Category: Development and DevOps

  • Javascript Promises – The Definitive Guide

    The single-threaded, event-loop based concurrency model of JavaScript, deals with processing of events using so-called “asynchronous non-blocking I/O model.” Unlike computer languages such as Java, where events are handled using additional threads, processed in parallel with the main execution thread, JavaScript code is executed sequentially. In order to prevent blocking the main thread on I/O-bound…

    Ivan Jovanovic
  • Writing reusable Terraform modules

    One of the standard infrastructure architectural patterns for web applications – that we also apply here at NearForm – is to split the infrastructure into multiple logical environments. The most common ones are dev, staging and production. They use the same type of resources (load balancers, instances, databases, etc), but they differ in scale and…

    Dan Achim
  • Static Analysis of Docker image vulnerabilities with Clair

    Static Analysis of Docker image vulnerabilities with Clair

    In a previous article, we described how to build a Docker Registry. Today we look at Clair – a tool that does static analysis of vulnerabilities in a docker image. What is Clair? Clair is a popular open source vulnerability scanning solution for docker images made by CoreOS. Clair is also integrated with quay.io public…

    Petr Kohut
    Blog, Development and DevOps, Security | 13th November 2018
  • Migrating from CircleCI to Azure DevOps Pipelines

    Migrating from CircleCI to Azure DevOps Pipelines

      Recently when we migrated the CI/CD pipeline for a client’s application to Azure DevOps pipeline we were pleasantly surprised. The Original Setup with CircleCI But before we get into how we re-engineered the pipeline, let me take you through the original setup with CircleCI.  Each project repository has its own build pipeline and generates…

    Alex Knol
    Development and DevOps | 22nd October 2018
  • Putting security into DevOps Practices

    DevOps: 7 Reasons to Automate Security in your Pipelines

    The DevSecOps Evolution: Incorporating Security into DevOps Practices According to IDC estimates, the worldwide DevOps software market achieved a level of $2.9 billion in 2017 and is forecast to reach $6.6 billion in 2022. Driven by the need for faster innovation, a shift towards microservices architectures, and the evolution of automation and collaboration tooling, the…

    David Gonzalez
    Development and DevOps, Security | 1st October 2018
  • Public Docker Registry in Kubernetes

    How to run a Public Docker Registry in Kubernetes

    Introduction As a member of NearForm’s DevOps team, I spend a lot of my time working with containers in Kubernetes. In the article, I will cover the creation of publicly accessible Docker Registry running in Kubernetes. For the sake of keeping things simple and short, I will use basic authentication for the registry and Kubernetes…

    Petr Kohut
    Blog, Development and DevOps, Security | 12th September 2018
  • Building Docker images in Golang

    Building Docker images in Go

    For the NearForm Node.js Docker distribution we we wanted to add some flexibility to our build process in order to be quicker to respond to changes in the ecosystem. We are currently using “make” to build the docker images which requires a configure step. Since these images never really get built anywhere else than in…

    Alex Knol
    Blog, Development and DevOps | 10th September 2018
  • The world is a dangerous place, which is why you need Joi data validation

    Re-joi-ce people! If you have been programming long enough, you know all too well that you can never trust external data. The first thing you will want to do is validate that data before it gets too deep into your program. You may have already heard the saying “don’t roll your own crypto”. Though less…

    Nicolas Morel
  • Zed Attack Proxy in a CI Pipeline?

    Adding Automated Penetration Testing to Continuous Integration Pipelines Testing, particularly around security, is a core part of the ethos of all nearForm development teams. In many organisations, penetration testing can often happen just before a product first pushes to production, and periodically thereafter. Penetration testing is performed by external teams and is focused on finding…

    Mihovil Rister
  • Terraform Header Image

    Building a Transparent Proxy in AWS VPC with Terraform and Squid

    In this article I’m going to be setting up an example network and deploying a transparent proxy to it. To make this repeatable and to show exactly how it can be deployed in AWS VPC, I am using Terraform. Terraform is an excellent tool for describing and automating cloud infrastructure. All of the terraform code…

    Karl Hopkinson-Turrell
  • Top