devops

Port internal development platform gives visibility into DevOps architecture • ZebethMedia

By zebethcontrolPosted on November 3, 2022Posted in devops, Enterprise, Israeli startups, portNo Comments

In a typical large organization DevOps tasks have become so complex, and involve navigating so many tools, it has become difficult to understand the current state of affairs, and to add resources when needed. It’s gotten to the point where developers often need to submit a ticket, even for a routine operation, which is adding unnecessary friction and slowing down the entire process. Port, an early stage Israeli startup, wants to help by offering a portal of sorts where DevOps engineers can get visibility into the current state of the architecture, while deploying new resources when needed, all from a single window. Traditionally, this kind of functionality was only available to large engineering organizations like Netflix, Spotify and Lyft. Today, Port announced a $7 million seed investment to bring it to the masses. The startup has created what is called an ‘internal development platform’ with the goal of letting both developers and operations get more work done without filing tickets, says Zohar Einy, company co-founder and CEO. “We’ve built this internal development platform that essentially allows engineering to access a single interface that acts as a single pane of glass [for all DevOps information],” Einy said This actually is highly customizable and Port provides the building blocks to create a portal that makes most sense to the customer and their way of working, a lot like the portal building tools from the past, but geared specifically towards DevOps. “We took a builder-based approach that gives them a very simple tool set to build their internal platform with [low] code components that we provide them,” he said. Ultimately they can do two main things, no matter how they build it. “The first layer is the ability provides engineering with good visibility into DevOps. They can define the software catalog with all the data that engineering cares about regarding microservices, environments, cloud resources, permissions and things like that,” he said. The second piece lets them self-provision components like creating an environment or setting up a microservice. He says all of this is designed with the goal of cutting down the number of help tickets filed between developers and operations to keep development flowing more smoothly. The company just launched a year ago, but they have paying customers using the product in a proof of concept scenario. With 22 employees already, Einy says that diversity is a big priority for the company. He says to that end, they have been working with NGOs, a common method for hiring underrepresented people in Israel where the company is based. Roni Floman, who runs marketing for Port says the NGOs help the company find people from communities in Israel, who might not otherwise apply at a startup like Port. “Israel has some NGOs dealing with adding Orthodox, very religious people, or people from Israel’s Arab community and usually those NGOs help place people [from these communities] in companies because in many cases, these people don’t usually just apply for a job [at a company like this],” she explained. “[Our] plan is to connect and proactively reach out to be able to hire those people and create a more diverse workforce.” Today’s $7 million seed round was led by TLV Partners with participation from some prominent industry angels.

Devtron raises fresh capital for its cloud DevOps platform • ZebethMedia

By zebethcontrolPosted on October 26, 2022Posted in Apps, Dev, devops, Enterprise, funding, Insight Partners, StartupsNo Comments

The cloud-native market has seen the introduction of a range of open source DevOps tools — tools that combine software development and IT operations — built to address very specific use cases. As a result, DevOps teams today have too many narrow choices that don’t work together seamlessly or that can’t be integrated into a single platform. At least, that’s the opinion of Prashant Ghildiyal, one of the co-founders of Devtron, a startup offering a platform to address what he believes are the top challenges facing the DevOps space. A container management system, Devtron offers a low-code delivery platform optimized for Kubernetes. (“Containers” are packages of software that contain the necessary elements to run in any environment.) The platform handles app management, security and more, providing an interface that abstracts away the underlying infrastructure. To Ghildiyal’s point, there’s evidence to suggest that there’s a gap between DevOps adoption and success. In a 2019 Harvard Business Review survey, only 10% of developers said that their companies were successful at building and deploying software quickly, with less than half (48%) saying their organization always relies on DevOps methodologies. A separate, more recent poll by infrastructure automation company Puppet found that companies were hitting a number of DevOps speed bumps in the race to be cloud native, including a skills shortage, issues with legacy architecture, organizational resistance to change and limited or lack of automation. Investors are keen on Devtron, as evidenced by the company today closing a $12 million funding round led by Insight Partners. “Devtron integrates with products across the lifecycle of microservices, and in particular Kubernetes, enabling its users to deploy faster and automate their CI/CD pipelines without worrying about Kubernetes knowhow,” Insight Partners principal Josh Zelman told ZebethMedia via email. Ghildiyal says that he and Devtron’s other co-founders, Nishant Kumar and Rajesh Razdan, experienced the challenges of scaling DevOps firsthand in their previous roles as heads of technology and software architects at various startups. Their experiences informed Devtron’s design, which Ghildiyal describes as “DevOps in a box,” with tools that provide audit logs and metrics showing the state of an organization’s DevOps maturity. Devtron also provides tools for access controls and policy management, as well as environment orchestration, software delivery workflow and cost. “This saves significant time and resources to build and deploy in production,” Zelman added. Ghildiyal sees Devtron competing against formidable incumbent vendors like GitLab and Harness in a DevOps market that was worth an estimated $4 billion in 2020, according to Global Market Insights. (That’s not to mention startups like Render, which raised $20 million last November after winning our Disrupt SF 2019 Startup Battlefield.) When asked about clients, Ghildiyal said Devtron has “several” unicorns and growth-stage companies as commercial customers, but he declined to reveal names — or Devtron’s revenue. Ghildiyal said that India-based Devtron’s principal focuses post-fundraise will be resources and cost optimizations to “enable DevOps automation and efficiency at scale.”

Microsoft launches new security services aimed at protecting code in the cloud • ZebethMedia

By zebethcontrolPosted on October 12, 2022Posted in devops, Enterprise, Microsoft Ignite, Microsoft Ignite 2022, SecurityNo Comments

At its Ignite conference today, Microsoft announced Defender Cloud Security Posture Management and Defender for DevOps, two new offerings within the company’s Defender for Cloud service (previously Cloud App Security) aimed at managing software development and runtime security across multicloud, multiple-pipeline environments. Currently available in public preview, they work with GitHub and Azure DevOps to start, with additional product integrations to come down the line. In a conversation with ZebethMedia, Microsoft CVP of cloud security Shawn Bice said that Defender for DevOps and Defender Cloud Security Posture Management (or Defender CSPM, to refer to it by its more wieldy acronym) arose from the challenges companies are increasingly facing as they use cloud-native services to deploy and manage applications. These customers often have incomplete visibility and a lack of prioritized mitigations, he said, making their security reactive as opposed to proactive. There’s truth to that. According to a 2020 report from Orca Security, 59% of cybersecurity teams report receiving more than 500 alerts about cloud security per day — a large portion of which are false positives. Tool sprawl is often cited as a challenge in maintaining code security. Responding to a GitLab survey from August, 41% of DevOps teams said that they used between six to 10 tools in their development toolchains, leading them to miss security issues. “The accelerated cloud transformation journey for our customers has created an urgent need for a unified solution to manage security from development to runtime in multicloud and multiple pipeline environments,” Bice said via email. Image Credits: Microsoft To this end, Defender CSPM leverages AI algorithms to perform contextual risk analyses of software dev environments. Resulting recommendations and insights are piped into source code management platforms like GitHub and Azure DevOps to drive remediation efforts; alternatively, users can create workflows connected to security recommendations to trigger automated remediation. Defender CSPM also provides “attack queries” that security teams can use to explore risk and threat data, as well as a dashboard showing all the rules implemented across dev environments and tools that allow security admins to define new rules. As for Defender for DevOps, it shows the security posture of pre-production app code and resource configurations. Security teams can use the service to enable templates and container images designed to minimize the chance that cloud misconfigurations reach production environments. “Leveraging [insights] within Defender for Cloud, security admins can help developers prioritize critical code fixes with actionable remediation and assign developer ownership by triggering custom workflows,” Bice explained. With the rollout of Defender CSPM and Defender for Cloud, it’s clear Microsoft is angling for a larger slice of the enormous and growing DevSecOps segment. Grand View Research estimates that the market for DevSecOps — which spans tools that automate security practices at every step of software development — was worth $2.79 billion in 2020. Startups including Spectral, which aims to detect potential security issues in codebases and logs, and Cycode, which offers tools to secure DevOps pipelines, might be perceived as competitors. But Microsoft’s scale — and the fact that both Defender CSPM and Defender for Cloud are free for Defender for Cloud customers during the preview period — give it an advantage. “Microsoft is committed to enabling security for all,” Bice added, “[with] a comprehensive cloud security benchmark across multiple clouds.”