10/28/2020 Johannes Schnatterer in Software Craftsmanship
Pod Security Policies (PSP) allow to use cluster wide settings that are used for all new containers. In comparison to the Security Context, the usage of PSPs not as easy, but especially for large organizations with large clusters it can be beneficial to use them, because they reduce the necessity for manual configuration.
Read more09/30/2020 Johannes Schnatterer in Software Craftsmanship
Pod Security Policies (PSP) allow to use cluster wide settings that are used for all new containers. In comparison to the Security Context, the usage of PSPs not as easy, but especially for large organizations with large clusters it can be beneficial to use them, because they reduce the necessity for manual configuration.
Read more05/20/2020 Johannes Schnatterer in Software Craftsmanship
A container is basically a normal Linux process that runs isolated from the rest of the system via certain kernel components. This makes containers lighter but more vulnerable than virtual machines (VMs). To reduce this vulnerability to attack, the container runtimes offer a variety of settings whose default values strike a compromise between usability and security.
Read more03/17/2020 Johannes Schnatterer in Software Craftsmanship
The virtual construct of a “container” is a normal Linux process at its core that largely runs in isolation from the rest of the system using certain kernel components. This makes containers lighter but more vulnerable than virtual machines (VMs). To reduce this vulnerability to attack, the container runtimes offer a variety of settings whose default values strike a compromise between usability and security.
Read more01/20/2020 Johannes Schnatterer in Software Craftsmanship
In a Kubernetes cluster, everything (nodes, pods, Kubelets, etc.) can communicate with each other by default. If an attacker succeeds in exploiting a security vulnerability in one of the applications, he can easily expand his attack to all underlying systems in the same cluster. You can restrict this vulnerability using the on-board network policy features found in Kubernetes.
Read more10/29/2019 Johannes Schnatterer in Software Craftsmanship
If you deploy applications on a managed Kubernetes cluster, operations is responsible for security, right? Not really! Even though Kubernetes abstracts from hardware, its API offers many possibilities for developers to improve security for the applications that are operated on it, by not just using the default settings. This post explains for which attack vectors network policies can offer protection and it will also show pragmatic good practices based on practical examples.
Read more05/09/2019 Johannes Schnatterer in Software Craftsmanship
In order to meet the growing demand to release new features at an increasingly faster pace, these features must be implemented faster and faster. But that's just one side of the coin. After all, these features have to be put into production as well. Often, deployments are made manually and prone to errors. They tie up resources, and they may take a long time. The solution is complete automation, which is called Continuous Delivery.
Read more10/01/2018 Sebastian Sdorra in Software Craftsmanship
In the third and final blog post of this series, we will demonstrate how you can generate source code with the help of an annotation processor, while in the intro part we have learned how to write, register and use a simple Annotation Processor and in the second part we created configurations.
Read more08/06/2018 Sebastian Sdorra in Software Craftsmanship
In the second section, we would like to focus on generating configuration files for a simple plugin library. To do this, we will write an annotation processor that exports all classes which are annotated with an `@Extension` annotation to an XML file. In addition to the full name of the class, the Javadoc for the class is also written to the XML file. Additionally, we will write a class that allows us to read these files from the classpath.
Read more07/13/2018 Johannes Schnatterer in Software Craftsmanship
Jenkins Pipelines were subject to three former blog posts. This last part one is dedicated to the integration of SonarQube, Kubernetes and CD on other platforms.
Read more06/15/2018 Sebastian Sdorra in Software Craftsmanship
Java annotation processors are a very powerful tool in a developer’s toolkit. They can be used for many things, such as logging information during the build, aborting a build with an error message, creating configurations and documentation, altering classes or creating new classes.
Read more05/24/2018 Johannes Schnatterer in Software Craftsmanship
After the first two parts of this series discuss the basics and the performance of Jenkins Pipelines, this article describes useful tools and methods: Shared libraries allow for reuse for different jobs and unit testing of the Pipeline code. In addition, the use of containers with Docker© offers advantages when used in Jenkins Pipelines.
Read more05/02/2018 Johannes Schnatterer in Software Craftsmanship
If you’ve ever used a conventional CI tool to set up a Continuous Delivery pipeline by chaining individual jobs without any direct pipeline support, then you’ll know just how complicated this can get. In this article series, we’ll explain how a pipeline can be defined as code in a central location using the Jenkins pipeline plugin. In the first part of this article series, we’ll take a look at the basics and share some practical tips for getting started.
Read more04/19/2018 Johannes Schnatterer in Software Craftsmanship
If you’ve ever used a conventional CI tool to set up a Continuous Delivery pipeline by chaining individual jobs without any direct pipeline support, then you’ll know just how complicated this can get. In this article series, we’ll explain how a pipeline can be defined as code in a central location using the Jenkins pipeline plugin. In the first part of this article series, we’ll take a look at the basics and share some practical tips for getting started.
Read more04/28/2015 Daniel Huchthausen in Software Craftsmanship
Use SCM-Manager Universe to implement an automated release-management for your projects. You can do that by using Jenkins and Sonatype Nexus. In this post we will show the necessary configuration for Maven projects with an automated deploy of snapshots and release of new versions.
Read more04/01/2014 Daniel Huchthausen in Software Craftsmanship
In our support work of the recent past we saw that the topic of SVN repository synchronization seems to be a current issue. Therefore we want to show you how you can implement a master/slave server structure for load balancing. Slave servers are used for read operations and the master for write operations.
Read more12/06/2013 Daniel Huchthausen in Software Craftsmanship
After you downloaded SCM-Manager Universe the permission management for the development tools is based on individual user permissions. Since there seems to be a great interest in using group based permission management we want to show you how. We will show which modifications you have to perform in the tools and how you can handle groups.
Read more
