Black Duck and Google Help Teams Build Cloud Apps with Confidence

Black Duck and Google Help Teams Build Cloud Apps with Confidence

The way development teams build and deploy software is always changing. Recently, though, that trend has been more drastic. Today, the most productive development teams are using containers to build, deploy, and manage applications. Containers, in turn, have given those teams the flexibility and scalability to migrate their end-to-end development processes to the cloud. 

Teams are building and releasing software faster than ever before with continuous integration and delivery pipelines. They are automating those pipelines, and in doing so are moving the development processes to fully managed cloud build environments that have the infrastructure to continuously scale — using cloud services like Google Cloud Platform.

Cloud Build Environments Need a Better Open Source Security Solution

But as DevOps teams automate development and continuously deliver and deploy cloud apps at scale, Security teams are faced with new challenges. Gone are the days when a bill of materials created last month or even last week was sufficient. Containerized applications are being updated more frequently, in smaller batches, and primarily with open source. The speed of updates means it’s become harder to monitor the security and quality of the code in those applications. Every time new open source components are added, the teams have to apply the same checks as when they were updating at a much slower pace.

What Security and DevOps teams desperately need is open source security that works in the cloud, is automated as part of your CI/CD pipeline, and finds open source security vulnerabilities and code quality issues earlier in the application development lifecycle. They need a solution that eases the transition to building and deploying in the cloud. 

Learn more about Black Duck Integrations

Secure DevOps and Cloud Deployment with Black Duck and Google Cloud Platform

That's why Black Duck and Google created this partnership, to offer the flexibility, scalability, and computing power of Google Cloud Platform combined with the world’s leading solution for open source security and management. We’re excited to announce Black Duck Hub integrations with the Google Cloud suite of products.

Google Cloud users can deploy Black Duck Hub on Google Cloud Platform (GCP) so that open source vulnerability management can be integrated directly with the build and deployment activities in the cloud. They can inventory all the open source components in their projects, identify open source security vulnerabilities and quality risks, enforce policies, and take steps to remediate those risks. But that’s just the first step. The Hub also integrates with Google Container Registry (GCR), allowing customers to manage open source security risks across their entire collection of container images.

Hub integrations with GCP-hosted build and CI/CD tools, such as Jenkins, Bamboo, Team City, Maven, and Gradle, enable customers to automate open source scans as part of their CI/CD pipelines. By automating scans, teams can stay agile without sacrificing the security of their cloud deployments. And Hub plugins for GCP-hosted Eclipse and Visual Studio IDEs help software developers avoid open source security and component quality issues by scanning components to select safe and secure open source at the very beginning of the software development lifecycle.

As containers, cloud deployments, and automation become the norm for DevOps teams, Black Duck integrations for Google Cloud products allow teams to accelerate the production use of the cloud and gain automated intelligence, visibility, and control of their open source software throughout the application development lifecycle. At Black Duck, we’ll continue to improve application and container security, and we’re proud to be working with Google to pioneer these new integrations.

Check out the integrations on our website or find these integrations on the Google Cloud Launcher today! 

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

Secure Cloud Deployments with Black Duck and Pivotal Cloud Foundry

| Jul 18, 2017

In the world of software, containers are changing everything. We can build and deploy applications rapidly and flexibly. We can deploy in the cloud; we can scale with incredible reliability. Entire industries are evolving to empower organizations to move from traditional application development to

| MORE >

Manage Custom and Open Source with HPE Security Integrations

| Jun 13, 2017

Developers don’t limit themselves to one method when building applications. They pull from third party libraries, build custom code for themselves, and rely heavily on open source. As a proponent for open source, I think it's important to recognize its prevalence in software development today.

| MORE >