Balanced metrics: The key to success in DevSecOps transformation

When measuring the success of large-scale transformations—particularly in the technology space—it’s natural to look at hard metrics, such as cycle time, mean time to recovery (MTTR), and so on. In IT, for example, hard metrics are what we do all day long. But within any organization, change is ultimately personal. In my experience, relying exclusively on hard numbers often leads you to ignore the human side of transformation, and sometimes even action the wrong things.


Top DevSecOps Tools For 2022

DevSecOps combines the responsibilities of development, security and operations in order to make everyone accountable for security in line with the ongoing activities conducted by development and operations teams. DevSecOps tools serve to assist the user in minimising risk as part of the development process and also support security teams by allowing them to observe the security implications of code in production.


The Principles of DevSecOps

As a Solution Architect here at xMatters, an Everbridge Company, and through my 30-year career in the IT industry, I’ve seen many frameworks offering bold new ideas. CMMI, ITIL, Prince 2, Agile, Scrum, and most recently, DevOps. These frameworks come and go, offering huge improvements in the way we deliver and manage our IT capabilities, but never lasting long enough to act on those promises.

vmware tanzu

DevOps Loop Recap: A Day Filled with Glorious Purpose

DevOps Loop at VMworld, a new community event launched this year, set out to examine DevOps and its core principles in the context of modern apps, multi-cloud, and Kubernetes. We pulled in all the experts—those folks on the ground living and breathing DevOps—to share their viewpoints. And the day was AWESOME. All the sessions are available to view (or view again) on demand. I’m always surprised by how much I miss on the first pass.


JFrog Xray + Splunk + SIEM: Towards Implementing a Complete DevSecOps Strategy

Making security an intrinsic part of a DevOps pipeline is a “must-have” for organizations looking to secure their applications earlier in the development process. The combination of JFrog Artifactory and JFrog Xray enables organizations to build security into all phases of their software development lifecycle, so they can proactively detect and mitigate open source software (OSS) security vulnerabilities and license compliance issues that impact their software.


Continuous vulnerability prevention

Is your application security improving, staying the same, or getting worse? How do you prevent changes from introducing new vulnerabilities? While there are many ways to scan for vulnerabilities, the resulting noise can be overwhelming, making it hard to see whether things are getting better or worse. Scanning continuously, addressing new critical vulnerabilities as they arise drives constant improvement in security posture — a "ratcheting up" of security over time.

DBAle 30: If it ain't DevSecOps...what is it?

With both hosts back on the beer to celebrate a momentous milestone, we talk Kiwis and Shoop (ba doop ba doop), sparking inspiration for a future episode. Chris and Chris break it down with DevSecOps. Fear not, there’s no rapping, just a lyrical breakdown of the place and role of security within DevOps. Something the organizations featured in our bumper News segment could do with learning about. So, grab yourself a beer and cheers to DBAle turning 30.

Using DevSecOps Flow to Operationalize Kubernetes

Interested in learning how to make Kubernetes more efficient for developers, security operators, and app operators using a DevSecOps workflow? VMware Tanzu is at the forefront of Kubernetes application lifecycle management, operationalizing DevSecOps and CI/CD workflows and application catalogs seamlessly into our development environment suite. Tanzu ensures your teams can spend less time configuring their applications for Kubernetes and more time on what really matters: building powerful apps that will delight customers, getting them to production quickly and securely, and managing them with ease.

It's Time to Get Hip to the SBOM

The DevOps, IT security and IT governance communities will remember 2021 as the year when the Software Bill of Materials , or SBOM, graduated from a “nice to have” to a “must have.” Around for years, the SBOM has now become a critical DevSecOps piece, which everyone must thoroughly understand and incorporate into their SDLC (Software Development Lifecycle).