jenkins

Auto Added by WPeMatico

Cycode raises $20M to secure DevOps pipelines

Israeli security startup Cycode, which specializes in helping enterprises secure their DevOps pipelines and prevent code tampering, today announced that it has raised a $20 million Series A funding round led by Insight Partners. Seed investor YL Ventures also participated in this round, which brings the total funding in the company to $24.6 million.

Cycode’s focus was squarely on securing source code in its early days, but thanks to the advent of infrastructure as code (IaC), policies as code and similar processes, it has expanded its scope. In this context, it’s worth noting that Cycode’s tools are language and use case agnostic. To its tools, code is code.

“This ‘everything as code’ notion creates an opportunity because the code repositories, they become a single source of truth of what the operation should look like and how everything should function, Cycode CTO and co-founder Ronen Slavin told me. “So if we look at that and we understand it — the next phase is to verify this is indeed what’s happening, and then whenever something deviates from it, it’s probably something that you should look at and investigate.”

Cycode Dashboard

Cycode Dashboard. Image Credits: Cycode

The company’s service already provides the tools for managing code governance, leak detection, secret detection and access management. Recently it added its features for securing code that defines a business’ infrastructure; looking ahead, the team plans to add features like drift detection, integrity monitoring and alert prioritization.

“Cycode is here to protect the entire CI/CD pipeline — the development infrastructure — from end to end, from code to cloud,” Cycode CEO and co-founder Lior Levy told me.

“If we look at the landscape today, we can say that existing solutions in the market are kind of siloed, just like the DevOps stages used to be,” Levy explained. “They don’t really see the bigger picture, they don’t look at the pipeline from a holistic perspective. Essentially, this is causing them to generate thousands of alerts, which amplifies the problem even further, because not only don’t you get a holistic view, but also the noise level that comes from those thousands of alerts causes a lot of valuable time to get wasted on chasing down some irrelevant issues.”

What Cycode wants to do then is to break down these silos and integrate the relevant data from across a company’s CI/CD infrastructure, starting with the source code itself, which ideally allows the company to anticipate issues early on in the software life cycle. To do so, Cycode can pull in data from services like GitHub, GitLab, Bitbucket and Jenkins (among others) and scan it for security issues. Later this year, the company plans to integrate data from third-party security tools like Snyk and Checkmarx as well.

“The problem of protecting CI/CD tools like GitHub, Jenkins and AWS is a gap for virtually every enterprise,” said Jon Rosenbaum, principal at Insight Partners, who will join Cycode’s board of directors. “Cycode secures CI/CD pipelines in an elegant, developer-centric manner. This positions the company to be a leader within the new breed of application security companies — those that are rapidly expanding the market with solutions which secure every release without sacrificing velocity.”

The company plans to use the new funding to accelerate its R&D efforts, and expand its sales and marketing teams. Levy and Slavin expect that the company will grow to about 65 employees this year, spread between the development team in Israel and its sales and marketing operations in the U.S.

Powered by WPeMatico

Mirantis makes configuring on-premises clouds easier

Mirantis, the company you may still remember as one of the biggest players in the early days of OpenStack, launched an interesting new hosted SaaS service today that makes it easier for enterprises to build and deploy their on-premises clouds. The new Mirantis Model Designer, which is available for free, lets operators easily customize their clouds — starting with OpenStack clouds next month and Kubernetes clusters in the coming months — and build the configurations to deploy them.

Typically, doing so involves writing lots of YAML files by hand, something that’s error-prone and few developers love. Yet that’s exactly what’s at the core of the infrastructure-as-code model. Model Designer, on the other hand, takes what Mirantis learned from its highly popular Fuel installer for OpenStack and takes it a step further. The Model Designer, which Mirantis co-founder and CMO Boris Renski demoed for me ahead of today’s announcement, presents users with a GUI interface that walks them through the configuration steps. What’s smart here is that every step has a difficulty level (modeled after Doom’s levels, ranging from “I’m too young to die” to “ultraviolence” — though it’s missing Dooms “nightmare” setting), which you can choose based on how much you want to customize the setting.

Model Designer is an opinionated tool, but it does give users quite a bit of freedom, too. Once the configuration step is done, Mirantis actually takes the settings and runs them through its Jenkins automation server to validate the configuration. As Renski pointed out, that step can’t take into account all of the idiosyncrasies of every platform, but it can ensure that the files are correct. After this, the tool provides the user with the configuration files, and actually deploying the OpenStack cloud is then simply a matter of taking the files, together with the core binaries that Mirantis makes available for download, to the on-premises cloud and executing a command-line script. Ideally, that’s all there is to the process. At this point, Mirantis’ DriveTrain tools take over and provision the cloud. For upgrades, users simply have to repeat the process.

Mirantis’ monetization strategy is to offer support, which ranges from basic support to fully managing a customer’s cloud. Model Designer is yet another way for the company to make more users aware of itself and then offer them support as they start using more of the company’s tools.

Powered by WPeMatico

OpenStack spins out its Zuul open source CI/CD platform

There are few open-source projects as complex as OpenStack, which essentially provides large companies with all the tools to run the equivalent of the core AWS services in their own data centers. To build OpenStack’s various systems the team also had to develop some of its own DevOps tools, and, in 2012, that meant developing Zuul, an open-source continuous integration and delivery (CI/CD) platform. Now, with the release of Zuul v3, the team decided to decouple Zuul from OpenStack and run it as an independent project. It’s not quite leaving the OpenStack ecosystem, though, as it will still be hosted by the OpenStack Foundation.

Now all of that may seem a bit complicated, but at this point, the OpenStack Foundation is simply the home of OpenStack and other related infrastructure projects. The first one of those was obviously OpenStack itself, followed by the Kata Containers project late last year. Zuul is simply the third of these projects.

The general concept behind Zuul is to provide developers with a system for automatically merging, building and testing new changes to a project. It’s extensible and supports a number of different development platforms, including GitHub and the Gerrit code review and project management tool.

Current contributors include BMW, GitHub, GoDaddy, Huawei, Red Hat and SUSE. “The wide adoption of CI/CD in our software projects is the foundation to deliver high-quality software in time by automating every integral part of the development cycle from simple commit checks to full release processes,” said BMW software engineer Tobias Henkel. “Our CI/CD development team at BMW is proud to be part of the Zuul community and will continue to be active contributors of the Zuul OSS project.”

The spin-off of Zuul comes at an interesting time in the CI/CD community, which is currently spoiled for choice. Spinnaker, Google and Netflix are betting on an open source CD platform that solves some of the same problems as Zuul, for example, while Jenkins and similar projects continue to go strong, too. The Zuul project notes that its focus is more strongly on multi-repo gating, which makes it ideal handling very large and complex projects. A number of representatives of all of these open-source projects are meeting at the OpenDev conference in Vancouver, Canada that’s running in parallel with the semi-annual OpenStack Summit there, and my guess is that we’ll hear quite a bit more about all of these projects in the coming days and weeks.

Powered by WPeMatico