Devops Chat

WhiteSource has become a force in the security of open source components in your applications. One would think that it would follow that securing these open source components inside of a container would flow from this. But with containers, all is not always as it seems. Containers require a approach that is unique to containers. So the folks at White Source went to the lab and have engineered a solution that is container native and container specific. In this DevOps chat we speak with VP of Product David Habusha about White Source for Containers.

Simon Crosby has made a career of technology on the edge. From leading the charge with the Xen hypervisor to microVMs with Bromium and much more in between, Crosby has led some of the most innovative technology developers in the industry. He is now the CTO of SWIM.ai which is literally brining computing to the edge (almost an anti-cloud. This approach promises some revolutionary capabilities. If Simon is involved there is a good chance it will succeed as well. Have a listen to what Simon is all about now and check our more at https://www.swim.ai/

F5 Networks has acquired NGINX the leading open source web server player. The move clearly puts F5 in the DevOps space, as well as the open source market. In this DevOps Chat we speak with Lori MacVittie of F5 along with Sidney Rabsatt of NGINX. Some great insights into why this acquisition makes sense for both parties.

Yesterday saw the announcement of the CD Foundation, a new foundation under the auspices of the Linux Foundation. It will provide the home base for a vendor-neutral Continuous Delivery Foundation (CDF) committed to making it easier to build and reuse DevOps pipelines across multiple continuous integration/continuous delivery (CI/CD) platforms. The first projects to be hosted under the auspices of CDF includes Jenkins, the open source CI/CD system, and Jenkins X, an open source CI/CD solution on Kubernetes. Both were developed by CloudBees. Netflix and Google, meanwhile, are contributing Spinnaker, an open source multi-cloud CD solution, and Google is also adding Tekton, an open source project and specification for creating CI/CD components. Founding members of the CDF include Alauda, Alibaba, Anchore, Armory, Autodesk, Capital One, CircleCI, CloudBees, DeployHub, GitLab, Google, Huawei, JFrog, Netflix, Puppet, Red Hat, SAP and Snyk. In this chat we speak with KK, founder of Jenkins and CTO of Cloudbees and Tr

There are really only two repositories of any scale for software components today. The Nexus repo managed by Sonatype and the Artifactory artifact repo managed by JFrog. Up until now they were separate and apart, working with one was independent of another. In a big move towards keeping DevOps open, the Sonatype people have released a plugin that will allow their Nexus Firewall to work with Artifactory as well as Nexus. This means that users of both repos can now use the Nexus firewall to make sure that components or artifacts they download are in compliance with the policies they have set up. They can make sure there are no known vulnerabilities to the version you are downloading to use. This is really a big deal and kudos to Sonatype. In this DevOps Chat we speak with Wayne Jackson, CEO of Sonatype and Brian Fox, CTO and co-founder of Sonatype about what this means for the DevOps community.

I have known of Jeff Williams in the security industry for more than several years. He is a well respected thought leader in AppSec and OWASP. I finally got a chance to catch up with Jeff and talk with him about Contrast Security the company he co-founded and how it is helping.

In this DevOps Chat we speak with Cyara CEO and co-founder, Alok Kulkarni about how DevOps is helping in the customer experience arena. Cyara has carved out a leadership role in bringing DevOps to CX. Alok is a delight to speak with and very wired into this space.

The big news in DevOps today was the acquisition of Shippable by JFrog. This adds a CI/CD solution to the JFrog Enterprise + platform and further expands JFrog's end to end DevOps offering beyond Artifactory and more. In this DevOps chat we speak with Shippable CEO Avi Cavale, JFrog CEO Shlomi Ben Haim and JFrog VP of marketing , Ayally Goldschmidt about what was behind this acquisition and what are the plans going forward.

Agile has a bit of a longer history and subsequent maturity than DevOps. Despite this, how can organization now that it is in fact an "agile organization". What does that even mean? Our guest on this DevOps Chat is Jeff Dalton, founder of Broadsword consulting, author of Great Big Agile and founder of AgileCXO. Jeff shares with us his latest venture which is building AgileCXO into a worldwide movement to certify that organizations are in fact practicing Agile with best practices. Have a listen

Michael Stahnke has been with Puppet longer than just about everyone currently with the company. In his position as director of engineering he has had a front row seat as the DevOps market emerged and matures. In this DevOps Chat we speak with Michael about his own personal journey, what he is seeing in the market and the most recent State of DevOps report from Puppet.

Anshu Agarwal has a tremendous record of working in startups that had successful exits. Now for the first time, along with her co-founders, she is actually founding the startup herself. Nimbella is a serverless platform that is cloud agnostic and makes developing and deploying applications easy. Whether in a public cloud, private data center or both, Nimbella can help. In this chat we speak with Anshu about her own personal journey and where Nimbella is and what the plans are for going forward

Christopher O'Malley is one of the leading voices in the DevOps for Mainframe community. He is relentless in advocating how the mainframe platform can not just exist, but thrive in todays agile/DevOps environments. His evangelism not only keeps his company Compuware front and center in the mainframe DevOps discussion, but really lifts the entire market. In this chat we catch up with Chris to talk about the latest release of Topaz, what are the latest trends in the mainframe market and what we can expect in the near short term. Chris is always a great interview with lots to say and this interview is right on point.

In this DevOps Chat we speak with Manish Gupta, CEO co-founder of ShiftLeft. ShiftLeft is one of the up and coming DevSecOps companies. As evidence of such, they were recently chosen as one of the 10 finalists for this years #RSAC innovation Sandbox award. I have known Manish for many years in the security industry and it does not surprise me that he is once again at the top of a company that is setting the mark in the industry. As DevSecOps continues to mature we are seeing solutions that help at different points of the software pipeline. Some solutions are shifting far left and helping developers at the point of development and committing code. Other solutions are squarely aimed at the old Ops team. Almost a DevSec and a SecOps bifurcation. I am not sure that this is a great thing, I would like to see a more holistic solution, but I do believe the market will correct this. ShiftLeft could be one of those companies who is on top at the end of the day.

They say if you live long enough . . . Few things give me greater pleasure than seeing my friends well earned success. Rich Mogull and Mike Rothman (along with Adrian Lane, Jody Brazil & Brandy Peterson) have been chasing a dream for more than a few years now. How to make the SecOps persons life easier, while bringing security into the age of DevOps, automation, agile, CI/CD, etc. Say hello to DisruptOps (http://www.disruptops.com). I first interviewed Mike about DisruptOps a few months ago. The company was just emerging from stealth. While they are still in preview, they were one of hundreds of companies that threw their hat into the ring for the prestigious RSAC Innovation Sandbox. Very proud to report that they were one of 10 finalists selected for this years program. If history is any guide, the fact they made the final cut is a good indicator of success to come. And well it should frankly. This founding team are some of the most dynamic, talented and smartest people I know in the business. I had

The RSA Conference is just a month away. Once again RSAC promises to be the place where the world gathers around security. With upwards of 50,000 people attending, it is big by anyone's standard. If you haven't already registered, here is a code for $100 dollars off a full conference pass (all sessions), 1U9DEVOPSFD or get a free expo pass, 1U9DEVOPSXP DevSecOps will be center stage this year, literally. Shannon Lietz, the found of DevSecOps.org will be keynoting as well as leading a week long track on DevSecOps. Appearing with Shannon, is another leader of the DevSecOps community, James Wickett. James is the founder of the Rugged DevOps movement and a key member of the Signal Science team. Both James and Shannon are our guests in this DevOps Chat. Part 1 of this chat where with just Shannon is also available. In addition to the DevSecOps track all week, there is also the 5th annual DevOps Connect: DevSecOps Days on Monday, March 4th at Moscone, as part of RSAC. www.devopsconnect.com/event/devops-c…ays

The RSA Conference is just a month away. Once again RSAC promises to be the place where the world gathers around security. With upwards of 50,000 people attending, it is big by anyone's standard. If you haven't already registered, here is a code for $100 dollars off a full conference pass (all sessions), 1U9DEVOPSFD a free expo pass, 1U9DEVOPSXP DevSecOps will be center stage this year, literally. Shannon Lietz, the found of DevSecOps.org will be keynoting as well as leading a week long track on DevSecOps. Shannon is our guest in this DevOps Chat. Part 2 of this chat where we are joined by Rugged DevOps founder, James Wickett will follow this chat next. In addition to the DevSecOps track, there is also the 5th annual DevOps Connect: DevSecOps Days on Monday, March 4th at Moscone, as part of RSAC. https://www.devopsconnect.com/event/devops-connect-devsecops-days-rsac-2019/ https://www.devsecopsdays.com/2019-devsecopsdays-sanfrancisco

Tyler Shields is someone who has made the leap from technical security expert to business leader. At Veracode, CA and now Sonatype, Tyler is someone who can clearly enunciate the path forward for business leaders on what they should be doing in regard to DevSecOps, open source security and minimally viable security. Tyler gets it and you can learn a lot from him. Have a listen and enjoy

What exactly is a chief scientist? Eric Sheridan at WhiteHat tells us. More than that, Eric gives us what he calls the "the security addendum to the 12 factor App." I guess to understand this, you need to understand something about the 12 factor app process. Here is the website to learn: https://12factor.net/ Eric lays out a well reasoned approach to appsec and some good research findings from WhiteHat. Have a listen

In this DevOps Chat we speak with nClouds CEO JT Giri about the challenges SMBs face when moving to the cloud. As an AWS premier partner, nClouds specializes in helping these companies achieve a successful cloud migration. So why should SMBs migrate to the cloud? What are their challenges? How can they succeed? JT shares with us his insight, honed from helping dozens and dozens of SMBs do this successfully.

In this DevOps chat we speak with our old friend Tim Woods, VP of technology alliances at Firemon. Firemon's mission has moved beyond the management of the firewall to managing your security. Recent acquisitions have enabled them to offer comprehensive security management across the entire hybrid environment. Tim and I discuss the current state of technology and what large enterprises are looking for their hybrid environments. Great conversation!