background preloader

EHDevOps

Facebook Twitter

Managing Security. A cross site request forgery (or CSRF/XSRF) is an exploit that enables an unauthorized third party to perform requests against a web application by impersonating another, authenticated, user.

Managing Security

In the context of a Jenkins environment, a CSRF attack could allow an malicious actor to delete projects, alter builds, or modify Jenkins' system configuration. To guard against this class of vulnerabilities, CSRF protection has been enabled by default with all Jenkins versions since 2.0. When the option is enabled, Jenkins will check for a CSRF token, or "crumb", on any request that may change data in the Jenkins environment. This includes any form submission and calls to the remote API, including those using "Basic" authentication.

Python

How To Install Python, pip, and virtualenv on Windows with PowerShell. If you do any Python development, you’ll probably run into an awful lot of package installation instructions that read: To install, use pip: pip install engineer Now, that’s all fine and dandy, but what is pip?

How To Install Python, pip, and virtualenv on Windows with PowerShell

And what is this virtualenv thing people keep telling me I should use? If you’re new to Python, getting up and running with pip and virtualenv can be a challenge, especially on Windows. Many guides I’ve seen out there assume either a) you’re working on Linux or UNIX or b) you already have pip/setuptools installed, or you know how to install packages and manage virtualenv. Version Control with Git. Home // Think Like (a) Git.

K8

Sysadmin. Systemd for Administrators, Part IX. Error 500 on GitLab.com - General - GitLab Forum. JenkinsVsUCD. GilabVsJenkins. Blog post series: GitLab CI vs Travis. Before I write I should go back and try Jenkinsfiles, as I'm not competent to talk with authority on how hard Jenkinsfiles are.

Blog post series: GitLab CI vs Travis

I do not actually loathe Jenkins at all. I like it a lot. It is what it is. But when you get how much setup Gitlab CI removes from you, you will love Gitlab CI even more than you might currently. MTS. Learning Journey When I look at the case study text I see that it has the feeling of the journey of a learning org, and of people learning how to change, and why.

MTS

So, read and enjoy the story of how courageous people started their never ending journey of learning. Before the Journey. Baby Steps in Continuous Delivery for Salesforce - Slalom Technology - Medium. Whether it’s a point-and-click configuration or a line of code, anyone’s work should always be checked by someone else.

Baby Steps in Continuous Delivery for Salesforce - Slalom Technology - Medium

To this extent, nearly all source control tools include the concept of a code review in order to have others validate what is being saved. Using Bitbucket as an example, Brianna can prevent any more blunders by requiring Jake to create a pull request any time he wants to change something in the source. From this request, she can easily see what Jake changed and leave comments directly on the component or line that may look wrong. Once the back and forth is complete and Brianna leaves her “LGTM”, only then can Jake deploy his work to production. Level 4: A requirement appears! In addition to the CLI referenced above, the ability to quickly spin up an environment for any purpose was a significant new feature delivered with Salesforce DX.

GitBranch

How to Create Your Own SSL Certificate Authority for Local HTTPS Development. In my last article I described how to generate your own self-signed SSL certificates and add them to macOS Keychain so that your browser doesn’t give you a privacy error.

How to Create Your Own SSL Certificate Authority for Local HTTPS Development

Git lesson using worksheets. Continuous integration in Salesforce Using Jenkins and Git. As your Salesforce Organization undergoes heavy customization and frequent builds, moving changes from one Sandbox to other sandboxes starts taking longer time and effort.

Continuous integration in Salesforce Using Jenkins and Git

Also, in normal Salesforce project, there are chances that you will have minimum three sandboxes likely Developer Sandbox, QA Sandbox and UAT Sandbox. After some time you will be in need of some solution which can reduce your effort. Almost 5 years back, when I was working on .net along with Salesforce, I posted article on Continuous Integration of ASP.net and subversion as a code management with MSBuild on code project. This time its Salesforce using Jenkins. In this article I will walk through solution of above problem using Jenkins. Commerce Cloud Infocenter. The Three Infrastructure Mistakes Your Company Must Not Make. When Avi Freedman was getting ready to graduate Temple University in 1992, there was no way to buy internet service in Philadelphia.

The Three Infrastructure Mistakes Your Company Must Not Make

Literally. If you wanted to send someone money to get a dial-up account, there was nobody to send it to. But Freedman had already been running public access Unix machines and letting people he knew log into them. What is the Architecture Review Board (ARB)? - IS&T Contributions - Hermes. Purpose The Architecture Review Board (ARB) serves as a governance body ensuring IT initiatives align with Ecosystem Architecture and ultimately align with MIT IT goals, strategies, and objectives.

What is the Architecture Review Board (ARB)? - IS&T Contributions - Hermes

The ARB’s purpose is to improve the quality of IS&T Products. The Architecture Review Board (ARB) defines appropriate IT strategies and ensures development alignment with those strategies. Itorg aligns people processes jsimon. Arb 3c perspective. A successful Git branching model » nvie.com. Note of reflection (March 5, 2020)This model was conceived in 2010, now more than 10 years ago, and not very long after Git itself came into being.

A successful Git branching model » nvie.com

In those 10 years, git-flow (the branching model laid out in this article) has become hugely popular in many a software team to the point where people have started treating it like a standard of sorts — but unfortunately also as a dogma or panacea.During those 10 years, Git itself has taken the world by a storm, and the most popular type of software that is being developed with Git is shifting more towards web apps — at least in my filter bubble. Web apps are typically continuously delivered, not rolled back, and you don't have to support multiple versions of the software running in the wild.This is not the class of software that I had in mind when I wrote the blog post 10 years ago. CleanTDD2015. (22) Enforce quality gates using SonarQube and Jenkins. Quality gates in Continuous Integration and Deploy - Ask CloudBees. Quality Gates — A must have thing for the code analysis process. Before we introduce Quality Gates, let’s understand the code analysis process code analysis is an important and necessary item in the agile product development cycle.

It should be used to detect any possible failures and defects arising out of the continuous changes in the source codes. There are a few good reasons why this should be included in the development lifecycle. It helps in detecting areas in the code that needs refactoring or simplification.It can help to find the bug early in the development cycle, which means less cost to fix them.Overall improvement in the quality of the code.We can define project specific rules which will then be implemented without manual intervention. More importantly, you can include this within the build process once and use it always without doing anything manually. Problem Statement Now let’s talk about the actual problem. sonarqube which is a code analysis tool, helps us gain visibility into our code base.

DevOps Pipeline Quality Gates: A Double-Edged Sword. There has been much discussion about the many benefits of "moving testing left," and our experts will tell you that doing so by having automated testing (Quality Gates) integrated into your build pipelines is a critical success factor for the rapid build and deploy process automation necessary to truly reap the benefits of Agile. That said, there are significant costs to the organization for implementing automated Quality Gates, which must be weighed carefully and optimized to retain positive Return On Investment (ROI) for the implementation. Quality Gates are based upon the stage-gate system initially presented in 1986 and originally applied to quality control processes in the automotive industry.

The concept is simple: you have tests, or gates, that validate each step in your overall process. Migrate TFS to Git — Xebia Blog.