Stability for Jenkins X with jx boot
Anyone that has been practicing CI/CD over the last year or more has certainly heard of Jenkins X. But many still haven’t actually used Jenkins X or don’t know exactly how Jenkins X is different from Jenkins or other CI/CD tools for that matter, or what is meant by Cloud Native CD. This talk will provide answers to all of the above and we will also take a look at the stability of Jenkins X, as one of the biggest challenges for those that have been using Jenkins X has been a constant stream of new features that have impacted the day to day stability of Jenkins X. This talk will provide a high-level overview of the differences between Jenkins X and Jenkins, explore what is meant by Cloud Native CD, and take a look at the new Jenkins X Boot feature that provides a consistent way to install, configure and upgrade Jenkins X. Finally, we will take a look at the CloudBees Jenkins X Distribution - a deliberately released version of Jenkins X that is similar to what Jenkins did with LTS releases - thoroughly tested and released on a specific cadence - bringing even more stability to Jenkins X and making it a Cloud Native CD platform that all organizations can depend on.
Kurt Madel is Director, Global Solution Architecture for CloudBees and works out of their office in Richmond, VA. He has over 20 years of software engineering and architecture experience, including DevOps in real world scenarios. Prior to joining CloudBees he was a software engineer at Capital One where he developed APIs for Apple Pay and helped lead their REST API initiative to include leading the development of a micro-service framework used by thousands of developers and streamlining of CI / CD processes. Based on his DevOps experience, Kurt provides a realistic, practical approach to help CloudBees customers realize continuous delivery.
Stranger Danger: Finding Security Vulnerabilities Before They Find You!
Open source modules are undoubtedly awesome. However, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user's data. This talk will use a sample application, Goof, which uses various vulnerable dependencies, which we will exploit as an attacker would. For each issue, we'll explain why it happened, show its impact, and – most importantly – see how to avoid or fix it in a CI/CD pipeline showing integrations with Jenkins X. We'll live hack exploits like the classic struts vulnerability that recently made it famous, along with several others.
Simon Maple is the Director of Developer Relations at Snyk, a Java Champion since 2014, JavaOne Rockstar speaker in 2014, Duke’s Choice award winner, Virtual JUG founder and organiser, and London Java Community co-leader. He is an experienced speaker, having presented at JavaOne, JavaZone, Jfokus, DevoxxUK, DevoxxFR, JavaLand, JMaghreb and many more including many JUG tours. His passion is around user groups and communities. When not traveling, Simon enjoys spending quality time with his family, cooking and eating great food.
Snyk (https://snyk.io/?utm_medium=Referral&utm_source=JAM-Meetup&utm_campaign=CloudBees-JenkinsX-JAMMeetup) is a developer-first security company that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images. Founded in 2015, Snyk is based in London, England.