spot_imgspot_imgspot_imgspot_img

Open Source

Marking sensitive data – here’s how

Companies that process information should classify their data assets to distinguish mission-critical data and publicly available data. Sensitive data requires better protection in terms of access control, storage, transfer, destruction, etc. This is true for organizations that primarily run in the cloud but also for the ones that operate...

Security tools: what business professionals want

In one of my previous articles, I outlined the considerations to select a tool for enterprise-grade businesses. Most often the tech guys come up with the functional requirements. But it's more than that. Business representatives as well as (senior) managers and personnel from legal and compliance departments have a...

Open source software in the cloud – from a closed door to an open world

Open-source software continues to be on the rise. Not only do consumers use very powerful applications in their daily lives, but companies as well. More and more organizations adopt open source solutions (in the cloud) to fulfill their business needs. The same is true for third-party dependencies and/or libraries...

Testing your IaC templates: methods and tools to remember

Forget the days of manual provisioning and manual maintenance of your Virtual Machines, network infrastructure, firewalls, and security groups. Your infrastructure is created based on IaC templates. Since application deployments depend on it, it's important to have a reliable target environment. Those IaC templates need to be tested to...

5 VScode plugins every DevOps engineer should know

Developers always want to use the tools they prefer. Popular IDEs such as Eclipse, IntelliJ and Visual Studio (enterprise) support a wide range of programming languages. The last couple of years, lightweight editors such as Atom, Sublime and Visual Studio Code became popular choices for developers. Especially for DevOps...

Code signing tips and tricks for organizations

Organizations constantly feel the pressure to deliver security software. Auditors can show up at unexpected moments. Traceability of software components is king to stay compliant. CI/CD and DevOps best practices help them a lot, as well as adding security early on in the processes. The integrity of source code...

Cloud Native Authorization with Styra Open Policy Agent

Styra is the company behind the open source Open Policy Agent (see openpolicyagent.org for more info). It enables policies and authorization across your IT ecosphere. Policies A policy is a set of rules. It is connected to a specific application. It answers questions such as "what users may access specific functionality...

Gitlab 14 – what’s new and improved

In today's DevOps-dominated world, robust CI/CD pipelines are critical for every stage in your Software Delivery pipeline. The right tools for your developer teams are essential to make this happen. A lot of companies use Gitlab to streamline their DevOps operations. About a year ago, I highlighted the most...

SAST tool selection – tips to pick the right one for you

Every organization which treads security as a top priority needs a Static Application Security Testing (SAST) tool. Run this tool against every software application before you push out new versions to production. It's very important to use a tool that matches your budget and situation. Besides this, the tool...

Secure coding practices enhances application security

Organizations adopt continuous security at a rapid pace. It quickly becomes a topic of every day for mature DevOps team. Security topics include (cloud) infrastructure components and applications as well as the tech stacks which it all possible. Compared to a couple of years ago, managers don't need to...