DeepSource has made available an open source static code analysis tool, dubbed Globstar, that DevSecOps teams can employ to embed code checkers in their pipelines.Company CEO Sanket Saurav, CEO said Globstar will provide DevSecOps teams with an alternative to Semgrep, a widely used Semgrep open source tool that is now being made available under more restrictive licensing terms. Globstar, in contrast, is available under a more permissive MIT license that has no commercial usage restrictions.It’s not clear how many DevSecOps teams are affected by the recent changes to the Semgrep licensing terms, but this change is the latest in a…
Author: drweb
Test Data Manager (TDM) is a suite of products from Redgate that make it easy to build dev and test databases in seconds. It’s a nice rewrite of a number of pieces of technology that we have sold for years, and it was launched at the PASS Data Community Summit in 2023.I’ve been working with a few customers and sales engineers as they evaluate the fit for TDM in their environment. TDM is great once it’s running and can create a lot of agility for development teams as well as help them build better tested, higher quality software.One of the…
I wrote about getting the Redgate Test Data Manager set up in 10 minutes before, and it was a great post. In that one, the sample database Northwind was created and used. However, Alex Yates has modified the scripts to work with backup files, and I’ll show you how easy this is in just a few minutes.This is part of a series of posts on TDM. Check out the tag for other posts.The SetupI’ve filtered my SSMS to only show databases with BB in the name. You can see I have none.I also have a backup file of a baseball…
I wrote about getting the Redgate Test Data Manager set up in 10 minutes before, and a follow up post on using your own backup. One of the things I didn’t show from my own database was that it had no FKs, so the subsetting didn’t quite work as I wanted.This post shows how to correct things and add starting tables for the subsetter to look at in order to customize your setup.This is part of a series of posts on TDM. Check out the tag for other posts.The SetupWhen I ran the subsetter PoC with my own backup, I…
I recently took and passed the DP-700 exam, which is required for the Microsoft Certified: Fabric Data Engineer Associate certification. It’s the second Fabric certification, and it focuses more on the data engineering aspect of Fabric, as well as a bit of governance and administration. My preparation for this exam is probably fairly atypical, because:I have quite some experience already building data warehouses, mainly on the Microsoft stack. This means I didn’t have to study dimensional design methods or how to write T-SQL. I’ve done this enough over the years that I can skip the preparation for subjects like this.Fabric…
A critical authentication bypass vulnerability has been discovered in Perforce software, potentially allowing attackers to gain full administrative access to systems worldwide without authentication.Critical Vulnerability DetailsPerforce recently disclosed that white-hat hackers identified a severe vulnerability affecting “all versions of the platform.” This authentication bypass flaw compromises the core authentication protocol within Perforce software, enabling attackers to bypass security mechanisms and take complete control of administration interfaces.The impact of this vulnerability is particularly concerning, given that Perforce is widely used across government, defense and finance industries. According to the company’s announcement, this security issue poses a “severe risk to organizations worldwide”…
A survey of 731 developers, team leads, managers and executives who work with Java published this week identifies documentation (41%), communication issues between teams (38%), mismanaged timelines (32%); long redeploy times (29%), developer turnover (26%) and insufficient developer tools (24%) as the biggest inhibitors of developer productivity.Conducted by Perforce Software, the survey also finds that despite these issues, only just over a third (34%) said their organization plans to increase their tooling budget (34%) even though 51% said their organization plans to add more Java developers to their teams in the coming year.Perforce CTO Rod Cope said the survey suggests…
Developers need a fast, secure, and reliable way to build, share, and run applications — and Docker makes that easy. With the Docker Desktop 4.39 release, we’re excited to announce a few developer productivity enhancements including Docker AI Agent with Model Context Protocol (MCP) and Kubernetes support, general availability of Docker Desktop CLI, and `platform` flag support for more seamless multi-platform image management. Docker AI Agent: Smarter, more capable, and now with MCP & Kubernetes In our last release, we introduced the Docker AI Agent in beta as an AI-powered, context-aware assistant built into Docker Desktop and the CLI. It…
The Open Source Security Foundation (OpenSSF) has launched an initiative to provide maintainers of open source software projects with a set of baseline security requirements that can be realistically attained and maintained by small teams.The Open Source Project Security Baseline (OSPS Baseline) provides a structured set of security requirements based on recognized international cybersecurity frameworks, standards, and regulations.Ben Cotton, an OSPS co-maintainer and open source community lead for Kusari, said, unlike existing frameworks designed for large enterprise the OSPS Baseline provides open source maintainers with a more streamlined set of best practices that can be implemented by small teams. The…
Opus Security today unveiled a platform that employs artificial intelligence (AI) agents to its vulnerability management platform that are trained to discover known issues and suggest remediations.The Autonomous Vulnerability Management Platform is designed to first engage DevSecOps teams by asking a series of questions about their application environments. That data is then used to map the IT environment, determine which policies should be enforced and identify which vulnerabilities represent the most severe potential threats.The platform then shares that data with a set of AI agents that have been trained to perform specific tasks, including a Security Researcher, Security Governance Agent,…