|
|
|
|
“GitHub is full of cloned dependencies and auto-generated code.”
|
|
|
Uniqueness Is Rare on GitHub. OK, I admit it. I rely on Adrian Colyer to read dense computer science articles that are loaded with math beyond my comprehension. A recent edition of his morning paper highlighted a basic truth – most files on GitHub are not original. At the heart of many developers’ open source world, GitHub enables collaboration within a version control system. It turns out that most collaboration is building on top of the work of others. According to the authors of DéjàVu: A Map of Code Duplicates on GitHub, eighty-two percent of files in non-forked projects written in Java, C++, Python or JavaScript are found in another project’s code base.
Java has the fewest duplicated files, but even here about half of the other files can be considered similar. These were likely cloned from another repository and have only been slightly modified, like by adding comments, moving code around or adding a few extra lines. JavaScript’s tendency to use many smaller files skews the numbers somewhat. More significantly, many projects include libraries available through NPM. This is a problem because if library components are committed as application code, then it decreases the likelihood that upstream changes in frameworks and libraries will be implemented.
By its very nature, open source proves that imitation is a form of flattery, but has this gone too far? Of course not. Long live copycats. Yet, the prevalence of dependencies creates unique challenges for security and software quality. There are ways to address these issues. GitHub has created tools to identify dependencies. Along with many security companies, Libraries.io has created tools to check your repositories’ components versus their original source in the software supply chain. From a metrics perspective, we continue to gain consensus on just how to track these types of ecosystem dependencies. Stay tuned.
|
|
|
The intersection of software development, security, and operations can be difficult for some businesses to traverse. Platforms such as Cloud Foundry aim to help organizations bridge the gap, while still focusing on security.
Snyk CEO and co-founder Guy Podjarny addressed the announcement of the architectural decisions seen by Cloud Foundry in the Cloud Foundry Container Runtime and Cloud Foundry’s continued focus on the BOSH platform in a discussion with TNS founder Alex Williams on this episode of The New Stack Makers.
|
|
Welcome Alcide and Aqua Security
This month we welcome two new sponsors to the fold, both companies founded to address issues around container security: Alcide and Aqua Security
Alcide delivers a network security platform designed for any combination of container, VM and bare metal data centers operated by multiple orchestration systems. Alcide empowers DevOps, security and engineering teams with simplified and autonomous control to manage and secure the evolving data center and hybrid cloud, at any scale. Offering real time, aerial visibility and granular perspectives of both infrastructure and applications, Alcide secures the data center against cyber attacks, including malicious internal activity and data exfiltration.
The company attracted investment from Microsoft Accelerator program which funds innovative Series A, late-stage startups. It was also one of 15 startups that received a total of $60 million worth of investments by Intel Capital.
Aqua Security provides a full life cycle security platform for containerized applications, enabling organizations to manage vulnerabilities in the DevOps pipeline, detect and prevent attacks during runtime, and simplify regulatory compliance. Aqua Security was founded by IT security veterans from companies including Intel Security, CA Technologies and Imperva. According to the company, its “container security platform was architected specifically to address the challenges of visibility, control, isolation, intrusion detection and intrusion prevention in container environments, while remaining transparent and non-intrusive to DevOps, allowing organizations to reap the business benefits of containers without increasing their risk profile.” It has received investment funding from Microsoft Ventures, TLV Partners and Lightspeed Venture Partners.
Keep an eye out on The New Stack website for coverage on these two important, up-and-coming security companies in the container ecosystem.
|
|
|
A member of LinkedIn’s talent solutions team, Senior Software Engineer Neha Jain was surprised to find out that she had been nominated to be one of ten recipients of this year’s CloudNOW’s “Top Women in Cloud Innovation” awards, honoring women in tech who are helping pioneer cloud and emerging technologies. In part, it is for her work on a hiring application that leverages the cloud, machine learning and other cutting-edge tech.
|
|
|
There are a variety of techniques to deploy new applications to production, so choosing the right strategy is an important decision, weighing the options in terms of the impact of change on the system, and on the end-users. This contributed post from Container Solutions software engineer Etienne Tremel reviews a number of strategies, including Canary Releases, A/B testing and Shadow deployments.
|
|
|
LogicMonitor, which offers hosted performance monitoring, has unveiled LM Cloud, an extension to its monitoring suite specifically tailored for multiple cloud services. Previously, LM Cloud was focused on Amazon Web Services, but now it can support Microsoft Azure as well.
|
|
|
NOVEMBER 27-DECEMBER 1, 2017 // LAS VEGAS, NEVADA @ MGM GRAND, ARIA, BELLAGIO, MIRAGE, VENETIAN, ENCORE
AWS re:Invent
Complexity is overwhelming organizations as their technology stacks become more sophisticated and technologically advanced. It’s a theme we’ll cover closely with PagerDuty at AWS re:Invent. We’ll discuss the human factor that comes with complex automation requirements, and why it may signal changes for an entire organization as it thinks through how software affects every aspect of any business.
|
|
|
DECEMBER 6-7, 2017 // AUSTIN CONVENTION CENTER
KubeCon+CloudNativeCon
Wednesday Pancakes – What is service mesh technology, why are we hearing about it and why should we care? Sponsored by Buoyant.
Thursday Pancakes – Evolving Patterns in Kubernetes and Cloud Native Technologies. Sponsored by Alcide and Chef.
|
|
|
Kubernetes emerged from a need to run cloud-native applications on a massively scaled network, and that’s exactly what it’s enabling its growing user base to do. The demand for platforms that can run web-scalable workloads means Kubernetes is increasingly under consideration by IT engineering teams, and many will choose to adopt the project.
This ebook serves as a primer for both newcomers, assessors and implementers who are looking to make the most of the ecosystem of products and services emerging around Kubernetes. We also go well beyond the basics and explore where Kubernetes fits into the DevOps pipeline, how to overcome production challenges, and considerations for Kubernetes adopters.
|
|
|
|
We are grateful for the support of our ebook foundation sponsor:
|
|
|
|
|
|
|
|
|
