Learn about the most cutting-edge trends in DevOps and software delivery, including infrastructureless, generative AI, shift left, supply chain security, platform engineering, infrastructure from code, and interactive playbooks.
By Camille Fournier and Ian Nowland (O'Reilly)
Until recently, infrastructure was the backbone of organizations operating software they developed in-house. But now that cloud vendors run the computers, companies can finally bring the benefits of agile custom-centricity to their own developers. Adding product management to infrastructure organizations is now all the rage. But how's that possible when infrastructure is still the operational layer of the company? This practical book guides engineers, managers, product managers, and leaders through the shifts that modern platform-led organizations require. You'll learn what platform engineering is—and isn't—and what benefits and value it brings to developers and teams. You'll understand what it means to approach a platform as a product and learn some of the most common technical and managerial barriers to success.
By Cassie Crossley (O'Reilly)
Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process. This practical book gives you a comprehensive look at security risks and identifies the practical controls you need to incorporate into your end-to-end software supply chain. Author Cassie Crossley demonstrates how and why everyone involved in the supply chain needs to participate if your organization is to improve the security posture of its software, firmware, and hardware.
By CISA (Blog post)
It's time to build cybersecurity into the design and manufacture of technology products.
By James Iry (Blog post)
1801 - Joseph Marie Jacquard uses punch cards to instruct a loom to weave 'hello, world' into a tapestry.
ChatGPT helps you get answers, find inspiration and be more productive. It is free to use and easy to try.
Talk with Claude, an AI assistant from Anthropic.
We’ve trained a neural network called DALL·E that creates images from text captions for a wide range of concepts expressible in natural language.
Bard is now Gemini. Get help with writing, planning, learning, and more from Google AI.
The open-source AI models you can fine-tune, distill and deploy anywhere.
Microsoft Copilot is your companion to inform, entertain, and inspire. Get advice, feedback, and straightforward answers.
GitHub Copilot works alongside you directly in your editor, suggesting whole lines or entire functions for you.
The most capable generative AI–powered assistant for software development.
Activating humanity's potential through generative AI. Open models in every modality, for everyone, everywhere.
Midjourney is an independent research lab exploring new mediums of thought and expanding the imaginative powers of the human species.
Built to make you extraordinarily productive, Cursor is the best way to code with AI.
Pulumi AI is an experimental feature that lets you use natural-language prompts to generate Pulumi infrastructure-as-code programs in your favorite language.
Announcing Query Assistant, the first introduction of AI into Honeycomb. With Query Assistant, you can describe/ask things in plain English.
Datadog’s generative AI interface responds to conversational queries to help you explore your observability data and take action.
Learn how Watchdog, Datadog’s AI engine, proactively uncovers and alerts you to performance issues across your entire stack.
New Relic AI unlocks the power of observability for all, allowing anyone to turn heaps of complex data into actionable insights using everyday language and seamlessly integrated platform experiences.
Learn about Splunk AI, including embedded artificial intelligence capabilities, assistive intelligence experiences, and customizable machine learning tools.
Meet Davis, our radically different AI Engine built for today’s web-scale modern cloud with precision you can rely on. Start your free trial today!
DeepCode AI code autofix empowers developers with efficient & accurate AppSec solutions. Book a demo to try the fastest AI code review tool on the market.
A program which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License
Bandit is a tool designed to find common security issues in Python code. To do this, Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files, it generates a report.
Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications.
Security risk analysis for Kubernetes resources.
Enable developers to build securely from the start while giving security teams complete visibility and comprehensive controls.
Empower development teams with a code quality & security solution that deeply integrates into your enterprise environment that enables you to deploy Clean Code securely, consistently and reliably.
Wiz is the unified cloud security platform with prevention and response capabilities, enabling security and development teams to build faster and more securely.
Policy-based control for cloud native environments.
Build clean, secure code efficiently and fearlessly with Codacy Platform.
Coverity Scan is a service by which Black Duck provides the results of analysis on open source coding projects to open source code developers that have registered their products with Coverity Scan.
Adaptive application security for the AI era. Build and run secure software from code to cloud with Veracode.
Use Trivy to find vulnerabilities (CVE) & misconfigurations (IaC) across code repositories, binary artifacts, container images, Kubernetes clusters, and more. All in one tool!
Mend.io gives you all the tools you need to build a mature, proactive AppSec program that effectively manages application risk.
The world’s most widely used web app scanner. Free and open source.
Get accurate, automated application security testing that scales like no other solution. Secure 1000s of web assets with less manual effort. Reduce your risk with the only….
Discover Dynamic Application Security Testing (DAST) from Veracode to detect runtime vulnerabilities and secure your applications.
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
A fast and customisable vulnerability scanner powered by simple YAML-based templates.
Discover Chainguard's hardened, vulnerability-free container images designed to keep your infrastructure secure and efficient.
Enable developers to build securely from the start while giving security teams complete visibility and comprehensive controls.
Mend.io gives you all the tools you need to build a mature, proactive AppSec program that effectively manages application risk.
You can use Dependabot to alert you when your repository is using a software dependency with a known vulnerability.
Software Supply Chain Security, Threat Intelligence, and Threat Analysis Solutions.
Scale your AppSec with continuous scanning and analysis of software vulnerabilities.
Secure your SDLC and Non-Human Identities (NHIs) with GitGuardian 🔐 — detect secrets in code, repos, and tools. Available as SaaS or Self-Hosted.
Anchore's SBOM-powered modern SCA platform is trusted by the U.S. department of defense and Fortune 500 companies around the globe.
CLI tool and library for generating a Software Bill of Materials from container images and filesystems.
Accelerate innovation with secure software supply chain management from Sonatype, a Leader in Forrester Wave: for SCA. Trusted by 2000+ organizations.
Build secure containers with RapidFort's near zero CVE images and automated CVE remediation. Support for Java, Python, Go, and more. Speed up releases and simplify compliance. Start your free trial today!
The cross-platform app building toolkit.
Deno features improved security, performance, and developer experience compared to its predecessor. It's a great time to upgrade your Node.js project to run on Deno.
The WebAssembly System Interface (WASI) is a group of standards-track API specifications for software compiled to the W3C WebAssembly (Wasm) standard. WASI is designed to provide a secure standard interface for applications that can be compiled to Wasm from any language, and that may run anywhere—from browsers to clouds to embedded devices.
An open source framework for building developer portals. Powered by a centralized software catalog, Backstage restores order to your infrastructure and enables your product teams to ship high-quality code quickly — without compromising autonomy.
Humanitec empowers platform engineers to build the perfect Internal Developer Platform for the enterprise. Our products enable platform teams to reduce cognitive load, drive standardization and slash time to market.
Boost developer experience with OpsLevel – an internal portal unifying tools, knowledge, and tasks to help teams focus on coding, not operational roadblocks.
Cycloid's engineering platform helps you revolutionize software delivery, unlock hybrid cloud, and bring the best experience to your end-users.
Cortex is the internal developer portal that cuts noise for developers with paved paths to production. Catalog, score, and drive action to improve software.
Roadie is the most customizable Internal Developer Portal with built-in best practices, automated workflows, actionable insights built on Backstage.
Port allows developers and DevOps to build a service/software catalog, and enable developer self-service actions.
Try Compass, the internal developer platform from Atlassian to improve your developer experience, catalog all services, and increase software health.
Qovery is a DevOps Automation Platform that eliminates your DevOps hiring needs. Provision and maintain a secure and compliant infrastructure in hours - not months!
Enable anyone to safely execute self-service operations tasks that previously only subject matter experts could perform.
Runme turns your documentation into interactive notebooks for operating cloud infrastructure. Put another way, you can use your docs the way you use your terminal, instead of just as a reference that tends to go out of date.
DevOps process made easy to run and share through Runme Notebooks.
Discover the art of automation with Business Playbooks and Runbooks. Simplify complex tasks, optimize processes, and achieve business excellence.
Doctor Droid is an AI teammate that continuously monitors your alerts, and investigates issues by integrating with your monitoring tools & understanding your company's context (Playbooks).
The Jupyter Notebook is a web-based interactive computing platform. The notebook combines live code, equations, narrative text, visualizations, interactive dashboards and other media.
Ampt helps teams rapidly build, scale, and manage JavaScript apps on AWS by automatically configuring and optimizing cloud environments.
Nitric Open Source Cloud-Native Framework auto-provisions infrastructure for your app from any language for any cloud. Launch now with AWS, GCP and Azure.
Bring your own code, and run CPU, GPU, and data-intensive compute at scale. The serverless platform for AI and data teams.
Develop backends with zero infra setup using Shuttle: Code-driven cloud provisioning.
Klotho is a modern developer-first infrastructure-as-code tool for public cloud.
Encore is an AI-native Open Source Framework for building robust distributed systems, using a declarative approach ensuring performance, security, and quality.