Terms like DevOps or DevSecOps have become an integral part of our industry. In other words, agile software development that is focused on security is one of the most important approaches to modern development. Or is it?
Read moreThese are exciting times, with digital transformation bringing new disruptive technologies that impact the way we work, sleep, eat and how we spend our personal time. For developers, this fast paced world offers plenty of opportunity to be part of something great. The chance to make their mark on a project that would affect others for decades to come. But as these new opportunities emerge, so do new risks.
Read moreIf you have installed SCM-Manager before, you may have noticed how simple and small it is compared to other source control management solutions. One main reason for this is that tons of features are excluded from your default installation and can be easily added as plugins. But the currently available plugins are just the tip of the iceberg as you can simply write your own plugins using the powerful plugin API.
Read moreThe world’s reliance on software is already great and will continue to grow. That's why the security of applications will also become increasingly important. This development is further reinforced by the global pandemic, as more businesses and services have increased their online availability. The U.S. Federal Bureau of Investigation (FBI), for example, has reported a 300% increase in cybercrime since the beginning of the pandemic: This shows that with the growing reliance on software and applications, the risk of attacks is also increasing.
Read moreThe principle of good software is to present as many complex relationships as possible in an easily understandable way. Thus, our Cloudogu EcoSystem (CES) looks pretty simple even though it hides extensive operations under the surface. Nevertheless, the CES provides a surprising number of user interfaces. Even though we observe usability conventions to the best of our ability, yet some functionality requires explanation. Therefore, we decided to build a comprehensive, public documentation and guide as docs.cloudogu.com.
Read moreThe regularity of media reports on cyberattacks shows that security is, or should be, a key issue for software development teams these days. Learning methods like micro-learning and gamification help to raise awareness and knowledge about security issues. The new Secure Code Warrior plugin for SCM-Manager integrates these approaches into the review process.
Read moreIs the hype around DevOps justified? Dr. Peer Faßnacht, Head of Customer Services at Cloudogu GmbH, says "yes" – if a few prerequisites are met. Read the interview with the magazine "IT Mittelstand" here.
Read moreContinuous delivery (CD) is an agile software development approach that has proven to be a suitable way to reliably and repeatably produce high-quality software in short cycles. The use of containers and the cloud, e.g., on platforms such as Kubernetes (K8s), offers many opportunities to make CD processes more robust and simpler. One such option is GitOps. This article provides some concrete examples to illustrate the differences between classic CD pipelines (CIOps) and GitOps processes.
Read moreIf you want to switch from classic CI/CD environments to GitOps, then you can choose from any of a large number of available tools. However, it is not always easy to tell which features they support and how suitable they are for your project at first glance. Help in making a decision.
Read morePrototyping is a great way to get an impression of how a product or idea could look like. In manufacturing you can use e.g. 3D printers to create prototypes. In software development you still have to code but you can apply different principles compared to developing a "real" product. We want to give a short introduction into software prototyping, because it can help you to develop better software, faster.
Read moreDevOps combines previously assigned tasks and roles at a company on the basis of agile working methods, automation and cross-functional cooperation in order to create a common basis for value creation. This post describes the phases and processes of this so-calles “DevOps life cycle“.
Read moreEvent storming is an interactive, group-based, dynamic brainstorming method based on the ideas of domain-driven design. The method calls for experts, developers, stakeholders, and customers to come together and jointly articulate a large picture of a business process and through the process of lively discussions arrive at a common language and common understanding.
Read moreShortly after you first start learning about DevOps, it becomes clear that there is no single clear definition of the term. It is not, as is often assumed, a tool or a programming language. Rather, to put it in a nutshell, it is a collection of procedures, practices, and methods to deliver new software features faster. The aim is therefore to shorten the time from the idea phase to publication in order to create satisfied customers.
Read moreince companies have very different requirements when it comes to data security, maintenance costs, security, legal compliance, etc., various cloud models have been developed. A basic distinction is made among “public”, “private” and “hybrid” cloud architectures.
Read morePod Security Policies (PSP) allow to use cluster wide settings that are used for all new containers. In comparison to the Security Context, the usage of PSPs not as easy, but especially for large organizations with large clusters it can be beneficial to use them, because they reduce the necessity for manual configuration.
Read morePod Security Policies (PSP) allow to use cluster wide settings that are used for all new containers. In comparison to the Security Context, the usage of PSPs not as easy, but especially for large organizations with large clusters it can be beneficial to use them, because they reduce the necessity for manual configuration.
Read moreDuring the last years it became common to use agile methods in software development. The most widespread ones are Scrum and Kanban. The 2020 "State of Agile" survey found that a vast majority of companies (~65%) uses Scrum or Scrum hybrids. The second place is held by Kanban and "Scrumban" with about 15%. That is why we want to compare those two methodologies.
Read moreWith the Cloudogu EcoSystem you can easily and efficiently create backups for your entire toolchain, without any additional work. The backup and restore Dogu secures the data of your tools and allows you to easily restore it in case you need to.
Read moreOn July 17th the Digital Transformation Forum took place for the very first time. In 18 sessions, the almost 100 participants had the chance to get a taste of, learn about and swap ideas on the versatile topics of the digital transformation. The goal of the event was to offer impulses, exchange and visions for the digital transformation of companies.
Read moreThe general challenges of working from home and beyond seem to have been considered in detail from all perspectives. That's why in this post we will focus on how to use the Scrum method for remote work based on the example of our company’s experience. Thus, the article will be very concrete and hands-on: How does Cloudogu address the issue?
Read moreThe team here at Cloudogu has also been put to the test by the outbreak of the Coronavirus pandemic and the changes that have come with it. The company implemented its first set of sanitation measures in the early days of March. We made employees aware of the situation and distributed disinfectants to them. Everything seemed a bit surreal. But then everything happened very quickly.
Read moreA container is basically a normal Linux process that runs isolated from the rest of the system via certain kernel components. This makes containers lighter but more vulnerable than virtual machines (VMs). To reduce this vulnerability to attack, the container runtimes offer a variety of settings whose default values strike a compromise between usability and security.
Read moreYou can find out here how Clean Code Development can help you and what hurdles the integration of the approach entails in everyday life
Read moreWhenever you start a project, the first step is to find out the initial requirements. Sometimes there is already a detailed functional concept, sometimes just a vague idea. The importatnt thing is that the requirements are explicit so that the final product will be able to meet them. If requriements are vague it is hard to be sure that they are being met.
Read moreWe are happy to announce that the Cloudogu GmbH is now officially the owner of the SCM-Manager project. This step is the consequent development of the cooperation between Cloudogu and SCM-Manager.
Read moreSince compliance is about adhering to regulations of any kind, this is very complex and individual issue. That's why this post will be dealing with a very specific topic: the deletion of data when the contract ends. In B2B software development, it is customary for contracts to contain a clause on the delivery or destruction of all records and documents related to the project.
Read moreThe virtual construct of a “container” is a normal Linux process at its core that largely runs in isolation from the rest of the system using certain kernel components. This makes containers lighter but more vulnerable than virtual machines (VMs). To reduce this vulnerability to attack, the container runtimes offer a variety of settings whose default values strike a compromise between usability and security.
Read moreThe first part of this series demonstrated the use cases and benefits of delivering presentations with reveal.js. They are Docs As Code, and therefore they can be subjected to versioning management and of course delivered via Continuous Delivery. Furthermore, we demonstrate how the Jenkins pipelines can be used to deploy to GitHub Pages using a model concrete implementation. This article demonstrates additional alternatives for deployment (Sonatype Nexus and Kubernetes), while the general structure of the `Jenkinsfile` remains the same.
Read moreIn a Kubernetes cluster, everything (nodes, pods, Kubelets, etc.) can communicate with each other by default. If an attacker succeeds in exploiting a security vulnerability in one of the applications, he can easily expand his attack to all underlying systems in the same cluster. You can restrict this vulnerability using the on-board network policy features found in Kubernetes.
Read moreAre you a scrum master, manager, or employee in the middle of a transformation process? Do you want to avoid uncertainties in the distribution of roles and responsibilities, for instance? Then this blog series is just the thing for everyday work facilitators!
Read moreIn the first part of this article series, we described how you can easily and quickly make backups using containers with Restic. However, backing up data is not an end in itself. Rather, it is about recovering data if the backed-up system fails. This article is dedicated to this aspect of backup, which is just as simple when using Docker as recovering your previous backup. Finally, we will also cover how to delete backups if you run out of storage space.
Read moreIf you deploy applications on a managed Kubernetes cluster, operations is responsible for security, right? Not really! Even though Kubernetes abstracts from hardware, its API offers many possibilities for developers to improve security for the applications that are operated on it, by not just using the default settings. This post explains for which attack vectors network policies can offer protection and it will also show pragmatic good practices based on practical examples.
Read moreThe Java Forum Nord 2019 on September 24th 2019 attracted numerous developers and Java experts to Hanover, Germany. Our impressions.
Read moreReveal.js allows software developers to use web technologies (HTML, CSS, JavaScript) to deploy slides for presentations and to display them in the browser. This eliminates the dreaded mouse-driven excursion into the world of PowerPoint/Impress, with its incompatibilities between Microsoft Office, Libre/OpenOffice, problems with Linux, and exclusive access requirements to make editing changes.
Read moreIt is curious that in the field of software development, in which developers create something new every day, the "never change a running system" approach is very widely followed when it comes to the underlying toolchain. Downtime is too expensive, whether something goes wrong when updating an important system and the developers are unable to work for some period of time or if even the most recent work status is lost. This post compares the required effort for the installation and the operation of a toolchain for three different scenarios.
Read moreIn more than 200 talks by more than 150 experts, the participants could choose between news and innovations in the subjects web, desktop and mobile applications including technologies like .NET, Java, Python, machine learning and JavaScript.
Read moreThe word "data backup" does not invoke much cheering and rejoicing for many parties involved. This series of articles about the "restic" software package shows that this does not have to be the case. Restic simplifies many aspects of backup and restore to a great enough extent that you can focus on the most essential part: The underlying system structure. This article describes how to configure restic and back up data.
Read moreIn order to meet the growing demand to release new features at an increasingly faster pace, these features must be implemented faster and faster. But that's just one side of the coin. After all, these features have to be put into production as well. Often, deployments are made manually and prone to errors. They tie up resources, and they may take a long time. The solution is complete automation, which is called Continuous Delivery.
Read moreSince our last update of the development of SCM-Manager v2 we've spent most of our time with the migration of plugins and main features, but we've also implemented some new features.
Read moreCloudogu CEO Thomas Grosser was interviewed by the magazine "Informatik Aktuell". Read the complete interview in German on the Informatik Aktuell website.
To the interview on Informatik AktuellCloudogu EcoSystem is an extremely efficient way to operate a software development infrastructure. Nevertheless, there are scenarios where it might make sense to separate projects into individual instances of the Cloudogu EcoSystem.
Read moreA recent study shows where DevOps currently stands and which hurdles are still to be taken. How we tackle the issue, you'll learn in our blog post.
Read moreKubernetes is one of the hottest topics these days in the world of software development. Why is this the case and why is Kubernetes not just another technology that will soon be forgotten again anyway? In this post, we will answer these questions.
Read moreWith Christmas right in front of our doorstep, we feel like it is time to provide another update about the development of SCM-Manager 2, because there have been many changes since the last post.
Read moreNot long ago, we released a new version of our wiki » Smeagol«. The differences might seem to be a lot on the outside, but you could say that we changed almost everything » under the hood«.
Read moreSome time ago, we announced that we would keep you posted about the latest development. Of course we want to keep our promise and that is why we are now posting the first update about the latest changes.
Read moreIn the third and final blog post of this series, we will demonstrate how you can generate source code with the help of an annotation processor, while in the intro part we have learned how to write, register and use a simple Annotation Processor and in the second part we created configurations.
Read moreEver since the Cloudogu project has started, we were closely connected to Open Source. This connection is based on our strong believe that Open Source is the best way to develop software.
Read moreThe annual » Java Forum Nord« took place on September 13th 2018 and Cloudogu was there for the first time. In addition to our Gold-Partner sponsoring, 5 of our team members were in Hannover, but not just as guests; Oliver is involved with the organizing committee of the conference.
Read moreIn an economy that is shaped by applications, software development teams face the challenge to release new versions faster, improve the quality and to expedite innovation.
Read moreIn the second section, we would like to focus on generating configuration files for a simple plugin library. To do this, we will write an annotation processor that exports all classes which are annotated with an `@Extension` annotation to an XML file. In addition to the full name of the class, the Javadoc for the class is also written to the XML file. Additionally, we will write a class that allows us to read these files from the classpath.
Read moreJenkins Pipelines were subject to three former blog posts. This last part one is dedicated to the integration of SonarQube, Kubernetes and CD on other platforms.
Read moreJava annotation processors are a very powerful tool in a developer’s toolkit. They can be used for many things, such as logging information during the build, aborting a build with an error message, creating configurations and documentation, altering classes or creating new classes.
Read moreDue to the recent announcement of the acquisition of GitHub by Microsoft and the (sometimes very emotional) discussions about possible ramifications, it becomes obvious that people, teams or companies use services like GitHub for many different reasons. That is because they all have different prerequisites and requirements. GitHub hosts code for 100% Open Source developers as well as for companies with private repositories only and everything in between.
Read moreAfter the first two parts of this series discuss the basics and the performance of Jenkins Pipelines, this article describes useful tools and methods: Shared libraries allow for reuse for different jobs and unit testing of the Pipeline code. In addition, the use of containers with Docker© offers advantages when used in Jenkins Pipelines.
Read moreIn software development it is crucial to share information; no matter what kind of information. Whether it is about technical or functions details or about requirements; good knowledge management helps you to focus on your work and to prevent mistakes. Probably you know this first hand: it is easy to start documenting something, but the difficult part is to keep it consistent, in a central location and up to date. Once a project has been running for some time you often spend quite some time to search folders for some specific document or you create new documents, because you didn’t know there was already a similar one.
Read moreIf you’ve ever used a conventional CI tool to set up a Continuous Delivery pipeline by chaining individual jobs without any direct pipeline support, then you’ll know just how complicated this can get. In this article series, we’ll explain how a pipeline can be defined as code in a central location using the Jenkins pipeline plugin. In the first part of this article series, we’ll take a look at the basics and share some practical tips for getting started.
Read moreEspecially in DevOps-environment like ours, developers are increasingly coming into contact with cryptography. This post layes out practice-oriented fundamentals for everyday development work without diving too far into security-related aspects.
Read moreIf you’ve ever used a conventional CI tool to set up a Continuous Delivery pipeline by chaining individual jobs without any direct pipeline support, then you’ll know just how complicated this can get. In this article series, we’ll explain how a pipeline can be defined as code in a central location using the Jenkins pipeline plugin. In the first part of this article series, we’ll take a look at the basics and share some practical tips for getting started.
Read moreSome time ago we introduced the lean methodology #NoEstimates. We showed the basic principles and how to get started with it. Now, after some time, we want to comment on how to use this approach in reality. The time has come to figure out whether #NoEstimates is applicable in the real world and with real projects and we want to share some tips what you should focus on.
Read moreScrum Masters… What do you need them for? Those guys don’t help to develop the product, they are redundant! Worst case, the Product Owner can do his job! That is what many people think when they learn about the Scrum Master role. The quick answer to that question is simple: The Scrum Master is the guardian of the Scrum process, he keeps everything together. But what does that really mean? That’s what we will find out in this post.
Read moreOver the years we talked a lot about SCM-Manager, but we never officially introduced it as one of the Cloudogu EcoSystem. Since SCM-Manager had its 6th anniversary not long ago, we want to catch up on that.We mentioned SCM-Manager the first time about 4 years ago, when the current version was 1.28. These days version 1.52 was released. That is reason enough to give an update on SCM-Manager, to sum up the changes and improvements that were made in the meantime.
Read moreIf you develop software it is inevitable to test the code that was programmed and there are several different ways to do that. For instance you can automate your tests or execute them manually. No matter how you carry out your tests you have to ensure that you test the right thing and that you test everything that is relevant. That is where test cases and scenarios come into play.
Read moreSCM-Manager can be connected to several issue tracking applications like Bugzilla or JIRA©. The basic functionality of those connections is the same: You can change the status and add comments to issues by using keywords in your commit messages. In this post we will show you how to use the scm-redmine-plugin to connect SCM-Manager to the popular Open Source issue tracker Redmine and thus improve your documentation.
Read moreGauge is a lightweight behavior driven testing framework that allows you to automate end-to-end tests. In this post we will show an example of how to write a test framework with Gauge in Java code. If you want to learn how to install and get started with Gauge, you should read this introductory post from our partner blog.
Read morePrototypes are a great way to get feedback on design ideas and the feasibility of technical solutions. RAD (Rapid Application Development) is a methodology that focuses on starting development asap instead of writing rigorous design specifications. In contrast to the advice from the first post on software prototyping, to never use a prototype in production, RAD does exactly that. That is why we want to take a closer look at it.
Read more#NoEstimates is a lean and agile methodology that focuses on the delivery of customer value. To reach this goal it tries to minimize non-value-creating actions like the estimation of implementation effort for User Stories. In the first part we introduced the basic ideas of the methodology. In this part we want to provide some tips on how you can get started with #NoEstimates.
Read moreIn the » Lean way of thinking« effort to estimate the implementation time for tasks, user stories or features, is waste, because it doesn´t produce value to the customer, it just makes people feel better. Therefore time spent on such activities should be reduced as much as possible. #NoEstimates is an agile methodology that helps you to focus on creating customer value instead of spending time on things that don´t create value.
Read moreIt is already quite common to describe infrastructure in code with e.g. Puppet or Chef. These days there is another option for that: Docker©. Especially for Docker© it is important to keep track of the infrastructure’s configuration, because sources for your containers might have changed or vanished. Therefore you should test your infrastructure to ensure that it is as expected. Serverspec offers you the ability to do exactly that.
Read moreFinding out about all requirements of a product and ensuring their implementation is the key to a happy customer and to satisfied stakeholders. Therefore it is advisable to invest enough time into investigating and finding out about requirements. In the first post about requirements engineering we introduced the "Requirements Traceability Matrix" that allows you to keep track of your requirements. To fill this list with content we now want to take a closer look at possible sources and the classification of requirements.
Read moreSCM-Manager can be connected to several issue tracking applications like Bugzilla, Redmine or JIRA©. The basic functionality of those plugins is all the same: They enable you to change the status and add comments to issues. Beyond that the scm-jira-plugin offers several additional options which we want to explain.
Read moreIn the last post we defined quality as » the degree of conformance to explicit or implicit requirements and expectations« and took a closer look at the different terms of the definition. During this examination it became clear that quality starts with thoroughly defined requirments. In this post we want to go one step further and show which steps can be taken to improve quality.
Read morePeople often talk about high quality software products, but what is that? How can you measure or compare the quality of an application? Let´s take a closer look at this topic and discuss what quality is all about and how it can be improved.
Read moreUsing standardized rollouts for virtual machines in a cloud infrastructure has several benefits in software development to improve your performance. In the first part of our post we introduced the general advantages and explained the basic setup of Terraform. Now we will show you a basic configuration for the infrastructure and access rules that you can use as a basis for your first instances.
Read moreIn software development it is very useful to have the ability to make certain systems available on demand, for example for testing, deployment or additional build servers. The important thing about the systems is that they are available quickly and that their configuration and setup is as expected. One way to achieve this is by implementing automated provisioning of CloudStack instances by using the application Terraform.
Read moreAgile approaches and methodologies are being used more and more, because the benefits of using them can be huge, e.g. improved quality of products. But often an issue arises that makes adopting agile in companies difficult: the contract with the customer. Clients often prefer fixed prices and demand a fixed set of requirements which is totally in contrast with the principles of agile approaches. This prevents that the development team can take advantage of the full potential. Lately, the awareness for this issue rose and efforts for creating contracts that support agile working are undertaken.
Read moreIt is predicted that the cloud market will keep on growing for the next years and that more and more businesses will start moving to the cloud. That's why we want to take a closer look at the pros and cons of this subject, especially focused on advantages and disadvantages for software development with cloud services.
Read moreNexus Repository is a repository manager that serves as a central point for managing binary software components and their dependencies. In Cloudogu EcoSystem we use Nexus in combination with Apache Maven to manage dependencies.
Read moreUse SCM-Manager Universe to implement an automated release-management for your projects. You can do that by using Jenkins and Sonatype Nexus. In this post we will show the necessary configuration for Maven projects with an automated deploy of snapshots and release of new versions.
Read moreAn easy way to implement continuous code inspection to software development projects is by using SonarQube. It offers various code inspection rules for a large number of programming languages. The application can be connected to continuous integration servers like Jenkins, Hudson, Gerrit, Bamboo or TeamCity via plugins. It provides you with a dashboard that tells you about the code quality of your projects. SonarQube is installed and ready to use on Cloudogu EcoSystem.
Read more80% of lifetime costs goes to maintenance and hardly any software is maintained for its whole life by the original author. Therefore it is crucial that code is written in a comprehensible manner. Code conventions help to achieve this.
Read moreDepending on your team size, project structure and requirements, it can be very useful to grant permissions on the basis on groups, not for single users. Using user groups can save a lot of time when setting up a new project, or when a new member joins a team. Therefore we want to show you how you can implement your own groups in SCM-Manager Universe.
Read moreSubsequent to the first part of this post you can improve your code quality by implementing an automated code review system to your projects. You only need to perform a few modifications to SCM-Manager, Jenkins and SonarQube. In the first part of this article we already showed you the necessary configuration of SCM-Manager and Jenkins. Now, in the second part we will show you the necessary modifications to integrate SonarQube to the automated process.
Read moreA good way to improve code quality is to use code review. Often teams recoil from code review because it demands a lot of time. An alternative could be an automated code review system that checks your code for compliance with certain metrics and rules. With the Cloudogu EcoSystem you can implement such a system based on SCM-Manager, Jenkins and SonarQube. In this first part we will show you how to configure SCM-Manager and Jenkins. The second part will be about extending the system by integrating SonarQube.
Read moreIn our support work of the recent past we saw that the topic of SVN repository synchronization seems to be a current issue. Therefore we want to show you how you can implement a master/slave server structure for load balancing. Slave servers are used for read operations and the master for write operations.
Read moreAfter you downloaded SCM-Manager Universe the permission management for the development tools is based on individual user permissions. Since there seems to be a great interest in using group based permission management we want to show you how. We will show which modifications you have to perform in the tools and how you can handle groups.
Read moreWe would like to present Jenkins, a continuous integration tool that is part of the Cloudogu EcoSystem (CES). We will introduce Jenkins and continuous integration in general and special circumstances of Jenkins as part of the CES.
Read moreWhat comes into your mind when you hear » open source«? Do you think about something that came up several years ago, which is now a trend in software development? Or do you think about something that was there from the early days of the computer age, went through a difficult time and is now celebrating a renaissance? In this post we give a condensed overview on the history of open source, its characteristics and a prospect on where it might go.
Read moreNowadays Git and Mercurial are the most often used version control systems. It can be said that they succeeded the former used CVCS in nearly all areas. Nevertheless there is still a loyal user community of Subversion (SVN). Until today older repositories remain of importance. Subversion, is an open source alternative to the well known CVS.
Read moreNowadays developer mostly don´t work only with a text editor but with an integrated development environment (IDE). Luckily nearly every IDE can be connected to the version control system of your choice by plugins. This article deals with MercurialEclipse, which is used to work simple and smart with Mercurial repositories out of the Eclipse environment. To facilitate the start, we will show you the installation of the plugin and introduce you to the first steps of Mercurial in Eclipse. The intention of this article is to enable you to configure Eclipse and to check in and out your code. For those of you who prefer to work with Git, we have another getting started article prepared for you.
Read moreEclipse is one of the widest spread multi-language software development environments (IDE) that has an extensible plugin system to nearly every existing version control system. This article introduces briefly the installation and the usage of EGit as a standard interface connecting Eclipse and Git repositories. Since we do not want to leave out the biggest rival of Git, a second article focusing on MercurialEclipse will follow.
Read moreWith the dawn of DVCS many different systems emerged and their number is increasing. Since the beginning, two major solutions fight for the throne of the "best" DVCS: Mercurial and Git. While both do their job very well there is an almost religious debate which one is THE best.
Read moreNowadays distributed source code management is a must-have tool for every developer and a large number of different implementations compete for attention. So getting started is a complex task. To make the start more easy we want to show you today the development of source code management from centralized to distributed systems and the on top tool SCM-Manager. In following articles we will familiarize you with the different version control systems (VCS) in more depth.
Read moreDo you strive for something smart and efficient to manage source code? You are excited about the great tool, SCM-Manager, but you are not an expert in source code management yet? We will explain you, how to get started with SCM-Manager step by step.
Read moreOpen source an option for my business, too? What advantages does open source have? And where are its limits? Find out about the advantages and disadvantages of open source, and discover the risk-free solution to make open source software useable to your business.
Read more
