Copy
Lots of news coming out of the virtual Red Hat Summit this week. View in browser »
The New Stack Update

ISSUE 215: More Value-Add for OpenShift

Talk Talk Talk

“The developer community is waiting for databases to evolve to a point where they can work in perfect harmony with a serverless stack.”

___
Brecht de Rooms, developer advocate at Fauna.
Add It Up
Are security tools properly integrated within your team's development pipeline?
Integrating security tools within development pipelines continues to be challenging. Less than 60% of companies with mature DevOps practices have correctly integrated the average security tool, according to the 2020 DevSecOps Community Survey. The actual figures drop dramatically from there; companies that haven’t embraced the DevOps mantra of cross-team communication are often twice as likely to not have security tools properly integrated.

Please participate in our four-question survey:

 
What's Happening

What is remote first? In normal times, it’s an organization that is built in such a way that anyone can work from outside the office if necessary.

“Whether or not you want to allow your employees to go remote, you should have the processes in place to be able to, just in case, because you see transportation problems loom all over the world, weather problems all over the world, sick children at home. There were all kinds of reasons why a business should be putting remote processes into place,” said Lisette Sutherland on this episode of The New Stack Makers podcast.

Building a Remote-First World the Right Way w/ Lisette Sutherland

More Value-Add for OpenShift

Lots of news coming out of the virtual Red Hat Summit this week. 

TriggerMesh, a cloud native integration platform provider built on Kubernetes, announced that it has received the official Red Hat OpenShift Operator Certification, bringing Amazon EventBridge-like functionality to the OpenShift ecosystem.

“TriggerMesh is effectively breaking the silo from the cloud to the enterprise,” said TriggerMesh co-founder and Head of Product Sebastien Goasguen, who will be a guest on The New Stack Context podcast this Friday. 

With this integration, the company’s cloud native integration platform allows for workloads on the Red Hat OpenShift ecosystem to be executed when events happen in the data center, or out on the cloud. This could allow legacy systems and the public cloud to interact seamlessly. 

Security company Snyk also brought some new value to Red Hat’s enterprise Kubernetes platform. Snyk has expanded its DevOps vulnerability scanning and fixing tooling to support both OpenShift as well as the company’s CodeReady toolset for developers. 

“The code and containers running on OpenShift can come from anywhere, especially when you pull in open source components and container base images from public registries,” Jim Armstrong, Snyk’s product marketing director for container security, told The New Stack. “Developers are ultimately tasked with fixing security issues in all these layers, so Snyk and Red Hat’s integration of developer-focused security fixes built-in to developer tools and the leading enterprise Kubernetes platform make it easy.”

Red Hat itself had some news as well, with the newly released OpenShift 4.4. Red Hat added OpenShift Serverless, a serverless offering based on Knative that was also introduced in preview last year. The feature allows developers to use any language or runtime to build their applications, as they are then packaged into standard containers and launched in normal Kubernetes pods across any hybrid infrastructure.

For more coverage of the Red Hat Summit, check back often to The New Stack

How Serverless Accelerates DevSecOps

Tim Zonca, CEO of Stackery, argues that serverless, in addition to speeding applications, can also boost security. With serverless, DevSecOps is a reality where engineers can architect with tightly-scoped roles, and develop with fine-grained permissions as part of the process, without losing speed. When considering security in a serverless world, it’s not just about a specific threat or vulnerability, but also about reducing the attack surface and minimizing risk early in the process.

Why COVID-19 Contact Tracing Requires a Distributed Database

As the COVID-19 global pandemic continues to work its way through the population, a discussion has arisen over the best tracking for the virus. One proposition floated for the United States anyway has been contact tracing, by use of everyone’s cell phones. This approach of tracking people’s movements worked well in East Asia. The idea is that if a user comes in contact with someone else who has the virus, they will be notified by the phone and can take appropriate precautions, such as staying at home and wearing a mask. So what would the database requirements be for building such a data collection system? Folks from DataStax, MongoDB and Zerobase weigh in.

Serverless Needs Standardization to be the Future of Application Infrastructure

Today, the serverless ecosystem is still fragmented, much like the early internet. Between AWS Lambda, Microsoft Azure Functions, Google Cloud Functions, and a myriad of other platforms, many serverless functions are proprietary, which makes migrating an application from one platform to another a challenge. The lack of portability and interoperability between platforms is hindering serverless adoption, as developers fear vendor lock-in. In the spirit of collaboration, the CNCF has brought serverless platform providers and third-party library developers together in the Serverless Working Group to advance standardization. The early output of the Serverless Working Group is CloudEvents, which moves to standardize event descriptions.

Party On

A group screenshot from the forthcoming Prisma Cloud by Palo Alto Networks Pancake & Podcast breakfast (top left clockwise): Alex Willams, founder & publisher of The New Stack; Carla Arend, senior program director of IDC; Cheryl Hung, director of ecosystem at CNCF; and John Morello, vice president of product, Prisma Cloud Compute at Palo Alto Networks. Stay tuned!

The New Stack Makers podcast is available on:
SoundCloudFireside.fm — Pocket CastsStitcher — Apple PodcastsOvercastSpotifyTuneIn

Technologists building and managing new stack architectures join us for short conversations at conferences out on the tech conference circuit. These are the people defining how applications are developed and managed at scale.

Answer 4 Questions on CI/CD Security

Monday, May 4, 2020 is the last day to participate in our four-question survey that will provide new insight into the relationship between developers, information security and other teams involved with the software development life cycle. Please provide your input by clicking on the following button.


 

Copyright © 2020 The New Stack, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp