Integrate JFrog Xray with Slack

The need to protect your software and to be updated about vulnerabilities is getting stronger. JFrog Xray is unique in its capabilities to perform analysis of all the binaries you are consuming in your project. It works with Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. Xray provides great visibility into issues lurking in components anywhere in your organization and there are many cases where you wish to get notified on a security violation (or a license breach) directly to Slack.

Getting Started

We will use Xray’s Webhooks to define our server’s and base on the policies/rules our Webhook will be notified with the alerts about violations (security or licenses).

Continue reading →

Stress Test: Reflections on Financial Crises (and the current one) – Quick Review

After the last few weeks, it clear we are in the biggest financial crisis in our generation. I read “Stress Test” a few months ago and there are several perspectives that are good to be remembered. Especially during these crazy days where the market shows ‘no bottom’.

“The fundamental causes of this crisis were familiar and straightforward,” Geithner writes. “It began with a mania — the widespread belief that devastating financial crises were a thing of the past, that future recessions would be mild, that gravity-defying home prices would never crash to earth.”

The causes of the crisis, in other words, were the same old-fashioned madness of crowds and extraordinary popular delusions responsible for every panic dating back to the Dutch mania for tulip bulbs. The entire society — including all the big banks and some nonbank financial firms, like the insurance company A.I.G. — simply ignored risk.

Continue reading →

Export Violations From JFrog Xray to CSV

The trend of #DevSecOps is growing fast and it is no longer just part of your security team. More and more organizations wish to integrate their security team in all the phases of development and operations. To achieve it, there are cases where you need to export data from JFrog Xray (in our case to a CSV format) so you can ingest it to your current logging/monitoring system. 

What is Xray?

In a nutshell, JFrog Xray works with JFrog Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. It provides full transparency that leads to more trust in your software. 

By scanning binary components and their metadata, recursively going through dependencies at any level (think on the layers you have in any Docker container), JFrog Xray provides great visibility into issues lurking in components anywhere in your organization.

Xray API

One of the best parts is that JFrog Xray is also fully automated through a rich REST API. We will use it to create this Exporter. Please feel free to clone/fork the code below and use it, but remember you might need to add pagination and a watchdog for a real system.

Continue reading →

Improve Your Decisions

I find the topic of decisions making to be a fascinating one.
In the past few years, I wrote about it several times and this is the post I keep returning as the ‘checklist’.
However, it’s great to have quick and simple rules that you can use.

Three rules to improve your decisions (that I ‘borrowed’ from @naval):

• If you can’t decide, the answer is no – It might be a bit tricky in cases where you don’t have a Yes/No decision. However, the idea (IMHO) is that you should have a hunch on what will be the right path and if you can’t feel it, try to base the decision on the best data you can find.

• If two equally difficult paths, choose the one more painful in the short term (pain avoidance is creating an illusion of equality) – This is a clever one, as it’s pointing you in the direction of
  ‘Easy choices → Hard life. Hard choices → Easy life’.
  I’m not sure, this rule will be valid in all cases, but even if it’s holding for 80% it’s a good one to remember.

• Choose the path that leaves you calmer in the long term – Smart way to validate which is the better decision for a given challenge.
  

Also, it’s good to remember that
“It’s extremely hard to make good decisions in a poor environment.”

So do your best to improve the environment (e.g. company, friends) before taking important decisions.

The original tweet:

Decisions:

• If you can’t decide, the answer is no.

• If two equally difficult paths, choose the one more painful in the short term (pain avoidance is creating an illusion of equality).

• Choose the path that leaves you more equanimous in the long term.

— Naval (@naval) July 13, 2018

Have a great weekend.

Continuous Software Updates With JFrog Pipelines

“Liquid Software” release practices are rapidly becoming the standard in many companies. However, as software shapes digital transformation, DevOps teams are feeling challenged to manage their growing influence on corporations’ success or failure. In a talk I gave last week, we looked into the growing pains that most enterprises (many of them JFrog customers) face when adopting and consolidating DevOps at scale, and how these challenges are being mitigated with end-to-end platform solutions. We also wrap up with some DevOps best practices that will help you address emerging trends that your bosses’ bosses care about.

The slides

The Future of Continuous Software Updates Is Here from Ido Green

Continue reading →

What It Takes – Book Review

“What It Takes: Lessons in the Pursuit of Excellence” is a book I enjoyed in the last two flights. It’s a classic entrepreneurship story and half of the book is talking about his path in starting, building and expanding Blackstone. The other half is composed of stories in his life.

Who is Stephen Schwarzman?

Well, he manages over $500 billion as the co-founder/CEO of Blackstone.
He also wants to teach readers “how to grow organizations, and do positive things, and how to help their careers”. 

I felt through the book that there are some good lessons.

One lesson is around the same (more or less) rules that Buffet coined around:

1. Don’t lose money.
2. Go back to confirm you are executing rule #1

A few little details make the book fun to read. For example, when he explained how Angela Merkel raised her hands to imitate a locust and how he mimics her. Another good one is when he tells of why he earned the nickname “Farmer Blackstone” in China. It is because he promised that the company’s stock price was like a seed that would grow in time.

I also liked this suggestion:
“There is nothing more interesting to people than their problems. Think about what others are dealing with, and try to come up with ideas to help them. Almost anyone, however senior or important, is receptive to good ideas provided you are thoughtful.”

Continue reading →

2019 Favorite Books And Runs

In the past few years ( 2018, 2017, 2016, 2015, 2014, 2013) I’ve been summarizing the year both on sports events (running, biking, snowboarding, etc’) and on books.

This year is no different.

Let’s start with the books I’ve enjoyed most in 2019.

Books – Learning and thinking

• Talking to Strangers: What We Should Know about the People We Don’t Know – Malcolm Gladwell
  This is another masterpiece from Gladwell. He knows how to tell a story and to take you from A to B in a fascinating way.

• Grit: The Power of Passion and Perseverance – Angela Duckworth
  I enjoyed this one as it’s not ‘just’ talking about the importance of Grit but also on how to deal with the complexity of life.

• 21 Lessons for the 21st Century – Yuval Noah Harari
  If you read the first two books you got the main ideas. However, it’s a great book with many good internal stories. I liked it a lot.

Continue reading →