According to the creators, the goal of this project is to make “cloud computing accessible, collaborative, and delightful for developers.”

The sandbox environment can be used for up to two hours at a time, and developers get access to 4 GB of RAM at any time. Once the two hours are up, the workloads are stopped, but developers can recreate them whenever they choose.

Developers can run multiple projects through Acorn. The Pro version offers collaboration features where developers can invite team members, who can then collaborate across multiple applications and environments. It also includes management tools where users can set role-based access control policies. 

Acorn also provides a set of DevOps tools to handle monitoring, logging, secret management, and cloud management. 

There is also a Dev Mode that enables users to work directly on an application while it is running. Changes can be synchronized in real time, debuggers can be added, and logs can be viewed in this mode. 

Projects created in Acorn are saved as Acorn Images, which are OCI-compliant and work with any registry. These images are identical wherever they are deployed, which cuts down errors and configuration issues. 

“Cloud computing has become increasingly complex for large organizations, let alone individual developers and small teams,” said Sheng Liang, CEO of Acorn. “With Acorn, we’ve eliminated that complexity. Users don’t need to be experts in Kubernetes, Terraform, DevOps or AWS to take advantage of the power of cloud computing. Acorn puts the power of the most popular cloud computing solutions at your fingertips. The only question is what you will create from then on.”

The post Rancher Labs and k3s creators launch new project, Acorn, for developing in cloud sandboxes appeared first on SD Times.

Veracode found that a single popular component with a critical vulnerability spread to more than 80,000 other software components, according to the report. Those infected components were used in millions of software programs, with approximately 97% of Java applications containing at least one component with a vulnerability, said the report.

Other key findings included best practices like remedial coaching and e-learning can improve vulnerability fix rates, and that 60% of applications fail security policies upon first scan. Also in the report, developers are using sandbox technology to scan their apps prior to assurance testing, which shows 2x improvement fix rates, said the report.

More findings from the security report can be found here.

Symphony Software Foundation announces Open Developer Platform
Symphony Software Foundation announced the upcoming availability of an Open Developer Platform that will give the foundation members and developers open development access to the Symphony API, as well as tools for a better development experience.

“Open source fueled the cloud and Big Data revolutions,” said Gabriele Columbro, executive director of the Symphony Software Foundation. “As a result, financial institutions and financial tech firms are now increasingly considering this approach to drive faster innovation, pervasive adoption and superior integration capabilities, while lowering development cost.”

The offering also lowers the barrier for financial institutions to collaborate on the platform under the foundation’s governance, according to Suresh Kumar, CIO of BNY Mellon, a member of the foundation and the Open Developer Program. The foundation also hosts open-source development of the Symphony platform, bots and apps on the Symphony Platform, along with technologies common to the financial service industry.

DevExpress open-sources TestCafe
DevExpress is releasing the core library of its automated in-browser testing solution into open source. TestCafe is the company’s node.js testing framework for Web apps.

“Now everyone in the open-source community can benefit from the technologies we developed for the commercial version,” the company wrote in a blog post.

TestCafe is designed to handle everything from starting the browser, running tests, getting results, and generating reports.

Sonatype updates Nexus Platform
The supply chain automation provider Sonatype is giving its Nexus platform npm and JavaScript intelligence. The company has updated the solution with npm and JavaScript components in order to help organizations deliver higher-quality software with DevOps automation at scale.

“Scaling a modern software supply chain requires deep intelligence that is precise enough to automatically weed out vulnerable, outdated, and defective open-source components and packages,” said Wayne Jackson, CEO of Sonatype. “Our customers operate in a polyglot world, and that’s why we’re continuously investing to deliver the world’s best component intelligence, not just for Java, but for JavaScript, .NET, RubyGems, PyPI, and other formats as well.”

The post Veracode’s State of Software Security Report, Symphony Software Foundation’s Open Developer Platform, and DevExpress open-sources TestCafe—SD Times news digest: Oct. 18, 2016 appeared first on SD Times.

Features include the ability to select from multiple container orchestration frameworks like Docker Swarm and Kubernetes; a cloud-agnostic infrastructure service layer; load balancing and persistent storage services; and the ability to work across cloud and datacenter boundaries.

“Since announcing our beta product less than a year ago, Rancher Labs has experienced incredible demand, as well as received encouraging and helpful feedback and community support for this open platform, which has enabled us to make meaningful enhancements to Rancher,” said Sheng Liang, CEO of Rancher Labs. “Now, with well over a million downloads, Rancher has quickly become the platform of choice for teams serious about running containers in production.”

Quali open-sources plug-in
Quali announced today that it is open-sourcing its plug-ins known as Shells, and making them available through a newly formed developer community.

Quali is a Cloud Sandbox platform for DevOps automation. Along with creating the developer community, Quali is providing product features to empower it, including Python libraries and extended APIs, which will make it easier for developers to create and share new Shells and Sandbox orchestration workflows.

The Cloud Sandbox platform enables development, test, support, partner and sales groups to deliver results and transform the IT infrastructure into purpose-built clouds, designed for DevOps.

“Quali’s extensive Sandbox APIs enable us to make sandboxes part of a fully automated DevOps workflow,” said Moorthy Raju, staff engineer at VMware. “This is critical to our vision of a fully automated, self-service interoperability lab/data center shared by our virtualization and engineering groups.”

The following components are available in the developer community:

• Open-source Quali’s Shell modules under the Apache 2.0 license
• Native support for Python-based shell automation and sandbox workflows
• A full set of northbound Python APIs and libraries for integration with DevOps and application life-cycle tools
• A Developer’s Center website with a registry of all available open-source shells, as well as tools for developers such as tutorials, best practices, samples and videos

New functionality by BlazeMeter gives developers more freedom
BlazeMeter has added new functionality, giving developers the ability to run any combination of Gatling, the Grinder, JMeter, Locust and Selenium tests in parallel through a single unified control language, both locally and in the cloud. Developers can now leverage existing Java Python and Scala language skills, and run any combination of test in parallel.

BlazeMeter’s new technology allows teams to create load and performance tests as brief fragments of code in any text editor, removing many of the barriers presented by legacy tools, according to the company. BlazeMeter tests can be defined using YAML or JSON file formats, and then managed in version control alongside the applications being tested.

The company’s “performance tests as code” format is a domain-specific language that controls test logic and performance thresholds for open-source tools without the need for expertise in the tools themselves. This gives developers or testers greater reach with the tools they already use. Individual small-scoped tests can be run in a targeted fashion or composed along with other tests into sophisticated real-world scenarios at runtime, according to the company.

The full announcement is available here.

The post Rancher 1.0 is released, Quali open-sources plug-ins, and new functionality for BlazeMeter—SD Times digest: March 29, 2016 appeared first on SD Times.

Already, DevNet hosts forums and information on Cisco’s product lines. The site also hosts a free-access sandbox for developers. In the sandbox, developers can get access to running labs filled with Cisco hardware and software. For example, WebEx is included in the sandbox, thus allowing developers to build software that can interact with the WebEx service without having to pay for WebEx time just to test their software.

The Sandbox services offered by Cisco are currently heavily weighted on the communications and mobile side of its product line, but the company is planning on releasing more capabilities into the sandbox. Currently, the DevNet Sandbox is divided into two distinct sets of services: dedicated and shared labs. Dedicated labs actually give developers admin-level access to the hardware and software they’re using. Currently, most of the services offered are available in the dedicated form.

The post Cisco opens DevNet portal appeared first on SD Times.