CNCF published the sixth edition of the close-person Technologies Radar. The concept for this version was DevSecOps, the integration of security at each move of the application development lifecycle. The radar crew highlighted there are quite a few DevSecOps equipment nowadays and the room is developing and modifying quickly.
Courtesy of the Cloud Native Computing Foundation
The Technology Radar workforce described a few important themes that came out of this study. The initial theme is that accessible instruments nowadays are made to meet the needs of safety groups improved than builders. Though there are many promising applications accessible, there is no just one resource that can offer a holistic solution to resolving all the challenges.
In accordance to the radar staff conclusions, some of the extremely promising resources obtainable incorporate Cilium, Linkerd, and Trivy. These kinds of instruments are good at resolving at minimum a single difficulty, but there is area for consolidation.
Keith Nielsen, director of cloud architecture at Find Financial Providers, 1 of taking part organizations in the study illustrated how his organization is dealing with these types of problem:

Except you are going all-in with a cloud service provider set of tools, you are stitching issues with each other your self. The equipment have gotten much better in conditions of how you interact with them and the facts they give you back. Nevertheless, there is no silver bullet below.

The 2nd concept is that the DevSecOps house is changing speedily. The radar workforce underscored that practitioners nowadays have a plethora of protection applications to assess, make your mind up on, and integrate into their environments. In aspect, because the price of new expert services coming out of the main cloud companies is raising mixed with the increase of Kubernetes. Those people two aspects make it more durable to consume products and services securely and integrate them with emerging stability instruments.
Sergiu Petean, head of DevOps at Allianz Immediate, commented on the struggles practitioners are going through now:

The velocity of innovation and digitization at this time is a extremely important element. Normally, you obtain by yourself in a spot the place the aged way of doing protection doesn’t function anymore and you are wanting for diverse ways of performing safety.

The 3rd theme is about microsegmentation, a community protection technique of logically dividing and isolating workloads and then making use of protection controls on this kind of individual units. The radar staff pointed out that microsegmentation is a important challenge not only in terms of adopting the correct technologies but in phrases of modifying the way of thinking of practitioners in the business who are utilized to common community security procedures.
Some of the equipment involved in the radar for microsegmentation include Istio, Calico, and the Open Plan Agent (OPA).
In this survey, 21 organizations participated and contributed 171 facts points with a whole of 252 votes from conclude-consumers.
Per the webinar about this edition, the success of the survey carried out in September 2021 were constrained to 21 end-person organizations, such as Spotify, Intuit, Squarespace, Zendesk, and Find Financial Services.
Conclude people can suggest or vote on the following tech radar. In addition, opinions can be sent to [email protected].