Kubernetes and Platform Engineering Ramblings
The evolution of developer platforms has always been about providing the right abstractions at the right time. But what if your platform could not just serve humans through beautiful UIs, but also empower AI agents to interact with your business logic in a standardized, secure way? This is the promise of Backstage’s recent integration with …
One of the biggest challenges in the industry as a whole and in the DevOps world today in particular is vulnerability management. As we in the industry are trying to implement better security practices and to evolve the secure software supply chain whether by choice or by necessity due to governmental or industry regulations and …
Continue reading "Shift Down Security with KubeScape’s VEX Generation"
One of the things I have a huge issue with in the industry today, is the insistence on pushing a shift left approach. According to the CNCF glossary, Shift Left is the practice of implementing tests, security, or other development practices early in the software development lifecycle rather than towards the end. While this sounds …
Continue reading "Stop Shifting Left, Shift Down to your platform"
Recently a colleague of mine wrote 2 great blog posts (blog-1, blog-2) regarding configuration of TAP to issue certificates signed by ADCS. The solution he documented utilizes Hashicorp Vault as an intermediate CA between cert-manager and ADCS. This approach is a very scalable and simple approach which is very well suited for production setups. The …
Continue reading "Integrating Active Directory CA (ADCS) with TAP"
One of the great features in TAP Developer Portal (previously TAP GUI) since the initial release, has been the app live view plugin, which can help visualize actuator data from spring based java applications as well as steeltoe based dotnet core applications. In TAP 1.6, Application Live View (ALV) has been enhanced with 2 key …
In TAP 1.5, a new installation model was introduced based on a GitOps model, utilizing the Carvel toolset under the hood, to power it all. With TAP 1.6, beyond overall bug fixes, and nice changes to the overall UX of the GitOps Installation method, a really key feature that has been added, is the integration …
Managing SSO for applications is a complex task, and since TAP 1.4, we have had a great feature called AppSSO, which is aimed at helping make the story of SSO integration much easier for developers and operators. In TAP 1.6, a major effort was put into AppSSO to make it even more streamlined, and simple …
The Metadata Store has been a key element in a secure supply chain within TAP since the GA of TAP, and it provides a central location where all CVE data and SBOMs are stored for our source code and images. In TAP 1.6, we get a great new set of functionality in the metadata store, …
TAP has many features which help with securing our software supply chain. One of the key elements of security is obviously source code and image scanning which TAP has had since GA, but as we all know, finding the vulnerabilities is one thing, but how to triage these found vulnerabilities is an entire beast in …
The new scanning model "Supply Chain Security Tools - Scan 2.0" which was introduced back in TAP 1.5, now includes some great new improvements, and has been promoted from Alpha to Beta! The new model, is much easier to extend and customize to your own organizations needs, and is built with a more scalable and …