TNS
VOXPOP
Which agile methodology should junior developers learn?
Agile methodology breaks projects into sprints, emphasizing continuous collaboration and improvement.
Scrum
0%
Kanban
0%
Scrumban (a combination of Scrum and Kanban)
0%
Extreme Programming (XP)
0%
Other methodology
0%
Bah, Waterfall was good enough for my elders, it is good enough for me
0%
Junior devs shouldn’t think about development methodologies.
0%
 
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
Why Cloud Native Expertise Is so Hard to Hire for, and What to Do Instead
Sep 29th 2023 10:00am, by Michael Schmid
4 Benefits of Choosing a CNAPP for Cloud Security
Sep 28th 2023 11:12am, by Chris Tozzi
Oracle Touts New AppDev Tools, Distributed Cloud Support
Sep 20th 2023 9:18am, by Chris J. Preimesberger
Next-Gen Observability: Monitoring and Analytics in Platform Engineering
Sep 12th 2023 4:00am, by Robert Kimani
Is Policy as Code the Cure for Multicloud Config Chaos?
Sep 11th 2023 12:13pm, by Tzvika Shahaf
Harden Ubuntu Server to Secure Your Container and Other Deployments
Sep 16th 2023 6:00am, by Jack Wallen
Run GUI Applications as Containers with x11docker
Sep 9th 2023 6:00am, by Jack Wallen
Dive: A Simple App for Viewing the Contents of a Docker Image
Sep 2nd 2023 3:00am, by Jack Wallen
Kubernetes Isn't Always the Right Choice
Aug 21st 2023 7:02am, by Rak Siva
Monitor, Control and Debug Docker Containers with WhaleDeck
Aug 19th 2023 7:00am, by Jack Wallen
Edge AI: How to Make the Magic Happen with Kubernetes
Sep 14th 2023 4:00am, by Saad Malik
Cloud to Edge AI with a Mobile Database Platform
Aug 28th 2023 8:42am, by Mark Gamble
Dev News: React Still King, Vercel AI Tools, Netlify Connect
Jun 17th 2023 4:00am, by Loraine Lawson
Creating an IoT Data Pipeline Using InfluxDB and AWS
Jun 5th 2023 10:25am, by Jason Myers
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by Chris J. Preimesberger
5 Best Practices for Securing Your API Gateway
Sep 29th 2023 11:51am, by David Sudia
The Basics of Event-Driven Architectures
Sep 22nd 2023 7:45am, by Jim Moffitt
A Microservices Outcome: Testing Boomed
Sep 15th 2023 11:15am, by Alex Williams
Event-Driven Microservices Offer Flexibility and Real-Time Responsiveness
Sep 13th 2023 10:00am, by Hugh McKee
Britive: Just-in-Time Access across Multiple Clouds
Sep 7th 2023 3:00am, by Susan Hall
Performant and Programmable Telco Networking with eBPF
Aug 11th 2023 10:00am, by Bill Mulligan
Create a Samba Share and Use from in a Docker Container
Jul 29th 2023 6:00am, by Jack Wallen
CIOs, Heed On-Premises App and Infrastructure Performance
Jul 5th 2023 1:21pm, by Gregg Ostrowski
Hasura Launches New Data Network for APIs Only
Jun 29th 2023 9:36am, by Chris J. Preimesberger
Unveiling the Future of Application Networking: Trends and Impacts
Jun 28th 2023 11:06am, by Bilgin Ibryam
The Security-First Mindset to Unlocking the AWS Opportunity 
Aug 9th 2023 8:14am, by David Melamed
3 Reasons Why Teams Move Away from AWS Lambda
Jul 18th 2023 10:00am, by Jonathan Michaux
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by Andrew Brust
Forrester on WebAssembly for Developers: Frontend to Backend
May 17th 2023 6:00am, by Loraine Lawson
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
NoSQL Data Modeling Mistakes that Ruin Performance
Sep 27th 2023 9:00am, by Felipe Cardeneti Mendes
Address High Scale Google Drive Data Exposure with Bulk Remediation
Sep 26th 2023 10:00am, by Adam Gavish
Battling the Steep Price of Storage for Real-Time Analytics
Sep 22nd 2023 6:00am, by B. Cameron Gain
Unlock Data’s Full Potential with a Mature Analytics Strategy
Sep 8th 2023 10:16am, by Venkat Ramakrishnan
Ditching Databases for Apache Kafka as System of Record
Aug 25th 2023 7:53am, by Andreas Evers
AI Frontend Development Software Development TypeScript WebAssembly Cloud Services Data Security
How Generative AI Can Support DevOps and SRE Workflows
Sep 28th 2023 7:00am, by
Lightning AI Teases App Development Platform — an 'OS for AI'
Sep 28th 2023 5:58am, by
LLMs and Data Privacy: Navigating the New Frontiers of AI
Sep 27th 2023 10:00am, by
Controlling the Machines: Feature Flagging Meets AI
Sep 26th 2023 11:00am, by
Lifelong Machine Learning: Machines Teaching Other Machines
Sep 26th 2023 9:00am, by
Angular, Qwik Creator on How JS Frameworks Handle Reactivity
Sep 29th 2023 11:12am, by
The Goldilocks CDE: Gitpod Fits Between SaaS and Self-Hosted
Sep 29th 2023 7:57am, by
The Angular Renaissance: Why Frontend Devs Should Revisit It
Sep 26th 2023 8:15am, by
Dev News: Svelte 5, AI Bot for Android Studio, and GitHub Tools
Sep 23rd 2023 4:00am, by
Developers: Is Your API Designed for Attackers?
Sep 20th 2023 11:24am, by
Angular, Qwik Creator on How JS Frameworks Handle Reactivity
Sep 29th 2023 11:12am, by
How We Built the New JSON API for Cassandra and Astra DB
Sep 29th 2023 9:01am, by and
The Goldilocks CDE: Gitpod Fits Between SaaS and Self-Hosted
Sep 29th 2023 7:57am, by
How LLMs Helped Me Build an ODBC Plugin for Steampipe
Sep 28th 2023 10:50am, by
How Listening to the Customer Can Boost Innovation
Sep 28th 2023 8:54am, by
The Angular Renaissance: Why Frontend Devs Should Revisit It
Sep 26th 2023 8:15am, by
Dev News: A 'Nue' Frontend Dev Tool; Panda and Bun Updates
Sep 16th 2023 4:00am, by
Dev News: Svelte 5 vs. VanillaJS and Google’s Project IDX
Aug 12th 2023 8:00am, by
Dev News: Dart Frog Now Stable, Redwood Updates Bundler
Aug 4th 2023 7:00am, by
Dev News: Spotify's TypeScript SDK, Retool Tools, Deno 1.35
Jul 15th 2023 7:00am, by
What Is WebAssembly?
Sep 25th 2023 4:00am, by
Can WebAssembly Get Its Act Together for a Component Model?
Sep 14th 2023 9:33am, by
WebAssembly Reaches a Cloud Native Milestone
Sep 11th 2023 7:50am, by
Is It too Early to Leverage AI for WebAssembly?
Sep 6th 2023 10:28am, by
Rust and C++ Work Better for WebAssembly
Aug 9th 2023 6:50am, by
The Goldilocks CDE: Gitpod Fits Between SaaS and Self-Hosted
Sep 29th 2023 7:57am, by
Install Cloud Foundry on Azure Kubernetes Clusters
Sep 22nd 2023 1:13pm, by
MySQL HeatWave Gets Generative AI and JavaScript, Slew of New Features
Sep 21st 2023 10:18am, by
Oracle Introduces New App Analytics Platform, Enhances Analytics Cloud
Sep 21st 2023 6:47am, by
OpenAI Chats about Scaling LLMs at Anyscale's Ray Summit
Sep 19th 2023 8:58am, by
How We Built the New JSON API for Cassandra and Astra DB
Sep 29th 2023 9:01am, by and
An Introduction to Stream Processing
Sep 29th 2023 6:15am, by
How LLMs Helped Me Build an ODBC Plugin for Steampipe
Sep 28th 2023 10:50am, by
Polystores: The Data Management Game Changer
Sep 28th 2023 10:00am, by
Navigating the High-Concurrency Challenges of User-Facing Analytics
Sep 28th 2023 6:52am, by
5 Best Practices for Securing Your API Gateway
Sep 29th 2023 11:51am, by
Secure Go APIs with Decentralized Identity Tokens, Part 3
Sep 29th 2023 8:02am, by
Demo: How Codefresh and Its Argo Core Improve Security
Sep 29th 2023 4:00am, by
4 Benefits of Choosing a CNAPP for Cloud Security
Sep 28th 2023 11:12am, by
Secure Go APIs with Decentralized Identity Tokens, Part 2
Sep 28th 2023 3:00am, by
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
Making the Leap: Ops Roles Evolve into Platform Engineers
Sep 29th 2023 8:30am, by Pravanjan Choudhury
Humanitec: The Golden Path to Platform Engineering
Sep 28th 2023 8:11am, by Joab Jackson
The Pillars of Platform Engineering: Part 6 — Observability
Sep 27th 2023 6:12am, by Michael Fonseca
Software Delivery Enablement, Not Developer Productivity
Sep 26th 2023 7:00am, by Jennifer Riggins
The Pillars of Platform Engineering: Part 5 — Orchestration
Sep 26th 2023 6:14am, by Michael Fonseca
Why Cloud Native Expertise Is so Hard to Hire for, and What to Do Instead
Sep 29th 2023 10:00am, by Michael Schmid
How Generative AI Can Support DevOps and SRE Workflows
Sep 28th 2023 7:00am, by Kevin Casey
NoSQL Data Modeling Mistakes that Ruin Performance
Sep 27th 2023 9:00am, by Felipe Cardeneti Mendes
Engineer’s Guide to Cloud Cost Optimization: Prioritize Cloud Rate Optimization
Sep 27th 2023 8:00am, by Steven O'Dwyer and Matt Stellpflug
The Pillars of Platform Engineering: Part 6 — Observability
Sep 27th 2023 6:12am, by Michael Fonseca
Demo: How Codefresh and Its Argo Core Improve Security
Sep 29th 2023 4:00am, by Heather Joslyn
Dev News: Svelte 5, AI Bot for Android Studio, and GitHub Tools
Sep 23rd 2023 4:00am, by Loraine Lawson
The 6 Pillars of Platform Engineering: Part 2 — CI/CD & VCS Pipeline
Sep 21st 2023 8:07am, by Michael Fonseca
CloudBees Scales Jenkins, Redefines DevSecOps
Sep 21st 2023 5:00am, by Darryl K. Taft
Lessons IT Can Steal from Hackers
Aug 31st 2023 3:00am, by Loraine Lawson
Why Cloud Native Expertise Is so Hard to Hire for, and What to Do Instead
Sep 29th 2023 10:00am, by Michael Schmid
Bad Documentation, Bad Documentation
Sep 29th 2023 3:00am, by B. Cameron Gain
How Listening to the Customer Can Boost Innovation
Sep 28th 2023 8:54am, by Sean Scott
What Happens When 116 Makers Reimagine the Clock?
Sep 24th 2023 6:00am, by David Cassel
Open Source Can Deflate the 'Threat' of AI 
Sep 22nd 2023 6:44am, by B. Cameron Gain
How We Built the New JSON API for Cassandra and Astra DB
Sep 29th 2023 9:01am, by Jeff Carpenter and Aaron Morton
Making the Leap: Ops Roles Evolve into Platform Engineers
Sep 29th 2023 8:30am, by Pravanjan Choudhury
Demo: How Codefresh and Its Argo Core Improve Security
Sep 29th 2023 4:00am, by Heather Joslyn
4 Benefits of Choosing a CNAPP for Cloud Security
Sep 28th 2023 11:12am, by Chris Tozzi
How Listening to the Customer Can Boost Innovation
Sep 28th 2023 8:54am, by Sean Scott
What Happens to DevOps When the Kubernetes Adrenaline Rush Ends?
Sep 28th 2023 8:05am, by Martin Thwaites
A Microservices Outcome: Testing Boomed
Sep 15th 2023 11:15am, by Alex Williams
Edge AI: How to Make the Magic Happen with Kubernetes
Sep 14th 2023 4:00am, by Saad Malik
WebAssembly Reaches a Cloud Native Milestone
Sep 11th 2023 7:50am, by B. Cameron Gain
Kubernetes Building Blocks: Nodes, Pods, Clusters
Sep 11th 2023 6:00am, by Robert Kimani
Bad Documentation, Bad Documentation
Sep 29th 2023 3:00am, by B. Cameron Gain
What Happens to DevOps When the Kubernetes Adrenaline Rush Ends?
Sep 28th 2023 8:05am, by Martin Thwaites
Build a Home Internet Speed Test with Grafana and InfluxDB
Sep 19th 2023 9:24am, by Jessica Wachtel
Top Ways to Reduce Your Observability Costs: Part 2
Sep 12th 2023 9:38am, by Amanda Mitchell
Next-Gen Observability: Monitoring and Analytics in Platform Engineering
Sep 12th 2023 4:00am, by Robert Kimani
Kubernetes 1.28 Accommodates the Service Mesh, Sudden Outages
Aug 18th 2023 10:08am, by Joab Jackson
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Cloud Native Ecosystem / Security

Jetstack Helps Turn Security Policies into Actions

Jetstack, a cloud native security company, has released its Jetstack software supply chain toolkit -- a comprehensive, web-based interactive program for securing software supply chains.
May 24th, 2022 11:00am by
Featued image for: Jetstack Helps Turn Security Policies into Actions
Featured image by Good Ideas from Pixabay.

VALENCIA, Spain — Unless you’ve been hiding out under a rock, you know securing the software supply chain has become security’s job number one. From SolarWinds, Codecov, and Kaseya, to name but a few, the last few years were bad ones for software supply chain security. As a result, there have been many documents and frameworks laying out the best practices for securing the supply chain.

There was only one little problem: How do you take all these policy suggestions and turn them into a plan for concrete action. The cloud native security company Jetstack has an answer: The Jetstack software supply chain toolkit.

Recommendations-Based

This web-based interactive program takes the recommendations from the following seminal software supply chain security documents:

And turns them into actionable suggestions.

Specifically, it breaks these down into four key areas: Build pipelines, source code, provenance, and deployment. It then takes these recommendations and adds insights on priority and complexity along with links to the original open source toolsets that can help with that specific recommendation.

Does that sound too simple for you? That this is something you could do yourself? Well, yes you could? But when are you going to do it? Are you security-savvy enough to do it right? Are you sure?

A Range of Controls

As Steve Judd, Jetstack’s senior solutions architect and the toolkit developer said, “Solving these challenges requires going through a whole range of controls that go well beyond a software bill of materials (SBOMs), which is just one of the 54 recommendations.” Jetstack is doing the cloud native community a world of good by offering this service.

As Jetstack CTO and founder, Matt Barker told me at KubeCon Europe, “It lets you take these recommendations and make them actionable. It also prioritizes them by which ones should take the higher priority with the lowest effort to fix.”

“With this,” Barker continued, “you can get started on securing your supply chain. You can get on the ladder. It takes a huge effort to really secure your software supply chain but with this, you can do something today.”

He’s right. You can. And the sooner you get started on it, the better. Just ask Solarwinds if you doubt this.

Group Created with Sketch.
Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting-edge PC operating system, 300bps was a fast internet connection, WordStar was the state-of-the-art word processor, and we liked it.
Read more from Steven J. Vaughan-Nichols
SHARE THIS STORY
RELATED STORIES
How SaaS Companies Can Monetize Generative AI How to Give Developers Cloud Security Tools They'll Love 3 Ways Traditional APM Systems Hinder Modern Observability  Kubernetes 1.28 Accommodates the Service Mesh, Sudden Outages Why Cloud Native Expertise Is so Hard to Hire for, and What to Do Instead
TNS owner Insight Partners is an investor in: Kaseya.
RELATED STORIES
Is Policy as Code the Cure for Multicloud Config Chaos? Common Cloud Misconfigurations That Lead to Data Breaches Why Cloud Native Expertise Is so Hard to Hire for, and What to Do Instead Next-Gen Observability: Monitoring and Analytics in Platform Engineering Setting up Multicluster Service Mesh with Rafay CLI
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.