Showing only posts tagged DevOps & SRE. Show all posts.

Highlights from the 10th DORA report

Source

The DORA research program has been investigating the capabilities, practices, and measures of high-performing technology-driven teams and organizations for more than a decade. It has published reports based on data collected from annual surveys of professionals working in technical roles, including software developers, managers, and senior executives. Today, we …

Deliver and secure your internet-facing application in less than an hour using Dev(Sec)Ops Toolkit

Source

We are excited to announce the preview of the Dev(Sec)Ops toolkit for global front-end internet-facing applications, which can help you launch new apps on Google Cloud in less than an hour. This toolkit is part of the recently announced Cross-Cloud Network solution to help customers scale and …

Deliver and secure your internet-facing application in less than an hour using Dev(Sec)Ops Toolkit

Source

We are excited to announce the preview of the Dev(Sec)Ops toolkit for global front-end internet-facing applications, which can help you launch new apps on Google Cloud in less than an hour. This toolkit is part of the recently announced Cross-Cloud Network solution to help customers scale and …

Introducing Advanced Vulnerability Insights for GKE

Source

Detecting vulnerabilities in open-source software requires a holistic approach, and security best practices recommend scanning early and often throughout your development lifecycle to help maintain an effective security posture. However, only scanning in the CI/CD pipeline or registry can miss artifacts and containers that are deployed to production …

Manage infrastructure with Workload Identity Federation and Terraform Cloud

Source

Introduction Terraform Cloud (TFC) can help manage infrastructure as code (IaC) development for large enterprises. As the number of Google Cloud projects grows, managing access controls for Terraform Cloud projects and workspaces can become complex. Don't worry, we have a solution that is designed to be more secure than …

Configuring Workload Identity Federation for GitHub actions and Terraform Cloud

Source

Join us as we build on the concept and use cases of Workload Identity Federation, showcasing the security benefits of "keyless authentication.” We will dive into how Workload Identity Federation can be used in the context of CI/CD pipelines and tools that are commonly found in enterprise environments …

Take control of your supply chain with Artifact Registry remote and virtual repositories

Source

Dev : "I need that library's functionality for the new feature!" Sec : "I can't approve it if I don't know that it's safe to deploy!" Dev : "And when will we know?" Sec : "My queue is 11 weeks long...." The most contentious conversations between security and development teams often involve the …

Realize policy-as-code with Pulumi through CrossGuard on Google Cloud

Source

When it comes to creating and deploying cloud infrastructure on Google Cloud, more organizations are using CrossGuard from Pulumi. This policy-as-code offering lets you set guardrails to enforce compliance for resources, so you can provision your own infrastructure while sticking to best practices and baseline your organization’s security …

Introducing Software Delivery Shield for end-to-end software supply chain security

Source

Organizations and their software delivery pipelines are continually exposed to growing cyberattack vectors. Coupled with the massive adoption of open source software, which now helps power nearly all of our public infrastructure and is highly prevalent in most proprietary software, businesses around the world are more vulnerable than ever …

Announcing public availability of Google Cloud Certificate Manager

Source

Today we are pleased to announce that Cloud Certificate Manager is now in general availability. Cloud Certificate Manager enables our users to acquire, manage, and deploy public Transport Layer Security (TLS) certificates at scale for use with your Google Cloud workloads. TLS certificates are required to secure browser connections …

Enterprise DevOps Guidebook - Chapter 1

Source

The Google Cloud DORA team has been hard at work releasing our yearly Accelerate State of DevOps report. This research provides an independent view into the practices and capabilities that organizations, irrespective of their size, industry, and region, can employ to drive better performance. Year over year, the State …

Take the 2022 Accelerate State of DevOps Survey

Source

The State of DevOps report by Google Cloud and the DORA research team is the largest and longest running research of its kind with inputs from over 32,000 professionals worldwide. It provides an independent view into the practices and capabilities that organizations, irrespective of their size, industry, and …

Automate Public Certificates Lifecycle Management via RFC 8555 (ACME)

Source

We’re excited to announce an enhancement of our preview of Certificate Manager which allows Google Cloud customers to acquire public certificates for their workloads that terminate TLS directly or for their cross-cloud and on-premise workloads. This is accomplished via the Automatic Certificate Management Environment ( ACME ) protocol which is …

Introducing Certificate Manager to simplify SaaS scale TLS and certificate management

Source

We’re excited to announce the public preview of Certificate Manager and its integration with External HTTPS Load Balancing. Certificate Manager enables you to use External HTTPS Load Balancing with as many certificates or domains as you need. You can bring your own TLS certificates and keys if you …

Securing the software development lifecycle with Cloud Build and SLSA

Source

One of the biggest challenges for software developers is the need to make informed choices about the external software and products they use in their own software systems. Evaluating whether a given system is appropriately secured can be challenging, especially if it’s external or owned by a third …

A blueprint for secure infrastructure on Google Cloud

Source

When it comes to infrastructure security, every stakeholder has the same goal: maintain the confidentiality and integrity of their company’s data and systems. Period. Developing and operating in the Cloud provides the opportunity to achieve these goals by being more secure and having greater visibility and governance over …