This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
- # ask-the-speaker-more (4)
- # ask-the-speaker-plenary (1241)
- # ask-the-speaker-track-1 (195)
- # ask-the-speaker-track-2 (137)
- # ask-the-speaker-track-3 (225)
- # ask-the-speaker-track-4 (36)
- # birds-of-a-feather (2)
- # bof-arch-engineering-ops (1)
- # bof-covid-19-lessons (1)
- # bof-leadership-culture-learning (1)
- # bof-overcoming-old-wow (1)
- # bof-project-to-product (6)
- # burnout (1)
- # demos (9)
- # games (39)
- # gather (29)
- # happy-hour (25)
- # hiring (15)
- # lean-coffee (12)
- # psychological-safety (2)
- # summit-help (86)
- # summit-info (146)
- # summit-stories (3)
- # xpo-cloudbees (1)
- # xpo-copado (1)
- # xpo-epsagon (2)
- # xpo-gitlab-the-one-devops-platform (28)
- # xpo-hcl-software-devops (1)
- # xpo-ibm (11)
- # xpo-itrevolution (5)
- # xpo-launchdarkly (7)
- # xpo-mirantis-devops (3)
- # xpo-pagerduty (4)
- # xpo-redgatesoftware-compliant-database-devops (1)
- # xpo-snyk (4)
- # xpo-split (1)
- # xpo-synopsys-software-integrity (1)
- # xpo-tasktop (9)
- # xpo-tricentis (2)
⭐Welcome @sujit.unni for our next session's Q&A. Thank you https://doesvirtual.com/gitlab!
I like the idea of starting with low hanging fruit and the CI/CD pipeline and standardizing them
it is the most visible quick win standardizing directly translates in to less chatter in the lifecycle and things appear to be moving along quicker
I'm thankful for all the tools in Azure DevOps and Gitlab that have improved greatly in the last years and making it a lot easier!
what did the SonarQube reports look like when you first turned it on? I'm afraid to even try it (we'd be overwhelmed) with all the code we have from 10+ years
I'm not practicing it daily, more the people in my team, but AFAIK you define somehow your rules, and in such case, or if you know by advance some issues will pop on which you can't do much because of the legacy, I would start with a smaller set of rules, takkling them and progressing your way adding more (but again not a SonarQube black belt)
You can imagine initial redshift 🙂 But after revision of rules, quality profiles, false positives and grace period - we managed to reach Portfolios A level in less than a year. we have a lot of legacy and as with most tooling early though around focusing on whats relevant vs not so much helped
was there much dev feedback/resistance to turning it on or the other improvements you introduced?
we have a pretty solid measurement process heavily leveraging automation there is a daily automated report published calling out at the team level how the code being delivered adheres to the process our focus was to measure throughput front to back so dev teams have adopted heavily. the focus is not to measure productivity but throughput ..does our tolling allow us to release more features in to production, identify the bottlenecks and address them
📣Welcome @mlivermore and Rob King for our next session's Q&A. Thank you https://doesvirtual.com/rundeckbypagerduty!
@mlivermore and Rob, can you expand more on how rundeck is being used?
@mollyc @andrew.salt – Sorry! Matt hasn't been able to make it onto Slack – do you mind DMing me your email address so we can follow up with you?
✨Welcome @nurmi and @pvn for our next session's Q&A. Thank you https://doesvirtual.com/anchore!
This is the end result: https://www.zdnet.com/article/codecov-breach-impacted-hundreds-of-customer-networks/
"on or around January 31, 2021, an unknown attacker was able to exploit an error in Codecov's Docker image creation process to tamper with the Codecov https://docs.codecov.io/docs/about-the-codecov-bash-uploader script. This has led to the potential export of information stored in users' continuous integration (CI) environments. Speaking on condition of anonymity to the news agency, one of the investigators said attackers used automation to collect credentials as well as "raid additional resources," which may have included data hosted on the networks of other software development program vendors, including IBM."
This is a long piece but it’s the most complete account of the SolarWinds attack that I’ve seen: https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack
very good brief summary of what a software bill of materials is and why they are important: https://advisory.kpmg.us/blog/2020/what-are-sboms.html
(this is a general overview and not specific to SBOMs for container images in particular)
The latest US Executive Order for Cybersecurity is going to require SBOMs for any software vendors selling to the US government.
⭐Welcome @c.trueman for our next session's Q&A. Thank you https://doesvirtual.com/tricentis!
Thanks for tuning in to Anchore’s session on keeping attackers out of the DevOps toolchain! To continue discussion with @nurmi and @pvn, visit #xpo-anchore-devsecops
Thank you for presenting on the difficulties of SAP — I remember getting trained on it over 20 years ago. When Change Transport System was a thing. 🙂 @c.trueman
I think many orgs struggle with doing DevOps-y like things with SAP, Salesforce, Workday…. Was delighted that SAP is being covered, and there was a talk on DevOps for Salesforce yesterday!
Not long ago when I asked SAP users how frequently they changed production the answer was (and I'm exaggerating a bit) "Never is too often."
Oh, no. Really? I thought it was replaced by something else, a couple of days ago! But at least there is such a solid, opinionated, official way to migrate/deploy!
I meant, I thought CTS was deprecated a couple of DECADES of ago! 😆 😆 😆
Thank you for educating us on SAP, @c.trueman! I think so many technologists, myself included, are way undereducated on SAP, Workday, Salesforce, etc. It’s not even clear how to do things like version control in these critical enterprise applications. I think more people need to know about this so they can make more educated decisions. Thank you!!! cc @mollyc
Thank you again for letting me share a few thoughts on DevOps for packaged applications. Have a good rest of day one and all.
Here is the collection of all the reference links that were shared / discussed during the #DOES21 event. https://www.linkedin.com/pulse/devops-enterprise-summit-2021-reference-links-minus-books-pareek Enjoy Reading 🙂