Flux7 Blog

Welcome to cybersecurity awareness month which has kicked off in a highly unusual manner.  Eighteen companies in the industry have joined forces in an effort to improve cross-product interoperability through an initiative called the Open Cybersecurity Alliance (OCA). Launched by the open standards group OASIS, OCA brings together the likes of IBM Security, McAfee, CrowdStrike, CyberArk, Fortinet, ThreatQuotient, and more to develop “protocols and standards which enable tools to work together and share information across vendors”.

DevOps News

• At Commit London, GitLab CEO Sid Sijbrandij announced that support for AWS EKS will be available later this year. Also announced at the conference was Meltano 1.0. What began as a skunkworks project many months ago is now a full release integrated workflow tool for modeling, extracting, loading, transforming, analyzing, notebooking, and orchestrating data.
  
  Other product roadmap announcements for GitLab include: 
  • Manage will soon add value stream management, allowing users to track efficiency metrics and receive recommendations. 
  • The Plan stage will add high and low release requirements related to code and test. 
  • Create, GitLab’s source code management and code review, will get an upgrade that includes an improved Web IDE and the ability to do live coding. 
  • Verify will receive load testing runs by default. 
  • Secure will get fuzzing as part of its built-in security testing. 
  • Release will get automatically staged rollbacks.
  • Last, GitLab users can be on the lookout for auto-remediation.
• Trend Micro and Snyk announced a strategic partnership this week. According to the two companies, the partnership will focus on solving open source vulnerability challenges with technology that provides a comprehensive ability to detect vulnerabilities for teams operating in DevOps environments. Once vulnerabilities in containers are identified, Trend Micro is the shield and Snyk is the fix that combines for streamlined remediation and risk mitigation.
• HashiCorp released the HashiCorp Terraform Plugin SDK, a standalone Go module for developing Terraform providers.
• TPG has finalized its acquisition of CollabNet, makers of Agile planning, DevOps, and Value Stream Management platform.

AWS News 

• AWS SAM has been updated with four new features: support for API Gateway Resource Policies that allows operators to whitelist or blacklist users; SQS subscription for SNS topic; a simpler way to add Cognito as an event source for Lambda functions to customize the Amazon Cognito user pool flows, and; support for adding the MaximumBatchingWindowInSeconds property for Kinesis and DynamoDB event sources.
• And while we’re on the topic of Amazon Cognito, AWS has increased the service’s support for CloudFormation this week, giving users the ability to automatically configure a hosted UI domain, customization for a hosted UI, an identity provider, the behavior of advanced security features and resource servers — all from within CloudFormation.
• Amazon EventBridge, a serverless event bus that delivers a stream of real-time data from event sources, including third-party SaaS apps now supports AWS CloudFormation for creating and configuring EventBridge resources. The new support allows operators to set up routing rules to determine where to send data to build application architectures that react in real-time to data sources.
• AWS Chatbot can now send notifications from AWS Config — whether Config rule compliance or configuration item changes — to Slack and Amazon Chime chat rooms.
• AWS announced that its Firewall Manager, a tool for configuring and managing firewall rules across accounts and Amazon VPCs, now supports Amazon VPC security groups. Thus, simplifying the process of configuring security groups across multiple accounts.
• Amazon EKS Windows container support has hit GA. 

Flux7 News

• What is Low Code? What is No Code? Flux7 recently helped readers answer this question with a blog about the rise of citizen developers and how they are enabled through Low Code and No Code platforms. At Flux7, we use Low Code platforms to support our mission to experiment more, fail fast, and measure accurately. Read on to explore Low Code examples with us.
• ICYMI: Read the last article in our series on becoming an Agile Enterprise in which we explore our experience with training’s impact on growing both corporate agility and teammate satisfaction. Spoiler Alert: It does both!

Written by Flux7 Labs

Flux7 is the only Sherpa on the DevOps journey that assesses, designs, and teaches while implementing a holistic solution for its enterprise customers, thus giving its clients the skills needed to manage and expand on the technology moving forward. Not a reseller or an MSP, Flux7 recommendations are 100% focused on customer requirements and creating the most efficient infrastructure possible that automates operations, streamlines and enhances development, and supports specific business goals.