Businesses are working to increase agility, deliver innovative and engaging experiences to clients, and stay ahead of competition. Increasingly, companies are modernizing business applications to make these business goals a reality. Modernizing applications is generally composed of three transformations: cloud-native architecture, continuous delivery and infrastructure automation. These typically occur concurrently, but do have distinct characteristics. For example, the cloud-native architecture journey transforms organizations from monolithic applications to containerized microservices applications in which lightweight data collectors help enable success. Continuous delivery is also critical to business transformation success. Teams may be responding to industry pressure to keep up with competitors, often cloud-native companies, who are pushing updates out faster.
Users of the popular open-source DevOps automation software StackStorm are advised to update to the recently released 2.10.3 and 2.9.3 versions, which address a critical vulnerability (CVE-2019-9580) in the platform that could allow remote attackers to perform arbitrary commands on targeted servers. StackStorm, an event-driven DevOps automation tool, enables developers to set up scheduled tasks as well as construct specific actions and workflows for large-scale servers. For StackStorm to do all these tasks on behalf of remote servers handled by its agent, it requires high-privilege access to systems — something an attacker can exploit. The vulnerability was found by application security researcher Barak Tawily. According to his blog, the flaw lies in the manner in which StackStorm’s REST API deals with cross-origin resource sharing (CORS) headers. The Access-Control-Allow-Origin header pinpoints which domains can access a site’s resources.
Choose Your Own DevOps’ with Electric Cloud’s Application Release Orchestration Platform, ElectricFlow
February 12, 2019 — Electric Cloud (https://electric-cloud.com/), the leader in Adaptive Release Orchestration and Continuous Delivery, today announced its ElectricFlow Winter 2019 Release. The platform now provides persona-based UI enhancements, new pipeline and release automation options, and new service catalog updates to streamline workflow and simplify onboarding to help companies start fast and adapt quickly.
For more information about ElectricFlow and to download the free Community Edition, please visit: (https://electric-cloud.com/products/electricflow).
Data-driven DevOps makes it faster and easier to accelerate new business opportunities:
- Efficient self-service resources for improved infrastructure utilization and flexibility
- Faster development cycles with advanced data services — spend more time developing and less time managing services
- Let developers take charge of infrastructure requirements, while operations still maintain operational visibility
Platform to Enable Distributed Agile and DevOps transformation with quality, speed and at scale
Releases the Open Source Community version on GitHub enabling rapid co-creation
Infosys (NYSE: INFY), a global leader in consulting, technology and next-generation services, today announced it has unveiled the Infosys DevOps Platform, an enterprise class integrated Open Source DevOps platform, that helps organizations accelerate their Agile and DevOps transformation journey.
Infosys DevOps Platform enables enterprises to: