⭐Welcome @sujit.unni for our next session's Q&A. Thank you https://doesvirtual.com/gitlab!

Good to be here .. great sessions so far

I like the idea of starting with low hanging fruit and the CI/CD pipeline and standardizing them

it is the most visible quick win standardizing directly translates in to less chatter in the lifecycle and things appear to be moving along quicker

I'm thankful for all the tools in Azure DevOps and Gitlab that have improved greatly in the last years and making it a lot easier!

what did the SonarQube reports look like when you first turned it on? I'm afraid to even try it (we'd be overwhelmed) with all the code we have from 10+ years

You can imagine initial redshift 🙂 But after revision of rules, quality profiles, false positives and grace period - we managed to reach Portfolios A level in less than a year. we have a lot of legacy and as with most tooling early though around focusing on whats relevant vs not so much helped

was there much dev feedback/resistance to turning it on or the other improvements you introduced?

we have a pretty solid measurement process heavily leveraging automation there is a daily automated report published calling out at the team level how the code being delivered adheres to the process our focus was to measure throughput front to back so dev teams have adopted heavily. the focus is not to measure productivity but throughput ..does our tolling allow us to release more features in to production, identify the bottlenecks and address them

📣Welcome @mlivermore and Rob King for our next session's Q&A. Thank you https://doesvirtual.com/rundeckbypagerduty!

@mlivermore and Rob, can you expand more on how rundeck is being used?

✨Welcome @nurmi and @pvn for our next session's Q&A. Thank you https://doesvirtual.com/anchore!

Hello and thank you so much for having us!

Hi everyone!

This is the end result: https://www.zdnet.com/article/codecov-breach-impacted-hundreds-of-customer-networks/

"on or around January 31, 2021, an unknown attacker was able to exploit an error in Codecov's Docker image creation process to tamper with the Codecov https://docs.codecov.io/docs/about-the-codecov-bash-uploader script.  This has led to the potential export of information stored in users' continuous integration (CI) environments.  Speaking on condition of anonymity to the news agency, one of the investigators said attackers used automation to collect credentials as well as "raid additional resources," which may have included data hosted on the networks of other software development program vendors, including IBM."

This is a long piece but it’s the most complete account of the SolarWinds attack that I’ve seen: https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack

very good brief summary of what a software bill of materials is and why they are important: https://advisory.kpmg.us/blog/2020/what-are-sboms.html

(this is a general overview and not specific to SBOMs for container images in particular)

The latest US Executive Order for Cybersecurity is going to require SBOMs for any software vendors selling to the US government.

⭐Welcome @c.trueman for our next session's Q&A. Thank you https://doesvirtual.com/tricentis!

Thanks for tuning in to Anchore’s session on keeping attackers out of the DevOps toolchain! To continue discussion with @nurmi and @pvn, visit #xpo-anchore-devsecops

Great to be here. Thank you for having me.

Thank you for presenting on the difficulties of SAP — I remember getting trained on it over 20 years ago. When Change Transport System was a thing. 🙂 @c.trueman

I think many orgs struggle with doing DevOps-y like things with SAP, Salesforce, Workday…. Was delighted that SAP is being covered, and there was a talk on DevOps for Salesforce yesterday!

Thank you for educating us on SAP, @c.trueman! I think so many technologists, myself included, are way undereducated on SAP, Workday, Salesforce, etc. It’s not even clear how to do things like version control in these critical enterprise applications. I think more people need to know about this so they can make more educated decisions. Thank you!!! cc @mollyc

Thank you again for letting me share a few thoughts on DevOps for packaged applications. Have a good rest of day one and all.

Here is the collection of all the reference links that were shared / discussed during the #DOES21 event. https://www.linkedin.com/pulse/devops-enterprise-summit-2021-reference-links-minus-books-pareek Enjoy Reading 🙂