017_SDT056.qxp_Layout 1 1/31/22 2:39 PM Page 17
www.sdtimes.com
February 2022
SD Times
DEVOPS WATCH
Weaveworks acquires Magalix to secure Kubernetes BY JAKUB LEWKOWICZ
Weaveworks acquired the policy-ascode startup Magalix to secure Kubernetes applications by integrating the solution into Weave GitOps. “Enterprise customers have made it clear that trusted application delivery is critical to the success of their increasingly complex cloud native platforms,” said Alexis Richardson, the CEO of Weaveworks. “With the acquisition of Magalix, Weaveworks introduces customizable policies, compliance capabilities and comprehensive risk visibility into GitOps workflows, ensuring only authorized applications are deployed and there are no nefarious activities.” The addition of Magalix’s policy engine will enable DevOps teams to apply consistent policies and best practices across multiple Kubernetes envin Checkmarx KICS
now integrated into GitLab 14.5 Checkmarx’s open-source KICS (Keeping Infrastructure as Code Secure) solution has been integrated into version 14.5 of the GitLab DevOps Platform as an infrastructure-as-code scanning tool. KICS automatically parses infrastructure-as-code files of any type to detect insecure configurations that could expose applications, data and services to attack. Users of Ansible, AWS CloudFormation, K8S or Terraform can now scan their IaC and manage IaC vulnerabilities alongside other comprehensive security scan results with GitLab’s vulnerability management capabilities. “The fact that we now see infrastructure-as-code (IaC) integrated as part of any DevOps pipeline shows that application security must now extend far beyond application source code,” added Razi Sharir, CPO at Checkmarx. “The world runs on code, and we secure it, from source code to open source to infrastructure-as-code.” n ZenHub announces
Productivity Insights ZenHub, the productivity management
ronments. These new developer guardrails will enable Weaveworks customers to bridge the gap between developers, DevOps and security teams. Also, Magalix’s KubeGuard agent detects and remediates runtime drifts. Magalix simplifies DevSecOps and enables cloud-native environments to be more secure by integrating directly into source, build, and deployment stages of the software lifecycle, according to Weaveworks. Customers will be able to use the same declarative approach as Kubernetes to scale their applications while maintaining regulatory requirements and security best practices with Magalix’s security capabilities. “We are seeing an increase in cussolution built into GitHub, today announced Productivity Insights, a new solution in its portfolio of productivity management tools. These Productivity Insights offer teams actionable insights of sprint progress and total productivity in real time. Productivity Insights automates the process of measuring and analyzing a software development team’s performance and immediately shares that data throughout the entire development organization. In addition, Productivity Insights and the analysis it provides is available at a glance from the standard ZenHub UI view that developers regularly use, giving all team members a clear view of the progress that is being made, what still has to be accomplished, and how to work through existing obstacles. n DevOps Institute:
Events, new certifications The new certifications include DevOps Practitioner and DevOps Engineering Foundation. Also, SKILup Days, SKILup Hours, and SKILup Festival 2022: A Live DevOps Educational Experience will provide insights and education needed by
tomers who run a zero-trust security model turning to GitOps to bring DevOps to cloud-native application development and IT operations,” said Mohamed Ahmed, the founder and CEO of Magalix. “Similar to how DevOps disrupted infrastructure management, we believe that integrating security into GitOps pipelines brings considerable agility and speed, preventing errors and protecting against attacks that could shut down the entire platform. Imagine securing your platforms 100 times faster with very high confidence while evolving them. Weaveworks and Magalix share that joint mission to make it easy to innovate fast without jeopardizing security and stability.” z DevOps professionals in a wide variety of disciplines. “As we ramp up our education and certification programs, we aim to empower the global member community with the skills and knowledge they need to further their careers and advance the DevOps initiatives at their organizations,” said Jayne Groll, CEO of DevOps Institute. The DevOps Institute also announced the availability of its new Continuing Education Program. The program works to provide certified members with the skills, knowledge, and learning needed in order to remain relevant, optimize rising trends, and meet professional goals. This program benefits individuals and organizations, both in different ways. For individuals, the program provides greater value to certifications through continuing education credits, supports continuous upskilling, increases work productivity and efficiency, and more. On the organizational side, the Continuing Education Program enhances employee recruitment and retention, assists with crosstraining and coverage, and increases team productivity and efficiency. z
17
