Enabling a true “shift-left” in software security by empowering DevOps and security teams to work together In some recent articles I shared how you as a developer can add security to your skillset by using New Relic capabilities. I also dug deeper into ways on how to mitigate hidden security risks of open source software libraries. Both of these blogs focused on third-party code and how it can impact the security of your software applications.

Check your source code for any vulnerable libraries and start mitigating these issues Open source software libraries have become an integral part of modern software development. They are widely used by developers to accelerate the development process and reduce costs. On average, open source libraries make up 70-90% of an entire software application. However, the use of open source libraries also comes with hidden security risks that could potentially harm your organization’s reputation and financial well-being.

Not every developer is a security expert, but use these tips to improve your skills In today’s digital age, security is a major concern for individuals and organizations alike. With the increasing number of cyber-attacks and data breaches, it’s crucial for developers to have a thorough understanding of security best practices. The security of an application is of the utmost importance, as it can directly impact the safety and privacy of users’ data.

In a recent post I wrote about the ability to send all your application security vulnerabilities found by Snyk directly to your New Relic observability platform. Now, New Relic made it even easier to achieve that by providing a dedicated security ingest processor that ‘understands’ the payload from a Snyk webhook. All the details on how to get started, create and configure a Snyk webhook to send into your New Relic account is provided in this docs page: https://docs.

Security and observability data go hand in hand when it comes to application health. If you can put those two sources of data behind a single pane of glass you can make your life a lot easier. By leveraging the different options that the Snyk platform provides, you can send all your application security vulnerabilities found by Snyk directly to your New Relic observability platform. Let’s see how! Prerequisites Here are all the necessary links to get started:

TL;DR Leverage a Prometheus Exporter to send all your application security vulnerabilities from Snyk into Splunk. Here are all the necessary links to get started: Snyk Exporter: https://github.com/lunarway/snyk_exporter Splunk OpenTelemetry Collector for Kubernetes: https://docs.splunk.com/Observability/gdi/opentelemetry/install-k8s.html#otel-install-k8s Update (2022-09-22) The option that I am describing here is just one way to achieve this. There might even be a more straight forward option available that I started to describe in a more recent post. Please find an additional approach in my post Snyk Integration Capabilities with WebHooks - some examples.

How-To: Set-up New Relic to collect and observe metrics, traces and logs from Dapr and the underlying applications. Enable Dapr metrics and logs with New Relic Kubernetes integration for Azure Kubernetes Service (AKS) and application traces using OpenTelemetry. Prerequisites Azure Kubernetes Service kubectl An installation of Dapr on Kubernetes Perpetually free New Relic account, 100 GB/month of free data ingest, 1 free full access user, unlimited free basic users Enable New Relic Kubernetes integration The Kubernetes integration monitors worker nodes.

Just recently I attended Microsoft Ignite, Microsoft’s annual flagship technology conference with a focus on cloud and developers. The key theme this year was around “Tech Intensity” that Satya also talked about on LinkedIn earlier this year. Here is a quote from the LinkedIn post: There are two aspects to tech intensity: First, every organization will need to be a fast adopter of best-in- class technology, and equally important, they will need to build their own unique digital capabilities, which starts with workers who are deeply knowledgeable about the latest technology.