Adding compliance assurance into DevOps practices to ship software faster with less risk

Software-based services — apps! — are now the primary way a company connects with customers. A company’s best chance in competing for a larger piece of the market is by shipping software faster. Teams need to continuously deliver infrastructure to run applications, regardless of location or computing environment. But companies can’t ship software faster if […]

Read More

Set up a Patch Management System Using Chef Automate

How does Chef handle patch management? The short answer is: it depends. For some organizations, patch management is simply a matter of running vendor-recommended updates on a fairly regular interval, while having the flexibility to install on-demand updates as vulnerabilities like 0-days require. For others, environments must be entirely air gapped, and multiple internal repositories and […]

Read More

Top 10 Most Viewed Blogs of 2016

In 2016, we published more than 200 blog posts, highlighting major releases and announcements, partnerships and integrations, skill-building and how to articles, and more. Here are the top ten most viewed posts of 2016. #10 Deploy a Java Web App on Tomcat 8 with Habitat In September, we released a new Habitat Package for deploying a JavaEE […]

Read More

Manage Secrets with Chef and HashiCorps Vault

On November 22, 2016, I presented a webinar with Seth Vargo on managing secrets with Chef and HashiCorp’s Vault. Our very large and highly engaged audience came prepared with great questions. We started off talking about generic secrets, and why you should start rotating them. From there, Seth went into the traditional ways you do secrets with […]

Read More

“Shift Left” Security and Compliance Automation with InSpec and Chef

Velocity needs control to be successful. As DevOps delivers high-velocity, high-performing digital transformation for business, there is increased focus on the need for security and compliance capabilities to match. Balancing these two seemingly contradictory demands – velocity and control – is difficult. We’re excited that our launch of InSpec 1.0, and its integration with Chef […]

Read More

Announcing InSpec 1.0 – Compliance as Code

One year ago, we released InSpec, an open-source project for infrastructure and test automation that helps companies incorporate compliance into their deployment pipelines. Today, after 70 releases, and with a great development community to support us, we are proud to announce InSpec 1.0 and the launch of inspec.io. InSpec for DevOps InSpec is primarily for […]

Read More

Moving release and security announcements to Discourse

The volume of posts on our blog has continued to increase as our company and community have grown. While all of the content has been awesome, we’ve received many requests for a dedicated channel about security and release announcements. Today, we’re excited to say we’ve heard you and are adding two specific communication channels to […]

Read More

FIPS Support Now Generally Available in Chef Client 12.8

We recently announced the general availability of Chef Client 12.8 that includes support for running in a FIPS 140-2-compliant mode. FIPS, the Federal Information Processing Standard, is primarily used within the United States Federal Government as a standard for information systems security. This feature helps our government customers, including agencies, contractors and hosting service providers, adopt […]

Read More

Supermarket 2.4.2 Security Release

Supermarket 2.4.2 is now available. This release contains a bug fix and security updates. Supermarket version 2.4.2 is a recommended update for all users running their own instances of Supermarket. Packages are available in the stable repository. If you are using the Supermarket omnibus cookbook, upgrading to this version involves updating your wrapper cookbook’s attributes to `[‘supermarket_omnibus’][‘package_version’] […]

Read More