discussed Kubernetes starting as internal Google technology, being open sourced in 2014, and growing to be the largest cloud native project at the CNCF. It also reviewed how the CNCF fosters open source projects and graduated over 20 projects, as well as common questions received about what the CNCF does and how projects can be donated. The presentation concluded by discussing challenges to cloud native adoption and how cloud native technologies can help address issues like climate change.

Leveraging Multiple Cloud Orchestration

DOCOMO Innovations, Inc.

The document discusses leveraging multiple cloud orchestration. It introduces a cloud orchestrator tool that aims to provide a self-service portal for users to provision cloud resources across different cloud platforms like AWS, Azure and GCP. This is intended to reduce the workload for IT operators by enabling self-service provisioning rather than requiring users to make resource requests. The orchestrator also offers cost optimization and governance features to help manage resources and costs across multiple clouds. A demo is provided showing example features of the orchestrator tool.

Scale DevSecOps with your Continuous Integration Pipeline

Hear from AppSec and Development leaders on how they apply the principles of DevOps to deliver secure products and services to customers. Learn how you can scale your DevSecOps initiatives to reduce time-to-deployment and lower costs as you deliver secure software. During this webinar, you will learn about the latest tools and techniques that will enable your development teams to embed security scanning into your IDE as you are coding, returning most scans in seconds – all while integrating into your CI pipeline. Our speaker will provide: An overview of Veracode Greenlight and its integrations with developer tools; A summary of recent Greenlight use cases and successes; Examples of how Greenlight integrates into your CI pipeline

Enumerating Enterprise Attack Surface

Synopsys Software Integrity Group

Many organizations have only a passing understanding of the scope of their application portfolios and how these assets are exposed to the Internet and other potentially dangerous networks. This puts them in a risky situation where they have attack surface that is unknown and unmanaged, often resulting in serious vulnerabilities being exposed indefinitely. This presentation looks at several tools and methods that can be used to enumerate enterprise application assets – including web applications, mobile applications, and web services. The discussion covers several open source application asset identification tools and compares their effectiveness. Finally, a framework for ongoing application asset discovery and enumeration is presented so that security managers can embark on a structured program to characterize their risk exposure due to their enterprise attack surface.

Webinar–Reviewing Modern JavaScript Applications

AWS DevDay Cologne - CI/CD for modern applications

Cobus Bernard

The document discusses approaches for modern application development including continuous integration, continuous deployment, infrastructure as code, microservices, and serverless technologies. It provides examples of using AWS services like CodePipeline, CodeBuild, CodeDeploy, SAM, and CDK to implement infrastructure as code, continuous integration, and continuous deployment. The document contains diagrams and code samples to illustrate these concepts and services.

Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...

Amazon Web Services

This document discusses lessons learned from implementing cloud automation at scale over multiple years at McGraw Hill Education. Some key lessons include: establishing centralized security configuration and response; using centralized account configuration for development, testing, and production environments; automating cost optimization techniques; developing networking automation while separating responsibilities between developers and network engineers; and integrating security practices into the DevOps toolchain and AMI management process. The benefits of these practices include increased speed, safety, accessibility, productivity, depth and breadth of cloud operations.

CI/CD Best Practices for Your DevOps Journey

The journey to realizing DevOps in any organization is fraught with a number of obstacles for developers and other stakeholders. These challenges are often caused by key CI/CD practices being misunderstood, partially implemented or even completely skipped. Now, as the industry positions itself to build on DevOps practices with a Software Delivery Management strategy, it’s more important than ever that we implement CI/CD best practices, and prepare for the future. Join host Mitchell Ashely, and CloudBees’ Brian Dawson, DevOps evangelist, and Doug Tidwell, technical marketing director, as they explore and review the CI/CD best practices which serve as your stepping stones to DevOps and a successful Software Delivery Management strategy. The webinar will cover CI/CD best practices including: Containers and environment management Continuous delivery or deployment Movement from Dev to Ops By the end of the webinar, you’ll understand the key steps for implementing CI/CD and powering your journey to DevOps and beyond.

Open Source for First Timers

This document summarizes an open source presentation about getting involved in open source projects. It discusses how to get started with open source contributions, how to get paid for open source work, and potential pitfalls. The key points are: 1) There are many ways to contribute to open source projects beyond just coding, such as organizing events, helping others, writing documentation, and more. 2) Companies may sponsor open source work that aligns with their strategy to build their brand and recruit developers. If your company does not support contributions, you could crowdfund, seek grants, or start your own company. 3) It is important to be visible when contributing in order to potentially get paid opportunities. However

Using Cloud Hyperscale Vendors Cognitive Artificial Intelligence NoOps MLaaS

Björn Rodén

GitOps, Jenkins X &Future of CI/CD

Rakuten Group, Inc.

The document discusses GitOps, Jenkins X, and the future of CI/CD. It describes GitOps as using Git as the single source of truth for infrastructure configuration and changes. Jenkins X aims to make developing and deploying cloud native applications on Kubernetes easy by integrating best practices and tools. The future of CI/CD is discussed including serverless Jenkins, leveraging production traffic for testing, and using machine learning for smarter testing and predicting risky deployments. Overall it emphasizes the importance of continuous improvement and using technologies like GitOps and Jenkins X to enable faster and more reliable software delivery.

Docker and Jenkins [as code]

Thinking about Jenkins Security

AWS User Group - Thailand

Similar to Training as Code - Applying CI/CD to training

AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...

Cloud native past, present and future, Accenture Technology Workshop, IL

The As, Bs, and Four Cs of Testing Cloud-Native Applications

Cloud native past, present and future

Enabling Developers in Your Application Security Program With Coverity and Th...

Secured Technology Platform Provider in Enterprise IT

WIKI LABS SDN BHD

Enabling Developers in Your Application Security Program With Coverity and Th...

How to (Permanently) Fix the Most Common DevOps Security Blunders

A Guided Journey of Cloud Native, featuring Monzo

Cloud native past, present and future

Leveraging Multiple Cloud Orchestration

DOCOMO Innovations, Inc.

Scale DevSecOps with your Continuous Integration Pipeline

Enumerating Enterprise Attack Surface

Synopsys Software Integrity Group

Webinar–Reviewing Modern JavaScript Applications

AWS DevDay Cologne - CI/CD for modern applications

Cobus Bernard

Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...

Amazon Web Services

CI/CD Best Practices for Your DevOps Journey

Open Source for First Timers

Using Cloud Hyperscale Vendors Cognitive Artificial Intelligence NoOps MLaaS

Björn Rodén

GitOps, Jenkins X &Future of CI/CD

Rakuten Group, Inc.

Similar to Training as Code - Applying CI/CD to training (20)

AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...

Cloud native past, present and future, Accenture Technology Workshop, IL

The As, Bs, and Four Cs of Testing Cloud-Native Applications

Cloud native past, present and future

Enabling Developers in Your Application Security Program With Coverity and Th...

Secured Technology Platform Provider in Enterprise IT

Enabling Developers in Your Application Security Program With Coverity and Th...

How to (Permanently) Fix the Most Common DevOps Security Blunders

A Guided Journey of Cloud Native, featuring Monzo

Cloud native past, present and future

Leveraging Multiple Cloud Orchestration

Scale DevSecOps with your Continuous Integration Pipeline

Enumerating Enterprise Attack Surface

Webinar–Reviewing Modern JavaScript Applications

AWS DevDay Cologne - CI/CD for modern applications

Cloud DevSecOps masterclass: Lessons learned from a multi-year implementation...

CI/CD Best Practices for Your DevOps Journey

Open Source for First Timers

Using Cloud Hyperscale Vendors Cognitive Artificial Intelligence NoOps MLaaS

GitOps, Jenkins X &Future of CI/CD

More from Mark Waite

Docker and Jenkins [as code]

Thinking about Jenkins Security

Lessons from Jenkins Platform Support

Git for jenkins faster and better

Docker and Jenkins Pipeline

This document discusses how Docker and Jenkins can be used together for continuous integration. It describes how Docker provides repeatable environments that reduce unintended variations, and how Jenkins pipelines allow for frequent integration that detects issues earlier. Specific examples show how Docker images can standardize environments for building, testing, and reproducing bugs, while multi-branch Jenkins pipelines enable testing proposed changes before merging.

To TDD or not to TDD - that is the question

Git in-the-large

The document discusses several Git techniques for reducing network transfer and storage requirements when using Git in large projects or continuous integration systems, including reference repositories, narrow refspecs, shallow clones, large file support, and sparse checkouts. It outlines the benefits and limitations of each technique, such as reducing network transfer and local storage needs but potentially limiting history or breaking workflows. The goal is to help optimize remote repositories, master servers that detect changes, and agent servers that perform builds and jobs.

Jenkins - Continuous Integration after Hudson, CruiseControl, and home built

This document discusses Jenkins, an open source tool for continuous integration. It describes how Jenkins can help improve productivity by detecting breaks sooner, reporting failures more clearly, and making progress more visible. The document outlines how Jenkins is easy to install, use, and extend with over 300 plugins. It provides examples of using Jenkins for various programming languages and tasks like version control, building, testing, analyzing code quality, and notifications. Finally, it explains how Jenkins can support team development through features like multi-configuration and multi-stage jobs, and swarms to dynamically allocate resources.

Jenkins For One