Checkmarx debuts new Keeping Infrastructure as Code Secure solution

In an effort to better secure cloud-native apps, software security company Checkmarx has launched a new open-source static analysis solution. The new Keeping Infrastructure as Code Secure (KICS) solution enables developers to write secure infrastructure as code (IaC) by automatically detecting issues from the start.

According to the company, as organizations move to the cloud they are utilizing IaC to provision infrastructure faster and provide scalability. However, developers are struggling to manage IaC’s security, compliance and configuration risks.

KICS aims to address this by automatically detecting issues, hard-coded keys, passwords, compliance issues, and misconfigurations.

The modern risks of open-source code
Developers take a larger role in security

“As development processes evolve and organizations accelerate their cloud adoption, developers are taking on more security responsibility while also delivering software faster than ever before. This is an impossible balance to strike by solely relying on manual, time-consuming code reviews,” said Maty Siman, CTO and founder of Checkmarx. “KICS was built with this in mind, enabling development teams to automatically identify IaC issues when fixing is quickest, cheapest, and easiest. As the newest addition to the Checkmarx product portfolio, developers now have a single destination for securing all components that make up today’s complex applications.”

The solution offers a large library of queries which are fully customizable. As an open-source project, the scanning engine and queries are open to a community of DevOps experts. And the solution provides seamless integration with CI/CD pipelines including GitHub Actions and GitLab CI. In addition, it supports Terraform, Kubernetes, Docker, AWS CloudFormation, and Ansible.

“Checkmarx is a strong advocate of open source projects, and creating KICS in this manner gives the community the opportunity to steer its direction and foster innovation across the industry. We’re excited to watch this passionate community embrace and contribute to KICS as it becomes an essential addition to every developer’s cloud-native security toolkit,” said Siman.

The post Checkmarx debuts new Keeping Infrastructure as Code Secure solution appeared first on SD Times.

Read more:


SD Times news digest: Sauce Labs’ new shift-left capabilities, Nintex Workflow Cloud launched, CircleCI privacy enhancements

Sauce Labs announced new shift-left capabilities such as new end-to-end visual testing as well as Sauce Testrunner, which supports a host of developer-preferred test frameworks such as Cypress, Playwright, and TestCafe. 

“Successful testing in the DevOps era is about giving developers the optionality and flexibility to work within the frameworks with which they’re most comfortable, and about giving them the ability to harness and understand the different test signals proliferating throughout the dev cycle,” said Matt Wyman, chief product officer at Sauce Labs.

The end-to-end testing also enables users to compare both screenshots and DOM snapshots to visual changes, automatically pull in the initial baseline and accept updates, and integrate seamlessly into CI/CD processes. 

Nintex Workflow Cloud launched
The company’s workflow automation cloud platform includes advanced data technology, added functionality and pre-built connectors to automate and optimize enterprise-grade workflows faster. 

Pre-built dashboards and widgets provide immediate insights into workflows and automated processes with easy-to-use data visualization and the new functionality such as Repeating Sections, Draft Forms Save and Continue, and Multiple Approvers. 

“We are committed to delivering process management, automation and optimization technology that improves how people work and provides competitive advantages for every organization that standardizes on Nintex,” said Neal Gottsacker, chief of product at Nintex. “By seamlessly integrating Nintex Workflow Cloud with Nintex Analytics, our customers and partners benefit from a robust data infrastructure that reports on workflows across an organization’s entire Nintex deployment.”

CircleCI privacy enhancements 
CircleCI announced private orbs which help developers automate repeated processes with reusable packages of YAML configurations to help with use-cases such as vulnerability scanning and test coverage of applications.

Developers also now have the ability to create private orbs to allow teams to share configurations within their organization. 

CircleCI also helps users ensure their pipelines are secure via added product security features including environment variables, multiple contexts, and admin controls.

RediSearch 2.0 released
RediSearch 2.0 enables customers to build modern applications with interactive search experiences.

Users can automatically index and then query their Redis datasets without changing their application. 

With the latest release, users can also scale RediSearch easily and can be deployed in a globally distributed manner by leveraging Redis Enterprise’s Active-Active technology. 

“RediSearch now enables organizations to quickly build indexes which require low latency querying and full-text search. All of this is delivered with the familiar ease of scaling and speed of Redis,” said Pieter Cailliau, director of product management at Redis Labs.


The post SD Times news digest: Sauce Labs’ new shift-left capabilities, Nintex Workflow Cloud launched, CircleCI privacy enhancements appeared first on SD Times.

Read more:


SD Times news digest: Matillion raises $100 million for cloud data, Uno Platform 3.5, and Palo Alto Networks to acquire Bridgecrew

Matillion announced that it raised $100 million in Series D funding that it will help organizations innovate with data to unlock insights. 

Matillion offers a cloud-native platform that helps organizations transform raw data into analytics-ready data by providing low-code/no-code solutions.

“Matillion accelerates the value of today’s cloud data platforms, ensuring that data teams can work smarter and faster. We look forward to our next phase of growth, as we empower more enterprise customers with efficient, affordable and flexible solutions that turn data into their most strategic asset,” said Matthew Scullion, the CEO of Matillion. 

Uno Platform 3.5 released
Uno Platform 3.5 provides day-zero support for WinUI 3 Preview 4 as well as support for four new WinUI controls including Navigation View, Progress Ring, Pager and Expander. 

With the NavigationView control, users can now add hierarchical navigation and footer menu items and the ProgressRing source has added support for the Lottie animations-based version of the control. 

For WebAssembly specifically, the new implementation provides .NET 5 support as well as both software and hardware accelerated versions of the canvases through SKXamlCanvas and SKSwapChainPanel respectively, Uno explained in a blog post that contains additional details on the latest version. 

Palo Alto Networks to acquire DevOps security company Bridgecrew
The acquisition will advance “shift-left” security by allowing Palo Alto Networks’ Prisma Cloud to deliver security across the full application lifecycle. 

Bridgecrew offers an infrastructure as code (IaC) security platform that provides developers and DevOps teams a systematic way to enforce infrastructure security. 

Palo Alto Networks will acquire Bridgecrew for approximately $156 million in cash and is expected to close during Palo Alto Networks fiscal third quarter.

Linux 5.11 released
The latest Linux 5.11 release has a smaller-than-average set of commits from rc7 to finish, according to Linus Torvalds, the creator of the Linux kernel. 

He explained that there are several pull requests lined up and that the merge window is ready to start. 

The full list of commits is available here.

Apache weekly update
Last week at Apache saw the release of APISIX 2.3, the real-time cloud-native API gateway that offers load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more.

Other releases included PLC4X 0.8.0,  SkyWalking CLI 0.6.0, Tomcat 8.5.63, MyFaces Core 2.2.14. Also HttpComponents Core 5.1 reached BETA3.

Additional details on all of the new projects from Apache are available here. 

The post SD Times news digest: Matillion raises $100 million for cloud data, Uno Platform 3.5, and Palo Alto Networks to acquire Bridgecrew appeared first on SD Times.

Read more:


SD Times news digest: Dynatrace Software Intelligence Hub, npm 7 released, and Python accepts pattern matching PEP 634

Dynatrace’s new Software Intelligence Hub enables digital teams to extend automation and AI-assistance across more environments and use cases. 

“The new Software Intelligence Hub extends the value we get from the Dynatrace platform to even more technologies and data sources. This enables more teams across our organization to benefit from precise insights and automated workflows and frees critical time for our developers to bring new innovations to market faster and with higher quality,” said Chris Deane, a senior engineering manager of platform services at BT Consumer.  

This includes wide application and infrastructure coverage, extensions that broaden the automatic and intelligent observability of Dynatrace across additional cloud cases, and open APIs and an SDK.

npm 7 released
Npm 7 includes a new feature that automatically installs peer dependencies, whereas in previous versions, peer dependencies conflicts presented a warning that versions were not compatible, but would still install dependencies without an error. 

Other updates in the new version include an increased velocity and tempo to a weekly release cadence, reduced dependencies by almost half, and increased coverage by 17%.

Npm 7 also includes changes to the new lockfile format, which is backwards compatible with npm 6 users. 

Additional details on the new release are available here.

Python accepts pattern matching PEP 634
The Python Steering Council announced that it chose to accept PEP 634, and its companions PEP 635 and 636, for Pattern Matching. 

The developers behind Python aim to have high-quality documentation available on the first release for Python 3.10 and its absence should be considered a release blocker. 

At the same time, the Python Steering Council, PEP 640 and 642 were rejected since 642’s proposed syntax “does not seem like the right way to solve the jagged edges in PEP 634’s syntax,” the council wrote in a post.

Developer week winners
The 2021 DEVIES winners were announced at the developer trade show that spanned over 30 different DevTech categories. 

Winners included Red Hat Integration for API infrastructure, Kong for API services, SmartBear for app analytics and testing, and many more. 

The full list of winners is available here.

The post SD Times news digest: Dynatrace Software Intelligence Hub, npm 7 released, and Python accepts pattern matching PEP 634 appeared first on SD Times.

Read more:


Atlassian unveils cloud enterprise plan

Atlassian announced the general availability of Cloud Enterprise, a new cloud offering that features enterprise-grade scalability, security, and governance controls for Jira Software, Confluence, and Jira Service Management. 

Users can activate unlimited instances so that teams can tailor instances to their needs and they can also access Atlassian cloud products on any device.

“This means independent lines of business, regional teams, or acquired entities can maintain autonomy for their own product instances. Admins can also set up multiple instances to keep data pinned to different regions for compliance reasons, or customize instances with specific marketplace apps, project configurations, and more,” Bala Venkatrao, the head of product of Enterprise Cloud wrote in a blog post.

To enable collaboration across instances, Cloud Enterprise includes features such as smart links and app switcher for Jira and Confluence Cloud as well as licensing flexibility so that customers can pay once and assign users to unlimited instances. 

Atlassian boasted a 99.95 percent uptime SLA for Cloud Enterprise, which translates to about 21 minutes of downtime per month. and dedicated enterprise support.

For security and governance, Cloud Enterprise offers encryption in transit and at rest, certifications including SOC-2, ISO 27001, GDPR compliance, and more. It also offers data residency, which is the ability to pin data to a geographic realm. This feature is currently supported for the United States and the European Union, with plans to expand support to additional regions including Australia, Canada, the United Kingdom, and Japan. 

Admins can manage thousands of users spread across multiple products and instances within a centralized admin hub. In addition, they can automate user provisioning and deprovisioning through built-in integrations. 

“To offer a robust ecosystem for our customers in the cloud, Atlassian continues to collaborate with our Marketplace partners, adding to the ever-growing list of cloud apps and integrations, which has now grown to over a thousand. And we’re working with creators of popular apps to offer the same assurances around support, security, and reliability that customers have come to expect from their Atlassian products,” Venkatrao added.

The post Atlassian unveils cloud enterprise plan appeared first on SD Times.

Read more:


Adobe aims to bridge the developer content and commerce gap with new cloud initiatives

Adobe announced new Adobe Experience Cloud capabilities this week at its Developers Live conference that aims to help developers deliver cohesive content across every touch point.

“Until now, content has been siloed and difficult for developers to easily access to create new app-like experiences that meet consumer expectations,” Josh van Tonder, the head of strategy and product marketing at Adobe Experience Manager, wrote in a blog post.

To address these siloes, Adobe released new headless content management system (CMS) capabilities in Adobe Experience Manager.

One key feature is the GraphQL APIs for headless content delivery, which lets developers get  content that matches the needs of their app. Queries can also now return all nested content in a single call that boosts overall app performance, according to Adobe.

Adobe also offers an agility functionality that can extend from headless to hybrid content delivery whenever needed, improving experience and content velocity. 

“By leveraging the GraphQL API, a mobile app developer can query for marketing content from Adobe Experience Manager. Personalized content is then sent to the app which renders its UI. From there, a marketer can use Experience Manager’s authoring UI to flexibly add and edit marketing content across multiple devices and touchpoints, saving the marketer time and resources,” Tonder added. 

n addition, the Adobe Experience Manager can now integrate and extend commerce services from Magento and other Commerce Integration Frameworks (CIF). CIF is built on rich APIs that can be easily extended, the company explained. This creates a storefront authoring experience in Adobe Experience Manager that aims to both improves agility and reduce cost.

Lastly, Adobe released Adobe Experience manager as a cloud service, which enables developers to combine the AEM Content Management System with AEM Digital Asset Management. Developers also have access to continuous delivery and integration for updates with zero downtime. 

The new cloud service leverages a built-in Content Delivery Network (CDN) and is based on a dynamic architecture that auto scales. The service also validates customer code using automated tests and uses automated tests to scan for common vulnerabilities.

The post Adobe aims to bridge the developer content and commerce gap with new cloud initiatives appeared first on SD Times.

Read more:

Technology Videos


For copyright matters please contact us at:


1. Lift-Bit

2. MNL coffee tablе

3. Cloud 9 Sofa (Preview)

4. Bed up

5. Lovesac Sactionals

6. Spyntex

7. AirDresser

8. Giovannetti ANFIBIO (Preview)


00:00 – Lift-Bit
00:51 – MNL coffee tablе
01:51 – Cloud 9 Sofa (Preview)
02:56 – Bed up
04:08 – Lovesac Sactionals
05:02 – Spyntex
06:23 – AirDresser
07:53 – Giovannetti ANFIBIO (Preview)
08:47 – PATATTO

Read more:


AWS launches its next-gen GPU instances

AWS today announced the launch of its newest GPU-equipped instances. Dubbed P4, these new instances are launching a decade after AWS launched its first set of Cluster GPU instances. This new generation is powered by Intel Cascade Lake processors and eight of NVIDIA’s A100 Tensor Core GPUs. These instances, AWS promises, offer up to 2.5x the deep learning performance of the previous generation — and training a comparable model should be about 60% cheaper with these new instances.

Image Credits: AWS

For now, there is only one size available, the p4d.12xlarge instance, in AWS slang and the eight A100 GPUs are connected over NVIDIA’s NVLink communication interface and offer support for the company’s GPUDirect interface as well.

With 320 GB of high-bandwidth GPU memory and 400 Gbps networking, this is obviously a very powerful machine. Add to that the 96 CPU cores, 1.1 TB of system memory and 8 TB of SSD storage and it’s maybe no surprise that the on-demand price is $32.77 per hour (though that price goes down to less than $20/hour for 1-year reserved instances and $11.57 for three-year reserved ones.

Image Credits: AWS

On the extreme end, you can combine 4,000 or more GPUs into an EC2 UltraCluster, as AWS calls these machines, for high-performance computing workloads at what is essentially a supercomputer-scale machine. Given the price, you’re not likely to spin up one of these clusters to train your a model for your toy app anytime soon, but AWS has already been working with a number of enterprise customers to test these instances and clusters, including Toyota Research Institute, GE Healthcare and Aon.

“At [Toyota Research Institute], we’re working to build a future where everyone has the freedom to move,” said Mike Garrison, Technical Lead, Infrastructure Engineering at TRI. “The previous generation P3 instances helped us reduce our time to train machine learning models from days to hours and we are looking forward to utilizing P4d instances, as the additional GPU memory and more efficient float formats will allow our machine learning team to train with more complex models at an even faster speed.”

Nvidia begins shipping the A100, its first Ampere-based data center GPU

Read more:


Google Cloud launches Lending DocAI, its first dedicated mortgage industry tool

Google Cloud today announced the launch of Lending DocAI, its first dedicated service for the mortgage industry. The tool, which is now in preview, is meant to help mortgage companies speed up the process of evaluating a borrower’s income and asset documents, using specialized machine learning models to automate routine document reviews.

Some of this may sound familiar, because, with Document AI, Google Cloud already offers a more general tool for performing OCR over complex documents and then extracting data from those. Lending DocAI is essentially the first vertically specialized Google Cloud service to use this technology.

“Our goal is to give you the right tools to help borrowers and lenders have a better experience and to close mortgage loans in shorter time frames, benefiting all parties involved,” writes Google product manager Sudheera Vanguri. “With Lending DocAI, you will reduce mortgage processing time and costs, streamline data capture, and support regulatory and compliance requirements.”

Google argues that its tool will have speed up the mortgage workflow process and improve the experience for borrowers, too. If you’ve ever gone through the mortgage process, you know how much time it takes to compile all of the necessary documents and how much lag there is before your bank or mortgage broker tells you that everything is in order (or not).

In addition, Google Cloud also argues that this technology can help “reduce risk and enhance compliance posture by leveraging a technology stack (e.g. data access controls and transparency, data residency, customer managed encryption keys) that reduces the risk of implementing an AI strategy.”

In many ways, this new product is a good example for Google Cloud’s current strategy under the leadership of its CEO Thomas Kurian. While it continues to develop a plethora of general services for developers at every level, it now also bundles these together to sell as complete solutions to enterprises in various verticals. That’s where Google Cloud believes it can generate the most benefit for these companies — and hence generate the most revenue. With industry solutions for retailers, telcos, gaming companies and more — and industry partners to help them get up to speed — Kurian and his team believe that they can offer solutions while its competitors focus on offering tools. So far, that strategy seems to be working out alright, with Google Cloud’s revenue growing over 43 percent in the last quarter.

Google Cloud launches new solutions for retailers

Google Cloud goes after the telco business with Anthos for Telecom and its Global Mobile Edge Cloud

Google Cloud takes aim at verticals starting with new set of tools for retailers

Read more:


Google Firebase adds new building blocks to accelerate application development

Google is updating its mobile platform Firebase with new building blocks to accelerate app development. The company made a number of announcements at its Firebase Summit 2020 this week.

“Over the past few months, we’ve seen that apps not only improve the way we live, they also enhance our ability to adapt to change. In 2020, more businesses and families have turned to apps to stay connected, productive, and entertained. At the same time, our developer community has stepped up to build and scale the apps people are relying on,” Francis Ma, director of product management for Firebase, wrote in a blog post.

The announcements included:

Authentication emulator for rapid iteration and local development
The Emulator Suite that lets users run emulated versions of Firebase’s backend products for a faster and safer development experience now includes support for authentication, according to Ma. 

The new auth emulator also enables developers to run integration tests that rely on authentication. 

“The Emulator Suite, now with Firebase Authentication, allows you to shift to a local-first developer workflow so you can experiment and rapidly iterate without touching production data, incurring costs, or worrying that you’ll break something,” Ma.

New hosting preview channels let users see changes before publishing
With Firebase Hosting, companies can deploy secure, fast-loading web apps and landing pages that are backed by a global CDN in less time and less hassle. 

Now, users can deploy changes to a preview channel in seconds with a single command and generate an obscured unique URL to share with your team.

“Preview channels not only let you check that your changes look as intended right away, they also make collaboration quicker and easier even if you’re working across a distributed team,” Ma explained. 

More extensions for adding features and functionality
The Firebase team announced that it partnered with Stripe to release the Send Invoices using Stripe and the Subscription Payments with Stripe that let users integrate the Stripe payments platform without requiring users to learn Stripe’s API. 

Another new feature is the preview of another extension through the company’s Alpha Program, called Detect Online Presence that shows which users or devices are currently online and stores that data in Cloud Firestore. 

Redesigned performance monitoring dashboard to help users focus on critical metrics
Firebase Performance Monitoring gathers and presents data about an app’s performance to show exactly what’s happening in an app – and when users are encountering slowness. 

“This new dashboard makes it crystal clear if one of your critical metrics needs attention so that you can take action, and it’s customizable, allowing you to bring the metrics you care about most to the forefront,” Ma stated. 

New organizational and targeting tools for Remote Config explained
Firebase Remote Config can dynamically alter an app, safely test and release new features, and help developers stay in control of their whole experience. 

First, the company added information about experiments into the Remote Config dashboard and launched parameter groups. Then, the company added the feature to sort parameters alphabetically and enhanced the search tool.

The addition of improved vision targeting made the feature available for iOS and added support for semantic versioning so users could utilize numeric operators such as “>=” to target specific app versions without resorting to complicated regular expressions.

The most recent launch of config metrics gives users more visibility into how an app configuration is behaving for users to find and fix incorrect configurations quickly. 

Google Analytics APIs for better data management
Firebase’s integration with Google Analytics helps organizations understand what actions users are taking inside of an app so that they can make smarter business value decisions. 

Three new APIs announced today include the Google Analytics 4 Measurement protocol for logging events directly in Google Analytics, Data API that offers programmatic access to Google Analytics reporting data, and Admin API that gives users the ability to configure their Analytics account and set user permissions. 

The team also introduced the ability to bring custom segments back from BigQuery into Firebase with the launch of imported segments. 

“With these improvements to Firebase, we aim to make app development faster and easier so you can stay focused on creating the amazing app experiences that people need to stay productive, connected, and entertained,” Ma

Additional details on all of the product updates are available here.

The post Google Firebase adds new building blocks to accelerate application development appeared first on SD Times.

Read more: