Today, we are excited to announce the release of Gravity 7.0! Gravity is a tool for developers to package multiple Kubernetes applications into an easily distributable .tar file called a “cluster image”. A cluster image contains everything an application needs and it can be used for quickly creating Kubernetes clusters pre-loaded with applications from scratch or loading applications contained within an image into an existing Kubernetes cluster like OpenShift or GKE.
It has been slightly more than a month since Catalogic released KubeDR. Since then, we have been busy adding features and making improvements to the project inspired by all the feedback we’ve received from the community. We are very excited to share all the changes that went into KubeDR since its release on January 15. In the first release, we only supported a disaster recovery scenario restore by using a separate Python utility.
Teleport 4.2 introduced a new feature called Enhanced Session Recording that takes an unstructured SSH session and outputs a stream of structured events. It’s the next step in Teleport’s evolution that uses new technology (eBPF or now simply known as BPF) to close some gaps in Teleport’s audit abilities. Below you can see an illustration of this feature and if you keep reading, we’ll get into some of the technical details.
We now live in an era where the security of all layers of the software stack is immensely important, and simply open sourcing a code base is not enough to ensure that security vulnerabilities surface and are addressed. At Gravitational, we see it as a necessity to engage a third party that specializes in acting as an adversary, and provide an independent analysis of our sources.
In this blog post, we are going to cover how to perform container image scanning for CircleCI using Sysdig Secure. Image scanning allows DevOps teams to detect and resolve issues, like known vulnerabilities and incorrect configurations, directly in their CI/CD pipelines. Using Sysdig Secure, you can enforce image policies to block vulnerabilities before they reach production environments and fix them faster while the developer still has the context.
I am not an engineer. I’m a director of human resources. I don’t work in a technical space, but the concept of open source is fascinating to me as it applies to organizational culture. A company like Gravitational that has intentionally chosen open source as a foundation for our work makes not only a technical decision, but a cultural one. We’re finding that employees and candidates care deeply and appreciate our choice. Open source is a big deal for us.
Simply put, DevOps is a software methodology that includes security automation. Software engineering teams often equate DevOps and automation as synonymous. Most security experts believe that automation is the most quantifiable benefits for organizations. In this article, we will explore how DevOps security automation helps in achieving better software security.
We’ve been busy this New Year (a rather warm one in San Francisco) to bring you exciting new ways to secure your DevOps journey. Read on for the details and see how you can put them to use!
