4 methods to build strong open source DevOps toolsets • TechCrunch


DevOps methodology It’s becoming mainstream for good reason: 99% of professionals say it has positively impacted their organization.

While DevOps is a leading way of collaboration, much of it is shaped by tools. And many popular DevOps tools like Prometheus, Argo, Grafana, KubeFlow and Jenkins are open source software (OSS).

Assembling an OSS DevOps Toolset when using OSS—an average of 15 tools per company—is not without its challenges. Let’s take a look at what these obstacles are and how to overcome them.

Select active, supported projects

Before adding an OSS project to your DevOps toolkit, be sure to do a full audit: How many contributors does the project have? Are they individuals or organizations? How quickly are cases resolved? Is their community forum or Slack active?

This will give you a picture of the overall activity and health of the project.

Remember that while the software is free, operating costs are always real.

Even established OSS projects can be vulnerable. For example, logging tool Log4j has been in murky waters since last year. Several serious security breaches have been discovered and the community has taken time to develop security measures.

These patches themselves unfortunately introduced new security vulnerabilities. And since the tool is embedded in many parts of the software stack, fixing problems is a difficult task. For smaller organizations with small IT budgets or no exposure to security issues, the fix may not happen at all. The situation is so bad that the FTC steps in and starts issuing penalties.

Choosing projects supported by OSS leaders such as CNCF and the Apache foundation is another good indicator. These organizations conduct security audits on the projects they support, and ensure they reach a maturity level based on broad, clear criteria.



Source link

Related posts

Leave a Comment

14 + 3 =