JFrog and GitHub partner for DevSecOps

We're thrilled to share a highlight from InfoWorld on the importance of CI/CD pipelines in devsecops. Aislinn Shea Wright, VP of Product Management at EDB explains: "Underutilized capabilities include predictive analytics for identifying potential deployment failures and AI with quality code review to identify bugs, security vulnerabilities, and data governance issues. These tools can greatly enhance the agility and efficiency of devops processes, yet they require a higher level of technological maturity and integration effort, which may contribute to their slower adoption rates." For more insights on enhancing CI/CD pipelines and driving business success, read the full feature from Isaac Sacolick in InfoWorld: https://bit.ly/3Vqi3Cy #EDBPostgres #JustSolveItWithPostgres #tech #AI #innovation #database #PostgreSQL

GitLab’s Field CTO Predicts: When DevSecOps Meets AI https://lnkd.in/gfTxqiYr Brian Wald What’s in store for us in 2025 — and beyond? Brian Wald, GitLab‘s field CTO and global head, predicts we’re heading toward a future where security and operational responsibilities are handled by centralized platforms. That’s not surprising — since GitLab is in the business of selling a “comprehensive AI-powered DevSecOps platform.” But Wald sees this functionality bringing more than just faster deployments and quicker security fixes (while liberating developers to get back to their coding). With AI-powered vulnerability remediation, we could see technical debt being quickly and automatically identified. Humans would still vet the code and set guidelines for its correctness while also using AI to speed up testing, documentation and translations. And eventually generative AI could enable a large-scale migration to the cloud — even for small operational tools — in a future where Wald sees it “unlocking efficiencies and reducing security risks across the board.” But like all good prognosticators, Wald begins by reflecting on the problems in our present. ‘Unnecessary Burdens’ “Integrating Dev, Ops and Sec was necessary to reduce the siloed teams,” Wald explained in an email interview, “but doing so at the application-development level has introduced significant complexity. The ‘shift left’ movement correctly identified the need for earlier involvement in critical processes. But it also placed an unnecessary burden on engineers…” Wald wants to see developers free again to focus just on the “Dev” of DevSecOps — that is, on building their applications. As Wald sees it, developers are now “overextended”, burdened with “invisible tasks that consume significant time” that thanklessly “remain unseen by the broader organization.” (Whether it’s fast-changing requirements or orchestrating — and maintaining — tools and processes…) Wald cites “industry research, including insights from the GitLab DevSecOps study,” which found developers now spend less than 25% of their time on coding. “When we looked deeper, we discovered that much of the other time was spent managing/troubleshooting CI jobs, testing and handoffs between teams for security/deployment.” What if instead there was a platform team creating standards for common CI jobs (like build, test, security and deployment) so that all that’s left for developers is some very light configuration. For developers, this means “optimized paths for most of their workloads” (along with the flexibility to define exceptions). But there’s quantifiable benefits beyond that, Wald says, that have been proven by industry research. “Organizations that have implemented baseline CI jobs across about 20% of their projects report substantial increases in deployment frequency,” while “standardizing workflows and CI jobs across the organization amplifies these gains.” Two concrete examples: If a security vulnerability...

Last Saturday, it was a wonderful experience attending DevToolDays organised by Collabnix - Docker, Kubernetes and IoT at the Nokia office. The event started by Manuel de la Peña 🪨 giving a talk on Testing GenAI apps in Go language.This talk covered topics such as GenAI in today's software, The M/L + AI + Data Landscape which can be super frustrating to navigate, Development with LLM's, GenAI tooling with Go, demonstrations on Langchaingo, an open-source project led by Travis Cline, Ollama, Testcontainers Go, Testing approach to GenAI with demonstrations & LLM evaluators. Ajeet Singh Raina and Rebant Malhotra gave a talk on how Docker fuels developer productivity. They covered topics such as Inner-Loop Development Workflow, Layered Approach to Security, Docker Build Cloud, a good demonstration of Docker being applied across the SDLC Lifecycle, the various development tools & features present, Air-gapped containers & Shifting left with Testcontainers. Sangam Biradar and Balasundaram gave a talk on Introduction to Confidential Containers which was a new concept for me. They covered topics such as Cloud Secure Data Lifecycle, Main techniques for trusted remote computation which includes Homomorphic Encryption, Secure Multi-party computation & Trusted execution environment, What confidential computing is?, A case study to understand the same, the pillars of confidential computing, the Azure confidential computing portfolio, Confidential containers, ContainerD landscape, Open Container Initiative, Nydus & kubedaily. Alagu Prakalya P gave a talk on Designing an Agentic System with GraphRAG. She covered topics such as Neo4j, CypherQL, LLM's, RAG, GraphRAG, Agentic System, Langchain, Langsmith, LLMOps, LLM powered autonomous agents, Lovable and gave a demonstration on agentic systems built with GraphRAG. Rashi Chaubal gave a talk on Dev-Test Simplified. Her talk covered topics such as Traditional Dev-Test Setup challenges and introduced the audience to vCluster. She also gave a demonstration on the same as well. Maja Chapus gave us an overview of the Docker Resources available which can be used to start utilising and building with Docker. Arun kumar G.'s talk on Security By Design was one of the best presentations I have seen so far. He was able to beautifully present his topic given the time constraints he was under. His talk covered topics such as the importance of security by design, modern security challenges, DevSecOps evolution, AI across the SDLC, GitLab Duo & DevSecOps enhanced by AI. Raveendiran RR did a good job of pumping up the audience before starting his talk on Generative AI 102. His talk covered topics such as Generative AI capabilities, When to use AI, Diagram-as-code, hosting Generative AI locally, Open Web UI & N8N. Overall, it was an interesting event and I got to learn & network a lot.

JFrog and GitHub have formed a partnership through which they will work together to integrate their respective DevOps platforms, including integrations with GitHub Copilot, the gen AI framework that is based on large language models developed by OpenAI. Find out more about the new partnership: https://lnkd.in/eJeHtDZA #DevOps #JFrog #GitHub #AI #GenAI #OpenAI #AIFramework #IT #AIOps

DevOps Embraces Observability Across Stacks for LLM Era https://lnkd.in/gfTxqiYr NEW YORK — The leviathan-esque impact of AI, security concerns and the continued challenges associated with the shift to cloud native represent major disruptions for DevOps. All of this will lead to a change in the coming months or years if not months. While platform engineering looks to offer promising ways to deal with the associated explosion in infrastructure and data to manage, and applications to manage, the underlying way to deal with these challenges will involve proper observability and support for OpenTelemetry. This is one of the key takeaways of DASH 2024, Datadog‘s annual users conference here recently. The theme could be associated with any user or any conference as the community is looking for ways to deal with this explosion of data and applications to manage and observe, nobody knows exactly what the impact of AI will be for software development and deployment, CI/CD, and DevOps and IT in general. However, the argument can be made that as the dust settles in the future, it will be up to proper observability processes, tools, and practices to analyze and make proper decisions about the best way to utilize LLMs for application development and other AI-assisted processes. “We hear from a number of you that your LLM-powered applications are moving to production. And once in production, it is crucial that they’re monitored like any other load-bearing machine,” Alexis Lê-Quôc, Datadog CTO and co-founder, said during the DASH keynote. “But what’s different in their case is the kind of data that’s essential to understand health, performance and safety.” @datadoghq says you can get everything from Datadog monitoring and observability through @opentelemetry (Datadog is among the top-10 contributors), Engineering director Gordon Radlein said today during the #DASH user’s conference keynote today. pic.twitter.com/nCvNJpLSBt — BC Gain (@bcamerongain) June 26, 2024 And in order to standardize instrumentation for logs, traces, and metrics for not just large language models (LLMs) but across the stack and environment of any organization, OpenTelemetry — one of the more dynamic open source projects — will become that much more critical. “OpenTelemetry is revolutionizing observability by providing a standards-based foundation for us to build on, unlocking innovation across the industry,” Gordon Radlein, engineering director at Datadog, said during his keynote. “It’s a tide that lifts all boats.” To help Datadog users and those considering adopting the platform — OpenTelemetry helps to make it easier to mix and match with existing solutions — Datadog unveiled a barrage of new products and features at DASH. This was a culmination of over a year of feedback from 187,000 customer meetings; resulting in about half a million releases to production, covering more than 400 new products and new features, Olivier Pomel, Datadog co-founder and CEO said...

⚠️ Spoiler alert! GitOps is broken. Relying on the old approach of managing changes to software in the VCS becomes obsolete the minute you introduce more complexity at scale—and AI is only upping the ante. Ditch unnecessary toil by expanding the way you think about change in the world of software. Teams that are able to move fast and deliver value despite increasing complexity see CI/CD as mission-critical, not some bolted-on feature that checks the box with 100 other capabilities. Learn more about how we challenge the status quo by supporting teams with best-in-class CI/CD that keeps them ahead of the competition.

2 Open Source AI Tools That Reduce DevOps Friction... AI as Code (AIaC) and K8sGPT are toil-reducing command-line tools that automate tasks like generating IaC code and troubleshooting Kubernetes.

JFrog today revealed it has acquired Qwak to add a machine learning operations platform to its existing portfolio of DevOps tools and platforms. JFrog CTO Yoav Landman said it’s now only a matter of time before MLOps and DevOps processes converge Read more here: https://lnkd.in/eCSvbVm8 #AI #CTO #JFrog #Qwak #DevOps #Developers #IT #Tech #MLOps

With a series of updates this week, Harness claims unique support for database #DevOps as well as pipeline generation and UI #testautomation using #AIagents. Includes interviews with #Harness customer Jignesh P., Harness co-founder and CEO Jyoti Bansal and Andrew Cornwall of Forrester. #databasedevops #clouddevelopmentenvironment #genAI #AI #AIagents #agenticAI #CICD #DevOpspipeline #QA #UItesting #codeassistant #virtualassistant #generativeAI #LLMs #GoogleGemini #OpenAI #StarCoder #appdevelopment #softwaredevelopment via TechTarget News

Check out my blogs 👨💻. In this post I research about ArgoCD Image Updater which helps us as DevOps / SRE to automate the image renewal rather than to take your hands dirtier by change the tags on your Kubernetes ☸ Image. Feel free to give your comments and share if you think this was informative 😃