The way development teams build and deploy software is always changing. Recently, though, that trend has been more drastic. Today, the most productive development teams are using containers to build, deploy, and manage applications. Containers, in turn, have given those teams the flexibility and scalability to migrate their end-to-end development processes to the cloud.
Teams are building and releasing software faster than ever before with continuous integration and delivery pipelines. They are automating those pipelines, and in doing so are moving the development processes to fully managed cloud build environments that have the infrastructure to continuously scale — using cloud services like Google Cloud Platform.
Cloud Build Environments Need a Better Open Source Security Solution
But as DevOps teams automate development and continuously deliver and deploy cloud apps at scale, Security teams are faced with new challenges. Gone are the days when a bill of materials created last month or even last week was sufficient. Containerized applications are being updated more frequently, in smaller batches, and primarily with open source. The speed of updates means it’s become harder to monitor the security and quality of the code in those applications. Every time new open source components are added, the teams have to apply the same checks as when they were updating at a much slower pace.
What Security and DevOps teams desperately need is open source security that works in the cloud, is automated as part of your CI/CD pipeline, and finds open source security vulnerabilities and code quality issues earlier in the application development lifecycle. They need a solution that eases the transition to building and deploying in the cloud.
Secure DevOps and Cloud Deployment with Black Duck and Google Cloud Platform
That's why Black Duck and Google created this partnership, to offer the flexibility, scalability, and computing power of Google Cloud Platform combined with the world’s leading solution for open source security and management. We’re excited to announce Black Duck Hub integrations with the Google Cloud suite of products.
Google Cloud users can deploy Black Duck Hub on Google Cloud Platform (GCP) so that open source vulnerability management can be integrated directly with the build and deployment activities in the cloud. They can inventory all the open source components in their projects, identify open source security vulnerabilities and quality risks, enforce policies, and take steps to remediate those risks. But that’s just the first step. The Hub also integrates with Google Container Registry (GCR), allowing customers to manage open source security risks across their entire collection of container images.
Hub integrations with GCP-hosted build and CI/CD tools, such as Jenkins, Bamboo, Team City, Maven, and Gradle, enable customers to automate open source scans as part of their CI/CD pipelines. By automating scans, teams can stay agile without sacrificing the security of their cloud deployments. And Hub plugins for GCP-hosted Eclipse and Visual Studio IDEs help software developers avoid open source security and component quality issues by scanning components to select safe and secure open source at the very beginning of the software development lifecycle.
As containers, cloud deployments, and automation become the norm for DevOps teams, Black Duck integrations for Google Cloud products allow teams to accelerate the production use of the cloud and gain automated intelligence, visibility, and control of their open source software throughout the application development lifecycle. At Black Duck, we’ll continue to improve application and container security, and we’re proud to be working with Google to pioneer these new integrations.