Will JavaScript type annotations kill TypeScript?
The creators of Svelte and Turbo 8 both dropped TS recently saying that "it's not worth it".
Yes: If JavaScript gets type annotations then there's no reason for TypeScript to exist.
No: TypeScript remains the best language for structuring large enterprise applications.
TBD: The existing user base and its corpensource owner means that TypeScript isn’t likely to reach EOL without a putting up a fight.
I hope they both die. I mean, if you really need strong types in the browser then you could leverage WASM and use a real programming language.
I don’t know and I don’t care.
CI/CD / Security

Add It Up: Integrating Security into the Development Pipeline

DevOps teams are more likely to have security tools properly integrated in their development pipeline, but many still struggle to do it well.
Apr 30th, 2020 11:27am by
Featued image for: Add It Up: Integrating Security into the Development Pipeline

Integrating security tools within development pipelines continues to be challenging. Less than 60% of companies with mature DevOps practices have correctly integrated the average security tool, according to the 2020 DevSecOps Community Survey. The actual figures drop dramatically from there; companies that haven’t embraced the DevOps mantra of cross-team communication are often twice as likely to not have security tools properly integrated.

Not all of the tools in this chart have to be integrated into every stage of the SDLC.

If there wasn’t a cost involved, DevOps pros would integrate anything and everything they can into their pipeline. In a recent conversation with Derek Weeks, from DevOps automation company Sonatype, he explained: “If you integrate something in that’s going to take two hours to analyze and yet you’re releasing every hour, no one wants that tax.” Consequently, developers will find a workaround to the integrated tool.

By their very nature, software composition analysis and container security tools need to be integrated into CI/CD pipelines. Their effectiveness depends on the degree to which they are automated and buy-in form all relevant stakeholders. To better understand this subject, we’ve are asking readers to participate in a one-minute poll about security in CI/CD pipelines.

Feature image via Pixabay.

Sonatype is a sponsor of The New Stack.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: The New Stack.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.