Checkmarx debuts new Keeping Infrastructure as Code Secure solution

In an effort to better secure cloud-native apps, software security company Checkmarx has launched a new open-source static analysis solution. The new Keeping Infrastructure as Code Secure (KICS) solution enables developers to write secure infrastructure as code (IaC) by automatically detecting issues from the start.

According to the company, as organizations move to the cloud they are utilizing IaC to provision infrastructure faster and provide scalability. However, developers are struggling to manage IaC’s security, compliance and configuration risks.

KICS aims to address this by automatically detecting issues, hard-coded keys, passwords, compliance issues, and misconfigurations.

The modern risks of open-source code
Developers take a larger role in security

“As development processes evolve and organizations accelerate their cloud adoption, developers are taking on more security responsibility while also delivering software faster than ever before. This is an impossible balance to strike by solely relying on manual, time-consuming code reviews,” said Maty Siman, CTO and founder of Checkmarx. “KICS was built with this in mind, enabling development teams to automatically identify IaC issues when fixing is quickest, cheapest, and easiest. As the newest addition to the Checkmarx product portfolio, developers now have a single destination for securing all components that make up today’s complex applications.”

The solution offers a large library of queries which are fully customizable. As an open-source project, the scanning engine and queries are open to a community of DevOps experts. And the solution provides seamless integration with CI/CD pipelines including GitHub Actions and GitLab CI. In addition, it supports Terraform, Kubernetes, Docker, AWS CloudFormation, and Ansible.

“Checkmarx is a strong advocate of open source projects, and creating KICS in this manner gives the community the opportunity to steer its direction and foster innovation across the industry. We’re excited to watch this passionate community embrace and contribute to KICS as it becomes an essential addition to every developer’s cloud-native security toolkit,” said Siman.

The post Checkmarx debuts new Keeping Infrastructure as Code Secure solution appeared first on SD Times.

Read more:


SD Times news digest: Sauce Labs’ new shift-left capabilities, Nintex Workflow Cloud launched, CircleCI privacy enhancements

Sauce Labs announced new shift-left capabilities such as new end-to-end visual testing as well as Sauce Testrunner, which supports a host of developer-preferred test frameworks such as Cypress, Playwright, and TestCafe. 

“Successful testing in the DevOps era is about giving developers the optionality and flexibility to work within the frameworks with which they’re most comfortable, and about giving them the ability to harness and understand the different test signals proliferating throughout the dev cycle,” said Matt Wyman, chief product officer at Sauce Labs.

The end-to-end testing also enables users to compare both screenshots and DOM snapshots to visual changes, automatically pull in the initial baseline and accept updates, and integrate seamlessly into CI/CD processes. 

Nintex Workflow Cloud launched
The company’s workflow automation cloud platform includes advanced data technology, added functionality and pre-built connectors to automate and optimize enterprise-grade workflows faster. 

Pre-built dashboards and widgets provide immediate insights into workflows and automated processes with easy-to-use data visualization and the new functionality such as Repeating Sections, Draft Forms Save and Continue, and Multiple Approvers. 

“We are committed to delivering process management, automation and optimization technology that improves how people work and provides competitive advantages for every organization that standardizes on Nintex,” said Neal Gottsacker, chief of product at Nintex. “By seamlessly integrating Nintex Workflow Cloud with Nintex Analytics, our customers and partners benefit from a robust data infrastructure that reports on workflows across an organization’s entire Nintex deployment.”

CircleCI privacy enhancements 
CircleCI announced private orbs which help developers automate repeated processes with reusable packages of YAML configurations to help with use-cases such as vulnerability scanning and test coverage of applications.

Developers also now have the ability to create private orbs to allow teams to share configurations within their organization. 

CircleCI also helps users ensure their pipelines are secure via added product security features including environment variables, multiple contexts, and admin controls.

RediSearch 2.0 released
RediSearch 2.0 enables customers to build modern applications with interactive search experiences.

Users can automatically index and then query their Redis datasets without changing their application. 

With the latest release, users can also scale RediSearch easily and can be deployed in a globally distributed manner by leveraging Redis Enterprise’s Active-Active technology. 

“RediSearch now enables organizations to quickly build indexes which require low latency querying and full-text search. All of this is delivered with the familiar ease of scaling and speed of Redis,” said Pieter Cailliau, director of product management at Redis Labs.


The post SD Times news digest: Sauce Labs’ new shift-left capabilities, Nintex Workflow Cloud launched, CircleCI privacy enhancements appeared first on SD Times.

Read more:


Atlassian unveils cloud enterprise plan

Atlassian announced the general availability of Cloud Enterprise, a new cloud offering that features enterprise-grade scalability, security, and governance controls for Jira Software, Confluence, and Jira Service Management. 

Users can activate unlimited instances so that teams can tailor instances to their needs and they can also access Atlassian cloud products on any device.

“This means independent lines of business, regional teams, or acquired entities can maintain autonomy for their own product instances. Admins can also set up multiple instances to keep data pinned to different regions for compliance reasons, or customize instances with specific marketplace apps, project configurations, and more,” Bala Venkatrao, the head of product of Enterprise Cloud wrote in a blog post.

To enable collaboration across instances, Cloud Enterprise includes features such as smart links and app switcher for Jira and Confluence Cloud as well as licensing flexibility so that customers can pay once and assign users to unlimited instances. 

Atlassian boasted a 99.95 percent uptime SLA for Cloud Enterprise, which translates to about 21 minutes of downtime per month. and dedicated enterprise support.

For security and governance, Cloud Enterprise offers encryption in transit and at rest, certifications including SOC-2, ISO 27001, GDPR compliance, and more. It also offers data residency, which is the ability to pin data to a geographic realm. This feature is currently supported for the United States and the European Union, with plans to expand support to additional regions including Australia, Canada, the United Kingdom, and Japan. 

Admins can manage thousands of users spread across multiple products and instances within a centralized admin hub. In addition, they can automate user provisioning and deprovisioning through built-in integrations. 

“To offer a robust ecosystem for our customers in the cloud, Atlassian continues to collaborate with our Marketplace partners, adding to the ever-growing list of cloud apps and integrations, which has now grown to over a thousand. And we’re working with creators of popular apps to offer the same assurances around support, security, and reliability that customers have come to expect from their Atlassian products,” Venkatrao added.

The post Atlassian unveils cloud enterprise plan appeared first on SD Times.

Read more:


SD Times news digest: JetBrains 2020 annual report, Microsoft’s autofill solution for passwords, IBM and Palantir team up on cloud and AI

The fifth JetBrains annual report showed that there are 10.1 million JetBrains users around the world and that the company’s revenue grew by 11% in 2020 (with the greatest increase in China at 85%).

JetBrains has created an extended family of integrated development environments (IDE) for various programming languages and designed Kotlin, the officially preferred programming language for Android. 

In addition, JetBrains found that Rider, GoLand, DataGrip, CLion and PyCharm became the fastest growing products in 2020.

Additional details on JetBrains’ growth are available here.

Microsoft’s autofill solution for passwords
Microsoft’s autofill solution syncs passwords across mobile, Microsoft Edge, and Google Chrome, and is available as an extension on the Chrome Web Store. 

Microsoft also added an Import feature in the Authenticator app that allows users to import passwords from Chrome and certain password managers. 

“Online security will continue to be critical as individuals and organizations embrace remote work, and our mission with this offering is to help our customers securely and conveniently manage their sensitive data even as new security challenges emerge,” Vishnu Nath, the partner director of program management wrote in a blog post.

IBM and Palantir team up on cloud, AI 
The partnership will simplify how businesses build and deploy AI-infused applications with IBM Watson without the need for deep technical skills.

The new product will leverage Palantir Foundry and will integrate with IBM Cloud Pak for Data, which helps businesses reduce data silos, integrates data sources across hybrid cloud environments and governs data through the AI lifecycle. 

“Our clients deliver products and services while operating in some of the most complex, fast-changing industries of the world,” said Rob Thomas, the senior vice president of cloud and data platform at IBM. “Together, IBM and Palantir aim to make it easier than ever for businesses to put AI to work and become data-driven throughout their operations.”

Apache weekly update
Last week at the Apache Software Foundation, it announced Apache DataSketches, the Big Data analysis library for scalable approximate algorithms, as a Top-Level Project.

The ASF also released Flink 1.10.3, Druid 0.20.1, Lucene 8.8.0 and Solr 8.8.0, Tomcat 9.0.43 and 10.0.2, and MyFaces Core 3.0.0.

The vulnerability CVE-2021-25646 was found in Apache Druid, enabling remote code execution. 

Additional details on the new releases from Apache are available here.

The post SD Times news digest: JetBrains 2020 annual report, Microsoft’s autofill solution for passwords, IBM and Palantir team up on cloud and AI appeared first on SD Times.

Read more:


NSO used real people’s location data to pitch its contact-tracing tech, researchers say

Spyware maker NSO Group used real phone location data on thousands of unsuspecting people when it demonstrated its new COVID-19 contact-tracing system to governments and journalists, researchers have concluded.

NSO, a private intelligence company best known for developing and selling governments access to its Pegasus spyware, went on the charm offensive earlier this year to pitch its contact-tracing system, dubbed Fleming, aimed at helping governments track the spread of COVID-19. Fleming is designed to allow governments to feed location data from cell phone companies to visualize and track the spread of the virus. NSO gave several news outlets each a demo of Fleming, which NSO says helps governments make public health decisions “without compromising individual privacy.”

But in May, a security researcher told TechCrunch that he found an exposed database storing thousands of location data points used by NSO to demonstrate how Fleming works — the same demo seen by reporters weeks earlier.

TechCrunch reported the apparent security lapse to NSO, which quickly secured the database, but said that the location data was “not based on real and genuine data.”

NSO’s claim that the location data wasn’t real differed from reports in Israeli media, which said NSO had used phone location data obtained from advertising platforms, known as data brokers, to “train” the system. Academic and privacy expert Tehilla Shwartz Altshuler, who was also given a demo of Fleming, said NSO told her that the data was obtained from data brokers, which sell access to vast troves of aggregate location data collected from the apps installed on millions of phones.

TechCrunch asked researchers at Forensic Architecture, an academic unit at Goldsmiths, University of London that studies and examines human rights abuses, to investigate. The researchers published their findings on Wednesday, concluding that the exposed data was likely based on real phone location data.

The researchers said if the data is real, then NSO “violated the privacy” of 32,000 individuals across Rwanda, Israel, Bahrain, Saudi Arabia and the United Arab Emirates — countries that are reportedly customers of NSO’s spyware.

The researchers analyzed a sample of the exposed phone location data by looking for patterns they expected to see with real people’s location data, such as a concentration of people in major cities and by measuring the time it took for individuals to travel from one place to another. The researchers also found spatial irregularities that would be associated with real data, such as star-like patterns that are caused by a phone trying to accurately pinpoint its location when the line of sight to the satellite is obstructed by tall buildings.

“The spatial ‘irregularities’ in our sample — a common signature of real mobile location tracks — further support our assessment that this is real data. Therefore, the dataset is most likely not ‘dummy’ nor computer generated data, but rather reflects the movement of actual individuals, possibly acquired from telecommunications carriers or a third-party source,” the researchers said.

The researchers built maps, graphs, and visualizations to explain their findings, while preserving the anonymity of the individuals whose location data was fed into NSO’s Fleming demo.

Gary Miller, a mobile network security expert and founder of cyber intelligence firm Exigent Media, reviewed some of the datasets and graphs, and concluded it was real phone location data.

Miller said the number of data points increased around population hubs. “If you take a scatter plot of cell phone locations at a given point in time, there will be consistency in the number of points in suburban versus urban locations,” he said. Miller also found evidence of people traveling together, which he said “looked consistent with real phone data.”

He also said that even “anonymized” location data sets can be used to tell a lot about a person, such as where they live and work, and who they visit. “One can learn a lot of details about individuals simply by looking at location movement patterns,” he said.

“If you add up all of the similarities it would be very difficult to conclude that this was not actual mobile network data,” he said.

A timeline of one person’s location data in Bahrain over a three-week period. Researchers say these red lines represent travel that seems plausible within the indicated time. (Image: Forensic Architecture/supplied)

John Scott-Railton, a senior researcher at Citizen Lab, said the data likely originated from phone apps that use a blend of direct GPS data, nearby Wi-Fi networks, and the phone’s in-built sensors to try to improve the quality of the location data. “But it’s never really perfect,” he said. “If you’re looking at advertising data — like the kind that you buy from a data broker — it would look a lot like this.”

Scott-Railton also said that using simulated data for a contact-tracing system would be “counterproductive,” as NSO would “want to train [Fleming] on data that is as real and representative as possible.”

“Based on what I saw, the analysis provided by Forensic Architecture is consistent with the previous statements by Tehilla Shwartz Altshuler,” said Scott-Railton, referring to the academic who said NSO told her that was based on real data.

“The whole situation paints a picture of a spyware company once more being cavalier with sensitive and potentially personal information,” he said.

NSO rejected the researchers’ findings.

“We have not seen the supposed examination and have to question how these conclusions were reached. Nevertheless, we stand by our previous response of May 6, 2020. The demo material was not based on real and genuine data related to infected COVID-19 individuals,” said an unnamed spokesperson. (NSO’s earlier statement made no reference to individuals with COVID-19.)

“As our last statement details, the data used for the demonstrations did not contain any personally identifiable information (PII). And, also as previously stated, this demo was a simulation based on obfuscated data. The Fleming system is a tool that analyzes data provided by end users to help healthcare decision-makers during this global pandemic. NSO does not collect any data for the system, nor does NSO have any access to collected data.”

NSO did not answer our specific questions, including where the data came from and how it was obtained. The company claims on its website that Fleming is “already being operated by countries around the world,” but declined to confirm or deny its government customers when asked.

Contact Us
Got a tip? Contact us securely using SecureDrop. Find out more here.

The Israeli spyware maker’s push into contact tracing has been seen as a way to repair its image, as the company battles a lawsuit in the United States that could see it reveal more about the governments that buy access to its Pegasus spyware.

NSO is currently embroiled in a lawsuit with Facebook-owned WhatsApp, which last year blamed NSO for exploiting an undisclosed vulnerability in WhatsApp to infect some 1,400 phones with Pegasus, including journalists and human rights defenders. NSO says it should be afforded legal immunity because it acts on behalf of governments. But Microsoft, Google, Cisco, and VMware filed an amicus brief this week in support of WhatsApp, and calling on the court to reject NSO’s claim to immunity.

The amicus brief came shortly after Citizen Lab found evidence that dozens of journalists were also targeted with Pegasus spyware by NSO customers, including Saudi Arabia and the United Arab Emirates. NSO disputed the findings.

A passwordless server run by spyware maker NSO sparks contact-tracing privacy concerns

Read more:


SD Times news digest: Security Compass launches hands-on training lab, Capacitor Core plugin changes, and Apache weekly updates

Security Compass has announced a hands-on training lab for balanced development automation. The new interactive virtual lab offers training across multiple exploit scenarios to help developers understand common vulnerabilities and how to build secure software, the company explained. 

The training lab can now be added to existing subscriptions for the Software Security Practitioner (SSP) Suites, a role-based e-learning program, or Full Library, which has  35 on-demand courses for required education or personal interest.

“Professionals are increasingly seeking innovative ways to learn new skills, and test this knowledge in a safe environment,” said Lauren Park, the director of training at Security Compass. “We are committed to providing new ways for developers to gain this knowledge, and are proud to launch our hands-on training lab as the latest resource for customers to improve their security posture.”

Capacitor Core plugin changes
As of Capacitor 3.0 beta, all officially supported plugins are now installed and versioned separately from Capacitor core, which gives developers more control over what APIs are included in an app. 

Ionic, the company behind the cross-platform app runtime said that the migration is “fairly straightforward” in a blog post. Developers who have customized their native projects should manually update them to accommodate these changes in Capacitor. 

Ionic added that it is currently working with the Capacitor Community GitHub Org to help update the third-party plugins to the new API. 

Apache weekly updates 
Last week at Apache saw the release of Apache Tika 2.0.0-ALPHA, which includes a major refactoring of the modules to enable more fine-grained selection of resources and more.  

Other new releases included Qpid Broker J 7.1.11 and J 8.0.3, CloudStack v4.15, Jackrabbit Oak 1.22.6, and Camel 3.7.1.

Apache Superset, the open source data exploration and visualization platform, reached Top-Level Project status, moving one step closer to graduation status.

Apache also found two vulnerabilities: Guacamole CVE-2020-11997, which has an  Inconsistent restriction of connection history visibility and Tomcat CVE-2020-17527, which involves a Apache Tomcat HTTP/2 Request header mix-up.

Additional details on all of the updates are available here.

The post SD Times news digest: Security Compass launches hands-on training lab, Capacitor Core plugin changes, and Apache weekly updates appeared first on SD Times.

Read more:


SD Times news digest: Harness reaches $1.7 billion valuation, Dynatrace integrates with Snyk Intel data, and WhiteSource expands native support for IDEs

Software delivery platform Harness announced that it will use its recent $115 million in funding to grow its engineering team, support global expansion plans, and extend its intelligent software delivery platform vision.

Harness provides an end-to-end platform for intelligent software delivery that implements machine learning to detect the quality of deployments. 

“Our goal is to create an intelligent software delivery platform that allows every company in the world to become as good in software delivery as the likes of Google and Facebook,” said Jyoti Bansal, the CEO and co-founder of Harness.

Dynatrace integrates real-time vulnerability detection with Snyk Intel data
Dynatrace’s Application Security Module now links the vulnerabilities that it finds to the Snyk Intel database of open-source vulnerabilities.

“We built the Dynatrace platform to provide continuous automation and intelligence for dynamic, cloud-native environments. Extending it to application security, and enabling production detection in dynamic environments, was a natural step,” said Bernd Greifeneder, the founder and CTO of Dynatrace.

Dynatrace Application Security is also optimized for Kubernetes architectures and DevSecOps approaches. 

WhiteSource expands native support for IDEs
The new integrations for JetBrains Pycharm and Webstorm provide real-time visibility and control on open-source components for developers in their preferred IDEs. 

With the new Pycharm and Webstorm additions, WhiteSource now supports six popular environments that also include JetBrains IntelliJ, Visual Studio, Visual Studio Code, and Eclipse.

“These integrations empower developers to address open source security issues very early in the development process and resolve them easily, shortening release cycles, and saving valuable time and resources,” WhiteSource wrote in an announcement.

Xamarin.Forms 5.0 released
The latest major release includes quality improvements and stable release of new features such as App Themes, Brushes, CarouselView, RadioButton, Shapes and Paths, and SwipeView.

Visual Studio 2019 is the minimum version required for the new Xamarin.Forms, and Microsoft encourages those who will update to remove DataPages and Theme packages from their solutions. Additional details on the best way to migrate are included here.

Xamarin.Forms 5.0 will continue to receive service releases through November 2022, Microsoft stated. 

The post SD Times news digest: Harness reaches $1.7 billion valuation, Dynatrace integrates with Snyk Intel data, and WhiteSource expands native support for IDEs appeared first on SD Times.

Read more:


GCC front-end for Rust gets new funding for its development efforts

Open Source Security, Inc. has announced new funding for the GCC front-end for Rust project. The funding will go towards full-time and public development efforts. 

GCC front-end for Rust is an open-source project designed to provide an alternative Rust compiler for GCC. “The origin of this project was a community effort several years ago where Rust was still at version 0.9; the language was subject to so much change that it became difficult for a community effort to play catch up. Now that the language is stable, it is an excellent time to create alternative compilers. The developers of the project are keen “Rustaceans” with a desire to give back to the Rust community and to learn what GCC is capable of when it comes to a modern language,” the team wrote on its GitHub page

Open Source Security, Inc. aims to address underfunded and understaffed attention to security in Linux. While the organization doesn’t expect Rust code to be included in the Linux kernel in the near future, it saw a security issue with a mixed Assembly/C/Rust execution environment as well as mixing different compilers with different implementations. “As the source of the GCC plugin infrastructure in the Linux kernel and nearly all of the GCC plugins adapted for inclusion in the upstream Linux kernel, we too immediately spotted the importance of this problem and set out to ensure both those plugins as well as the security features built-in to GCC itself are able to instrument code from all languages supported by the Linux kernel with compatible and consistent security properties,” Brad Spengler, president of Open Source Security, Inc., wrote in a post

As part of its efforts, Open Source Security Inc. brought on developer Philip Herron to work on the project full time with the help of Embecosm, a UK-based company involved with GCC/LLVM development. Embecosm is providing Herron’s employment as well as project management services for the project. 

“The project has attracted multiple contributors on GitHub over its time being purely community driven and we want to continue to create an inclusive environment to welcome everyone to learn and create their own mark on the compiler. This can be achieved by creating clear documentation on getting up and running and readable code and a clean review process. Leveraging docker we can automate publishing prebuilt images of the compiler allowing people to test the compiler without requiring a development environment for the compiler, such that people can report feedback easily into the GitHub issue system,” Herron wrote in a post

Open Source Security, Inc. also stated as part of their efforts to help the project remain vendor-neutral, it will not own any copyright code developed through its funding. All code will be GPLv3-licensed and copyright will be assigned to the Free Software Foundation. 

The post GCC front-end for Rust gets new funding for its development efforts appeared first on SD Times.

Read more:


Developers take a larger role in security

As companies shift their businesses to engage with customers online, developers are becoming a center point for innovation. So as these companies build out DevOps and DevSecOps practices, they’re assembling teams around the developer to ensure that as they’re building new features at a rapid pace, security and operations components move along with that.

Yet development and security traditionally have been at odds. Development is about moving quickly to innovate, while security is about risk management in the organization, and that takes time. As development teams have gained more influence inside the business, security leaders have had to change their mindset and find new ways to talk to developers.

Eric Swenson, VP of product marketing for security solutions provider Checkmarx, said security needs to work to enable secure development and move beyond a “department of no” stigma to help reduce risk down from what it’s doing because it’s going to potentially introduce risk. 

Some years back, Swenson said, “I had a conversation with a friend of mine, who was a security architect for an online streaming company. I challenged his mentality around security being a gate or possible blocker. He told me at one point, he would rather shut down a website to prevent any sort of data breach or disruption to business operations. And I said, ‘Well, you know, that’s interesting, but try to go into your CEO to tell him you’re going to shut down the website because you’re concerned about a security risk. You may be making a career limiting move.’ ” 

DevOps — and DevSecOps — require moving security planning and testing into software development. Applications are being built in small pieces, moving through CI/CD pipelines, and deployed into containers. Some teams are working only on the front end of the application. Others are only working on the back end, and still others are working on the integrations. Because of this, security has to be considered across the entire development lifecycle, compared to waiting until the application is running in production — which leads to higher costs for remediating vulnerabilities, and slows innovation.

“Developers are checking in and out pieces of the application they’re responsible for, adding additional features and capabilities then checking them back into the central repository as it moves through the development process; scanning for critical vulnerabilities as early in this process as possible by the developer presents an opportunity for share ownership in securing the application,” Swenson explained.

And because applications are being built from small services and components, it makes sense to have the developers creating those pieces own it all, including security testing. 

“For organizations adopting a DevOps philosophy for application development, part of that philosophy is empowering developers to use the tools and technologies necessary to move quickly and innovate; security teams have to shift their approach to a more consultative role with developers,” he said. “And so really, if you’re thinking about the entire software development life cycle, it’s definitely an evolving process. Traditionally, the heavy-handed role of security has to evolve to educate and guide development in toward best practices for secure development.”

Yet developers often do not have education in security, so to ask them to be responsible for it in their applications or components requires some training, Swenson said. Importantly, while training developers in security, it’s important this is a collaborative effort between developers and security. “This is about bringing two teams with differing goals, together to focus on a common objective, coding securely.”

Swenson added that the argument that developers don’t care about security is quickly going away. Developers, he noted, would rather fix something early on, while in development, rather than having to go back and fix it post production, because the business wants its developers to continue to move forward with the next feature release. He said that developers think, “If I just fixed it before I released it, or before it’s in production, I would be in a much better place, a much happier developer, because, you know, nobody wants to go back and do the re-work. They always want to be pushing on to the next thing and seeing what they can accomplish there.”


Content provided by Checkmarx and SD Times

The post Developers take a larger role in security appeared first on SD Times.

Read more:


SD Times news digest: Cloudflare acquires Linc, Amazon launches AWS Glue custom connectors, ThreatStack now available for Ruby Gems and NPM

Cloudflare’s acquisition of Linc, the automation platform that helps front-end developers collaborate, will create seamless integration between Pages and Cloudflare Workers, a serverless execution environment. that allows users to create entirely new applications or augment.

Linc offers a straightforward path to building end-to-end applications on Pages with both frontend and backend logic in one bundle.

“Linc and the Frontend Application Bundle (FAB) specification were designed with a single goal in mind: to give frontend developers the best possible tools to build, review, refine, and deploy their applications,” Aly Cabral, the director of product at Cloudflare wrote in a blog post. “An important piece of that is making server-side logic and rendering much more accessible, regardless of what type of app you’re building.”

Amazon launches AWS Glue custom connectors
AWS Glue custom connectors make it easier to transfer data from SaaS applications and custom data sources to data lakes in Amazon S3, according to AWS in a post.

Custom connectors are available within AWS Glue and AWS Studio and they also integrate with AWS Secrets Managers to simplify the distribution of credentials.

“With just a few clicks, you can search and select connectors from the AWS Marketplace and begin your data preparation workflow in minutes,” AWS wrote. “You can also build custom connectors and share them across teams, and integrate open source Spark connectors and Athena federated query connectors into your data preparation workflows.”

Threat Stack now available for Ruby Gems and NPM
The new Threat Stack Application Security Monitoring feature was added to Ruby Gems and NPM to increase deployment flexibility for Threat Stack users.

With the new feature, users can receive in-depth security telemetry from the cloud management console, host, containers, orchestration, managed container services, and applications within a single, unified platform.

“Threat Stack understands our customers are being asked to secure rapidly scaling cloud ecosystems while battling resource constraints and competing priorities,” said Brian Ahern, the CEO of Threat Stack. “That is why we continue to put an emphasis on innovation and delivering new capabilities to our customers at an extremely rapid pace to help them keep up with accelerating cloud adoption and new evolving threats.”

The post SD Times news digest: Cloudflare acquires Linc, Amazon launches AWS Glue custom connectors, ThreatStack now available for Ruby Gems and NPM appeared first on SD Times.

Read more: