In this article we show how you can improve the security of your software supply chain without spending money for software licenses. For this, we present useful open-source tools for automated dependency updates, vulnerability scanning of dependencies, license scanning, SBOM generation, secret detection and scanning of infrastructure as code for vulnerabilities and misconfiguration.
Our authors Pascal and Bastian investigated the Google Software Delivery Shield which is Google’s fully managed solution for software supply chain security. In this article they describe how software supply chain security can be achieved during the different steps of the software development lifecycle with the Google Software Delivery Shield.
Our author Daniel gives an introduction into Software Supply Chain Security in software development processes and highlights its importance. The article stresses how neglecting security in the software development process can lead to successful attacks, compromising users’ data and systems. It also provides tips on achieving Software Supply Chain Security, including scanning for vulnerabilities, updating dependencies, and secret detection.
This year our colleague Anna participated in two Women in Data Science conferences, in Zürich and Villach. She shares her experience with us in this blog post.
There are three main types of telemetry data – often referred to as pillars of observability – that are typically gathered: metrics, logs and traces. Here we focussed on tracing which enables visualizations making it possible to understand the performance characteristics of a distributed system.
In the swiftly changing world of software development, the choice of programming language plays a crucial role. To emphasize this, our colleagues Lukas and Georg effectively developed a Microservice Architecture in Kotlin for one of the largest direct banks in Germany. With numerous years of expertise in Java, this project marked their most extensive exploration of Kotlin. Join them on their fascinating voyage as they explain why Kotlin proved to be a superior choice over Java.
This article compares different Kubernetes frameworks and evaluates their usability. It also features a youtube video of Senior Developer Josef Brandl having a talk on this subject.
Expiring certificates impose a continuous threat to service interruptions if they are not properly managed. In this article, Senacor Senior Developer Fabian Kohlmann presents a solution to monitor expiry dates of certificates directly inside the deployed applications using standard application monitoring frameworks.
KotlinConf finally took place again this year – and it was a blast! Our colleague Lukas was on site. Filled with many new insights and the motivation to get to know the Kotlin ecosystem better, he summarizes the workshops and conference talks he attended.
Writing clean code is an important part of modern software development. In this article, our colleague Moritz presents his favorite function “pipe” which helps him write clean code in Typescript projects.