Integrating Black Duck into your Agile DevOps Environment

•

2 j'aime•2,533 vues

Organizations of all sizes using automation and agile methodologies to improve the speed and reliability of their software development initiatives. In this session we will provide an overview and demonstrations of the various ways you can integrate Black Duck Hub with your CI/CD tools to manage open source risks throughout development.

Technologie

Integrating Black Duck
in your Agile DevOps
Environment
Utsav Sanghani
Product Manager Black Duck Software

2Black Duck Customer Conference
Continuous
Build & Test
Code
Assimilatio
n
Development
Configure
& Release
Packaging
CONVENTIONAL CHECKS HAPPEN VERY LATE IN THE SDLC

3Black Duck Customer Conference
Continuous
Build & Test
Code
Assimilatio
n
Development
Configure
& Release
Packaging
CONVENTIONAL CHECKS HAPPEN VERY LATE IN THE SDLC

4Black Duck Customer Conference
Continuous
Build & Test
Code
Assimilatio
n
Development
Configure
& Release
Packaging
CONVENTIONAL CHECKS HAPPEN VERY LATE IN THE SDLC; APPLICATIONS SHIP
WITH VULNERABILITIES

5Black Duck Customer Conference
Continuous
Build & Test
Configure
& Release
Packaging
THE PROCESS IS MANUAL & NON LINEAR WITH ADDED TIME IN QUEUE BEFORE
RELEASE

How are Companies Managing Open Source Today? Not Well.HOW ARE COMPANIES MANAGING OPEN SOURCE TODAY? NOT WELL.
TRACKING VULNERABILITIES
• No single responsible entity
• Manual effort and labor intensive
• Unmanageable (11/day)
• Match applications, versions, components,
vulnerabilities
SPREADSHEET INVENTORY
• Depends on developer best effort or memory
• Difficult maintenance
• Not source of truth
MANUAL TABULATION
• Architectural Review Board
• Occurs at end of SDLC
• High effort and low accuracy
• No controls
VULNERABILITY DETECTION
Run monthly/quarterly vulnerability assessment
tools (e.g., Nessus, Nexpose) against all
applications to identify exploitable instances

IT IS IMMENSELY ADVANTAGEOUS TO MOVE LEFT
7Black Duck Customer Conference
1. REDUCED COSTS
Avoid human overhead costs

IT IS IMMENSELY ADVANTAGEOUS TO MOVE LEFT
8Black Duck Customer Conference
1. REDUCED COSTS
Avoid human overhead costs
2. REDUCED TIME TO MARKET
In process automation checks over post processing

IT IS IMMENSELY ADVANTAGEOUS TO MOVE LEFT
9Black Duck Customer Conference
1. REDUCED COSTS
Avoid human overhead costs
2. REDUCED TIME TO MARKET
In process automation checks over post processing
3. REDUCED RISK
Move checks to the left to facilitate higher remediation time with lower impact
Dev Ops

10Black Duck Customer Conference
Continuous
Build & Test
Code
Assimilatio
n
Development
Configure
& Release
Packaging
FEEDBACK
A FEEDBACK LINK BETWEEN CI & DEVELOPMENT IS NEEDED TO SHIP COMPLIANT
AND SECURE PRODUCTS

BLACK DUCK PROVIDES FEEDBACK: CI/BUILD IS THE PLACE TO PLUG IN
AUTOMATED CHECKS (CURRENTLY)
11Black Duck Customer Conference
Continuou
s Build &
Test
Configure
& Release
Packaging

WHAT SHOULD YOU ASK YOU BUILD/RELEASE TEAM?
12Black Duck Customer Conference
• Does the build contain only approved open source
components?
• How secure is the build? Does it have any known
security vulnerabilities?
• Can we add diligence and remain agile?
• Where are you deploying the production builds?

13Black Duck Customer Conference
JENKINS DEMO (7-10 MINS)

OBTAIN COMPREHENSIVE RESULTS INCLUDING DEPENDENCIES FROM BUILD
TOOLS LIKE MAVEN/GRADLE
14Black Duck Customer Conference

MANAGE CORRESPONDING ISSUES USING JIRA
15Black Duck Customer Conference

MANAGING THE ENTIRE POST BUILD AUTOMATION ACROSS CI PLATFORMS
16Black Duck Customer Conference

MANAGING THE ENTIRE POST BUILD AUTOMATION ACROSS CI PLATFORMS
17Black Duck Customer Conference

MANAGING THE ENTIRE POST BUILD AUTOMATION ACROSS CI PLATFORMS
18Black Duck Customer Conference

CONTINUOUS BUILD & INTEGRATION IS THE PLACE TO PLUG IN AUTOMATED
CHECKS (2017)
19Black Duck Customer Conference
Continuou
s Build &
Test
Configure
& Release
Packaging
1 5
4
3
2

COMPLIANT AND SECURE BUILDS VIA JENKINS: CHECK
20Black Duck Customer Conference
ALERT
New Vulnerabilities
Affecting You
IDENTIFTY
License
Compliance
Risks

21Black Duck Customer Conference
THANK YOU

Contenu connexe

Tendances

Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa

Nexus FrontierTech

Devops

Sun Technlogies

Java Source Code Analysis using SonarQube

Angelin R

Git for jenkins faster and better

Mark Waite

DevSecOps in Baby Steps

Priyanka Aash

Automation testing & Unit testing

Kapil Rajpurohit

SonarQube - Should I Stay or Should I Go ?

Geeks Anonymes

DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way

smalltown

The story of SonarQube told to a DevOps Engineer

Manu Pk

Continuous Inspection of Code Quality: SonarQube

Emre Dündar

Terraform

Otto Jongerius

SonarQube Presentation.pptx

Satwik Bhupathi Raju

Terraform in deployment pipeline

Anton Babenko

SonarQube

Gnanaseelan Jeb

"How to Get Started with DevSecOps," presented by CYBRIC VP of Engineering Andrei Bezdedeanu at IT/Dev Connections 2018. Collaboration between development and security teams is key to DevSecOps transformation and involves both cultural and technological shifts. The challenges associated with adoption can be addressed by empowering developers with the appropriate security tools and processes, automation and orchestration. This presentation outlines enabling this transformation and the resulting benefits, including the delivery of more secure applications, lower cost of managing your security posture and full visibility into application and enterprise risks. www.cybric.io

How to Get Started with DevSecOps

CYBRIC

DevSecOps - The big picture

DevSecOpsSg

Keynote at Scale By The Bay 2020. Cloud service developers need to handle massive scale workloads from thousands of customers with no downtime or regressions. In this talk, I’ll present our experience building a very large-scale cloud service at Databricks, which provides a data and ML platform service used by many of the largest enterprises in the world. Databricks manages millions of cloud VMs that process exabytes of data per day for interactive, streaming and batch production applications. This means that our control plane has to handle a wide range of workload patterns and cloud issues such as outages. We will describe how we built our control plane for Databricks using Scala services and open source infrastructure such as Kubernetes, Envoy, and Prometheus, and various design patterns and engineering processes that we learned along the way. In addition, I’ll describe how we have adapted data analytics systems themselves to improve reliability and manageability in the cloud, such as creating an ACID storage system that is as reliable as the underlying cloud object store (Delta Lake) and adding autoscaling and auto-shutdown features for Apache Spark.

Scaling Databricks to Run Data and ML Workloads on Millions of VMs

Matei Zaharia

Managing code quality with SonarQube

Radu Vunvulea

https://www.gremlin.com/webinars/ce-on-azure/ Join us for a walkthrough on how to get started with Chaos Engineering on Azure. Learn the fundamentals of Chaos Engineering and how to build more reliable applications on Azure. In this live session, we’ll show you how to get started running experiments on Azure’s managed Kubernetes (AKS) and how to implement continuous Chaos Engineering using Azure Pipelines. Then be sure to stay until the end for live Q&A. AGENDA - Learn the history, principles and practice of Chaos Engineering - How to get started with Chaos Engineering on Azure - Run chaos experiments to simulate common real-world failures on AKS - How to implement Chaos Engineering Experiments on Azure Pipelines

Introduction to Chaos Engineering with Microsoft Azure

Ana Medina

SonarQube: Continuous Code Inspection

Michael Jesse

Tendances (20)

Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa

Devops

Java Source Code Analysis using SonarQube

Git for jenkins faster and better

DevSecOps in Baby Steps

Automation testing & Unit testing

SonarQube - Should I Stay or Should I Go ?

DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way

The story of SonarQube told to a DevOps Engineer

Continuous Inspection of Code Quality: SonarQube

Terraform

SonarQube Presentation.pptx

Terraform in deployment pipeline

SonarQube

How to Get Started with DevSecOps

DevSecOps - The big picture

Scaling Databricks to Run Data and ML Workloads on Millions of VMs

Managing code quality with SonarQube

Introduction to Chaos Engineering with Microsoft Azure

SonarQube: Continuous Code Inspection

Similaire à Integrating Black Duck into your Agile DevOps Environment

More and more companies worldwide are excited about DevOps and the many potential benefits of embarking on a DevOps transformation. The challenge many of them are having, however, is figuring out where to begin and how to scale DevOps practices over time. These challenges can be especially daunting in large enterprises. In this webinar we will discuss a maturity model for framing your transformation, then focus on analyzing your deployment pipeline and identify existing inefficiencies in software development and deployment.

Starting and Scaling Devops

Jules Pierre-Louis

Starting and Scaling DevOps

Jules Pierre-Louis

IP-led test automation framework supported by blueprint for product development in Devops environment can ensure automation in the true sense. DevOps is fast becoming adopted as the environment for product development. It facilitates closer integration of development and operations teams, reducing the time needed to develop and deploy a product. However, it is still in its early stages and the teams continue to work in silos due to the different kinds of tools they need suited to their needs. An IP-driven testing framework like iSAFE can be the bulwark on which the development, testing and operations teams can integrate more seamlessly, as it provides one key feature needed when handling such a comprehensive environment – traceability. The other advantages, of course, are reusability, automated alerts and shorter testing periods, thus aiding in the quick time-to-market needs of the organizations.

ROLE OF iSAFE/iMobi IN SEAMLESS INTEGRATION OF THE DEVOPS ENVIRONMENT

Indium Software

From Continuous Integration to Continuous Delivery and DevOps

Luca Minudel

DevOps and Cloud are transforming the software release process, one which spans multiple teams across development and operations (including testing, infrastructure management), into a collaborative process, with all teams working together to deliver solutions into production faster. This session details how to implement a continuous delivery process for Oracle SOA/BPM projects, both on-premise and in the cloud, which transform the release process into an automated, reliable, high quality delivery pipeline that that deliver projects faster, with less risk and less cost. It details the processes and best practices that need to be established, how to use tools to automate and govern the build, deployment and configuration of code from our first initial environment through to production. 1. Learn how DevOps and Continuous Delivery can stream-line the delivery of integration / bpm projects into production. 2. Learn how DevOps plus the Cloud service can accelerate the implementation of on-premise Oracle SOA . 3. Learn best practice for implementing DevOps or Continuous Delivery for Oracle SOA projects on-cloud and on-premise. 4. How to use tools to automate and govern the build, deployment and configuration of code from dev through to production 5. How to leverage the Cloud for Dev and Test, and the benefits this provides.

AMIS 25: DevOps Best Practice for Oracle SOA and BPM

Matt Wright

TMF2014 CI-CD Workshop Michael Palotas

KJR

Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...

Simon Storm

Harman deepak v - agile on steriod - dev ops led transformation

Xebia India

Agile & DevOps - It's all about project success

Adam Stephensen

XebiaLabs & codecentric Webinar: Deploy Higher Quality Applications Faster (G...

XebiaLabs

Dev ops culture and practices

AnkaraCloud

Things To Unlearn In Software Development

Alexey Krivitsky

DevOps methodologies have become extremely popular to enable agile application development and delivery. In this webinar, Anner Kushnir, AlgoSec’s VP of Technology will describe how the innovative 'Connectivity as Code' approach can be implemented to overcome these challenges, and seamlessly weave network security into the existing CI/CD pipeline in order to fully automate the application delivery process end-to-end.

2018 07-24 network security at the speed of dev ops - webinar

AlgoSec

Software Testing - Online Guide

bigspire

Modernize Development with Agile Engineering Practices

CollabNet

Leading the Transformation

XebiaLabs

Continuous Delivery: why ? where to start ? how to scale ?

Jean-Philippe Briend

Presentation given at OSCON 2015 Open Cloud Day on 7/21/2015 For open source projects such as OpenStack, being able to effectively build, release, and deploy upstream code into a production environment is as much art as science. Using the experience gained from more than three years in OpenStack operations, we will share best practices and tools to create a sustainable and repeatable release engineering process for your own open source development needs. http://www.oscon.com/open-source-2015/public/schedule/detail/44790

Release Engineering Downstream of an OpenStack Project

Rainya Mosher

Starting the DevOps Train

Cisco DevNet

Agile has made it possible to deliver a lot product lines and service lines almost like instant coffee , tea and instant everything. It has created a lot of diverse needs especially the need to keep pace with Dev and Operations and everything is expected to continuous along the pipeline without breaking anything along the way. This would mean features , security , builds , releases and the whole nine yards that go with putting your app or product out there. We shall look at DEVSECOPS along with why everything else associated with this initiative that needs to be continuous . Without this mindset agile shall be a term that shall not have much of relevance let alone deliver a product or feature in the best quality and time frame.

Agile Relevance in the age of Continuous Everything ....

Eturnti Consulting Pvt Ltd

Similaire à Integrating Black Duck into your Agile DevOps Environment (20)

Starting and Scaling Devops

Starting and Scaling DevOps

ROLE OF iSAFE/iMobi IN SEAMLESS INTEGRATION OF THE DEVOPS ENVIRONMENT

From Continuous Integration to Continuous Delivery and DevOps

AMIS 25: DevOps Best Practice for Oracle SOA and BPM

TMF2014 CI-CD Workshop Michael Palotas

Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...

Harman deepak v - agile on steriod - dev ops led transformation

Agile & DevOps - It's all about project success

XebiaLabs & codecentric Webinar: Deploy Higher Quality Applications Faster (G...

Dev ops culture and practices

Things To Unlearn In Software Development

2018 07-24 network security at the speed of dev ops - webinar

Software Testing - Online Guide

Modernize Development with Agile Engineering Practices

Leading the Transformation

Continuous Delivery: why ? where to start ? how to scale ?

Release Engineering Downstream of an OpenStack Project

Starting the DevOps Train

Agile Relevance in the age of Continuous Everything ....

Plus de Black Duck by Synopsys

Anthony Decicco, shareholder, GTC Law Group presented at FLIGHT West 2018. His session description included: A buyer and investor focused discussion of key open source software-related issues and deal points. Understanding the key legal and technical risks, as well as strategies for mitigating them, will help you to focus due diligence, speed and smooth negotiations and get better deal terms, increasing overall value and avoiding post-transaction surprises. For more information, please visit us at www.blackducksoftware.com

Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...

Black Duck by Synopsys

Basma Shahadat, Lead Research Engineer presented at Black Duck Flight West 2018. Security checking in the early stages of the SDLC is critical. This session will demonstrate how Proofpoint is taking proactive steps to reduce risk by integrating Black Duck into Proofpoint’s continuous integration pipeline to detect open source vulnerabilities during the product build. For more information, please visit us at https://www.blackducksoftware.com/

FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...

Black Duck by Synopsys

FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub

Black Duck by Synopsys

FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...

Black Duck by Synopsys

FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...

Black Duck by Synopsys

Open-Source- Sicherheits- und Risikoanalyse 2018

Black Duck by Synopsys

At Flight Amsterdam, Fenna Douwenga, Associate, Bird & Bird provided practical tips on open source licenses, intellectual property rights, and trade secrets. During the presentation Fenna reviewed, everlasting conflict between patents, copyright and open source and how it can be overcome. Additionally, the new European Trade Secrets Directive was discussed and how some of the requirements therein may for instance conflict with the GNU General Public license. Furthermore, a quick outline of the influence of Brexit on licenses closed under UK law was given and how potential problems can be prevented.

FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...

Black Duck by Synopsys

FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide

Black Duck by Synopsys

Flight Amsterdam presentation by Anthony Decicco, Shareholder, GTC Law Group Open source software is increasingly centric to transactions, whether licensing, mergers, acquisitions, financing, insurance, offerings or loans, and the deal landscape is changing with the prevalence of representation and warranty insurance, heightened focus on security vulnerabilities and increasing litigation. As such, it is important to understand and re-visit key open source software-related issues and deal points to accelerate your deal, avoid unnecessary due diligence and realize the most value from your open source software-related compliance efforts.

FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal

Black Duck by Synopsys

FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...

Black Duck by Synopsys

FLIGHT Amsterdam Presentation - From Protex to Hub

Black Duck by Synopsys

The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, subscribe today! Now on to this week’s open source security and cybersecurity news.

Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...

Black Duck by Synopsys

Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...

Black Duck by Synopsys

Open Source Rookies and Community

Black Duck by Synopsys

We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year. Open Source Insight is your weekly news resource for open source security and cybersecurity news!

Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...

Black Duck by Synopsys

It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans. Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.

Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...

Black Duck by Synopsys

Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software security program while Black Duck Technology Evangelist, Tim Mackey, takes a look at building application security into the heart of DevOps. Plus, a report that may give you nightmares on the malicious possibilities of AI. All the cybersecurity and open source security news fit to print lies ahead for your reading pleasure…

Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...

Black Duck by Synopsys

This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber-attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions. Read on for all the open source security and cybersecurity news you need to know this week.

Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...

Black Duck by Synopsys

Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk. Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.

Open Source Insight: Happy Birthday Open Source and Application Security for ...

Black Duck by Synopsys

This week in Open Source Insight we examine blockchain security and the cryptocurrency boom. Plus, take an in depth look at open source software in tech contracts with a legal expert from Tech Contracts Academy, Adobe Flash Player continues to be a security concern, the Open Source Initiative turns 20, and step by step instructions for migrating to Docker on Black Duck Hub. Cybersecurity and security breach news also dominates this week, as Synopsys examines security breaches in 2017 and how they were preventable.

Open Source Insight: Security Breaches and Cryptocurrency Dominating News

Black Duck by Synopsys

Plus de Black Duck by Synopsys (20)

Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...

FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...

FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub

FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...

FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...

Open-Source- Sicherheits- und Risikoanalyse 2018

FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...

FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide

FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal

FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...

FLIGHT Amsterdam Presentation - From Protex to Hub

Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...

Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...

Open Source Rookies and Community

Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...

Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...

Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...

Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...

Open Source Insight: Happy Birthday Open Source and Application Security for ...

Open Source Insight: Security Breaches and Cryptocurrency Dominating News

Dernier

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

Microsoft's Threat Matrix for Kubernetes helps organizations understand the attack surface a Kubernetes deployment introduces to their environments. This ensures that adequate detections and mitigations are in place. By covering over 40 different attacker techniques, defenders can learn about Kubernetes-specific mitigations and controls to deploy to their environments. In this session, we will explore the MS-TA9013 Host Path Mount technique, which is commonly used by attackers to perform privilege escalation in a Kubernetes cluster. Attendees will learn how attackers and defenders can: * Escape the container's host volume mount to gain persistence on an underlying node * Move laterally from the underlying node into the customer's cloud environment * Analyze Kubernetes audit logs to detect pods deployed with a hostPath mount * Deploy an admission controller that prevents new pods from using a hostPath mount

Breaking the Kubernetes Kill Chain: Host Path Mount

Puma Security, LLC

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

Real Time Object Detection Using Open CV

Khem

A Call to Action for Generative AI in 2024

Results

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Histor y of HAM Radio presentation slide

vu2urc

Explore 'The Codex of Business: Writing Software for Real-World Solutions,' a compelling SlideShare presentation that delves into digital transformation in healthcare. Discover through a detailed case study how Agile methodologies empower healthcare providers to develop, iterate, and refine digital solutions that address real-world challenges. Learn how strategic planning, user feedback, and continuous improvement drive success in deploying technologies that enhance patient care and operational efficiency. Ideal for healthcare professionals, IT specialists, and digital transformation advocates seeking actionable insights and practical examples of technology making a real difference.

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Malak Abu Hammad

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

Dernier (20)

Data Cloud, More than a CDP by Matt Robison

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Breaking the Kubernetes Kill Chain: Host Path Mount

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Boost PC performance: How more available memory can improve productivity

🐬 The future of MySQL is Postgres 🐘

Tata AIG General Insurance Company - Insurer Innovation Award 2024

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Advantages of Hiring UIUX Design Service Providers for Your Business

Real Time Object Detection Using Open CV

A Call to Action for Generative AI in 2024

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Powerful Google developer tools for immediate impact! (2023-24 C)

Exploring the Future Potential of AI-Enabled Smartphone Processors

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Histor y of HAM Radio presentation slide

The Codex of Business Writing Software for Real-World Solutions 2.pptx

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Integrating Black Duck into your Agile DevOps Environment

1. Integrating Black Duck in your Agile DevOps Environment Utsav Sanghani Product Manager Black Duck Software

2. 2Black Duck Customer Conference Continuous Build & Test Code Assimilatio n Development Configure & Release Packaging CONVENTIONAL CHECKS HAPPEN VERY LATE IN THE SDLC

3. 3Black Duck Customer Conference Continuous Build & Test Code Assimilatio n Development Configure & Release Packaging CONVENTIONAL CHECKS HAPPEN VERY LATE IN THE SDLC

4. 4Black Duck Customer Conference Continuous Build & Test Code Assimilatio n Development Configure & Release Packaging CONVENTIONAL CHECKS HAPPEN VERY LATE IN THE SDLC; APPLICATIONS SHIP WITH VULNERABILITIES

5. 5Black Duck Customer Conference Continuous Build & Test Configure & Release Packaging THE PROCESS IS MANUAL & NON LINEAR WITH ADDED TIME IN QUEUE BEFORE RELEASE

6. How are Companies Managing Open Source Today? Not Well.HOW ARE COMPANIES MANAGING OPEN SOURCE TODAY? NOT WELL. TRACKING VULNERABILITIES • No single responsible entity • Manual effort and labor intensive • Unmanageable (11/day) • Match applications, versions, components, vulnerabilities SPREADSHEET INVENTORY • Depends on developer best effort or memory • Difficult maintenance • Not source of truth MANUAL TABULATION • Architectural Review Board • Occurs at end of SDLC • High effort and low accuracy • No controls VULNERABILITY DETECTION Run monthly/quarterly vulnerability assessment tools (e.g., Nessus, Nexpose) against all applications to identify exploitable instances

7. IT IS IMMENSELY ADVANTAGEOUS TO MOVE LEFT 7Black Duck Customer Conference 1. REDUCED COSTS Avoid human overhead costs

8. IT IS IMMENSELY ADVANTAGEOUS TO MOVE LEFT 8Black Duck Customer Conference 1. REDUCED COSTS Avoid human overhead costs 2. REDUCED TIME TO MARKET In process automation checks over post processing

9. IT IS IMMENSELY ADVANTAGEOUS TO MOVE LEFT 9Black Duck Customer Conference 1. REDUCED COSTS Avoid human overhead costs 2. REDUCED TIME TO MARKET In process automation checks over post processing 3. REDUCED RISK Move checks to the left to facilitate higher remediation time with lower impact Dev Ops

10. 10Black Duck Customer Conference Continuous Build & Test Code Assimilatio n Development Configure & Release Packaging FEEDBACK A FEEDBACK LINK BETWEEN CI & DEVELOPMENT IS NEEDED TO SHIP COMPLIANT AND SECURE PRODUCTS

11. BLACK DUCK PROVIDES FEEDBACK: CI/BUILD IS THE PLACE TO PLUG IN AUTOMATED CHECKS (CURRENTLY) 11Black Duck Customer Conference Continuou s Build & Test Configure & Release Packaging

12. WHAT SHOULD YOU ASK YOU BUILD/RELEASE TEAM? 12Black Duck Customer Conference • Does the build contain only approved open source components? • How secure is the build? Does it have any known security vulnerabilities? • Can we add diligence and remain agile? • Where are you deploying the production builds?

13. 13Black Duck Customer Conference JENKINS DEMO (7-10 MINS)

14. OBTAIN COMPREHENSIVE RESULTS INCLUDING DEPENDENCIES FROM BUILD TOOLS LIKE MAVEN/GRADLE 14Black Duck Customer Conference

15. MANAGE CORRESPONDING ISSUES USING JIRA 15Black Duck Customer Conference

16. MANAGING THE ENTIRE POST BUILD AUTOMATION ACROSS CI PLATFORMS 16Black Duck Customer Conference

17. MANAGING THE ENTIRE POST BUILD AUTOMATION ACROSS CI PLATFORMS 17Black Duck Customer Conference

18. MANAGING THE ENTIRE POST BUILD AUTOMATION ACROSS CI PLATFORMS 18Black Duck Customer Conference

19. CONTINUOUS BUILD & INTEGRATION IS THE PLACE TO PLUG IN AUTOMATED CHECKS (2017) 19Black Duck Customer Conference Continuou s Build & Test Configure & Release Packaging 1 5 4 3 2

20. COMPLIANT AND SECURE BUILDS VIA JENKINS: CHECK 20Black Duck Customer Conference ALERT New Vulnerabilities Affecting You IDENTIFTY License Compliance Risks

21. 21Black Duck Customer Conference THANK YOU

Integrating Black Duck into your Agile DevOps Environment

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Integrating Black Duck into your Agile DevOps Environment

Similaire à Integrating Black Duck into your Agile DevOps Environment (20)

Plus de Black Duck by Synopsys

Plus de Black Duck by Synopsys (20)

Dernier

Dernier (20)

Integrating Black Duck into your Agile DevOps Environment