Ranger4 DevOps Blog

The Importance of Having an Open Source Policy

Posted by Helen Beal on Wed, Apr 18, 2018 @ 14:04 PM

Our wonderful friends at Sonatype just released the results of their annual DevSecOps survey. For the full results you can download the report. I wrote this article for an ebook where it's collated with a number of other articles from other practitioners - you can download the ebook here.

In 2017, 57% of all participants in the DevSecOps Community survey confirmed that, yes, they did have an open source policy. In 2018 this has risen to 64% - but 35% say they ignore it.

Breaking that down further: in 2018, 58% of those with no DevOps practices and 77% of those with mature DevOps practices reported having an open source policy. 46% of the former and 24% of the latter reported ignoring it. Effectively, that’s then just 12% of organisations with no DevOps practices actually using an open source policy, while 53% with mature practices are following internal regulations. Having, and using, an open source policy is then an indicator of mature DevOps practices.

Read More

Topics: DevSecOps Engineer, Sonatype

DevSecOps - is it a Good Thing?

Posted by Gedi Kalinauskas on Wed, Oct 11, 2017 @ 11:10 AM

Yesterday, we had a webcast on 'DevSecOps - is it a Good Thing?' - you can watch the recording here but here's a summary of what we covered:

What is DevSecOps?

Since DevOps originated from the recognition that developers had started to do things like Agile development - the operations teams were getting left behind so, we started with the concept of Agile System Administration & the recognition that we have created silos in the way that we had traditionally organised enterprise IT into a development team. Generally, in software development, security has been looked at as an afterthought - something reflected by security experts. 

Read More

Topics: DevSecOps, DevOps, DevSecOps Engineer, DevOps Foundation Course, AllDayDevOps

Ignorance is Dangerous Bliss

Posted by Helen Beal on Mon, Sep 11, 2017 @ 13:09 PM

Our partner, Sonatype, recently released their latest annual State of the Software Supply Chain report and in it provided new evidence that DevOps practices deliver measurable improvements. It also kickstarted another conversation between us.

One of the things we offer organisations is a free scan of their software to identify a bill of materials (of the open source components within an application) and a summary of the security vulnerabilities and licence risks that exist therein. Applications these days are decreasingly coded and increasingly composed from open source components available in online artifact repositories. It's not difficult to understand why developers would take this approach, as Sonatype's Derek Weeks says:

Read More

Topics: DevSecOps, DevSecOps Engineer