Travis CI flaw exposed thousands of open-source projects’ secrets

A flaw in popular software testing tool Travis CI exposed the secrets of thousands of open-source projects.

Travis CI is a hosted continuous integration service used to build and test software projects hosted on GitHub and Bitbucket.

For at least a week – between 3-10 Sept – open-source repos that used Travis CI had their keys, credentials, and tokens exposed.

Ethereum developer Felix Lange discovered a flaw with how Travis CI handled environmental...

Live panel webinar: Bringing innovation to the edge with the alternative cloud

This free live webinar takes place on Wednesday 22 September | 2pm ET ABOUT THE WEBINAR

Developers have long heard about the benefits of edge computing: lower latency for applications, better bandwidth and cost efficiencies, the ability to put points of presence closer to end-users, and more. The edge opens a new wave of opportunity for developer innovation.In this webinar, you'll learn how alternative cloud providers are helping developers build for the edge faster, easier, and...

2021 Stack Overflow Survey: React.js takes the web framework crown, Python is in-demand, and devs still love Rust

The 2021 edition of Stack Overflow’s developer survey features both substantial changes in the landscape while other elements have remained stubbornly resilient.

In a blog post, Stack Overflow’s Ben Popper and David Gibson wrote:

“This year’s survey was a little different than ones in years past. We opened our 2020 survey in February, and by the time we got around to publishing the results, the reality of work and daily life had shifted dramatically for people...

APImetrics launches premium API performance monitoring service

APImetrics has launched a premium version of API.expert, a service that monitors over 2000 APIs across many vertical markets.

The service is $100 per year and enables developers to keep track of the performance from mainstream API providers such as Netflix, Slack, and Microsoft, to more specialist and smaller vendors.

David O'Neill, CEO of APImetrics, said;

“APIs have become an essential part of the tech landscape, with more and more critical and essential...

Sonatype Lift uses deep code analysis to suggest bug fixes

Sonatype has launched a new deep code analysis platform called Lift which can detect a wide range of bug types.

Lift detects bugs ranging from style issues to complex coding errors commonly found in first-party source code and third-party open source libraries.

Research from Veracode last year found that open-source libraries cause security flaws in around 70 percent of apps. However, open-source libraries are often critical to projects.

Using a deep code...

BUILD 2021: WSL now supports GUI apps, Project Reunion and Windows Terminal receive updates, Visual Studio and .NET 6 get new previews

Microsoft has used the first day of its annual BUILD conference to announce a swathe of updates to its Windows development products.

The first announcement is that support for GUI apps when using Windows Subsystem for Linux (WSL) is rolling out as of this week.

A preview of the functionality has been available since last month and is designed to allow developers to run their favourite Linux tools, utilities, and apps directly in Windows 10. Last week, Google announced...

Perforce acquires AI-based mobile testing experts 21 Labs

Enterprise development solutions provider Perforce has acquired the AI-based mobile testing experts at 21 Labs.

The acquisition will bolster Perforce’s existing portfolio of solutions for the enterprise development lifecycle with powerful testing capabilities.

21 Labs’ self-learning, AI-based mobile automation testing tool helps businesses to deploy quality iOS and Android apps faster.

Shani Shoham, CEO and Founder of 21 Labs, said:

“Together,...

Codecov breach prompts fears of another SolarWinds-style hack

A hack impacting software testing firm Codecov is expected to have resulted in hundreds of networks being compromised, prompting fears of a fallout similar to the recent SolarWinds attack.

Codecov has over 29,000 customers including companies such as IBM, Proctor & Gamble, Hewlett Packard Enterprise, Atlassian, Washington Post, and GoDaddy. The potential scale of the attack has led to a federal investigation.

"We are aware of the claims and we are investigating...

Why should you use Rust for developing distributed applications?

Rust was originally developed at Mozilla Research and has gained increasing traction as a popular language to develop distributed computing applications. Major software providers such as Microsoft and Amazon have announced publicly their affection for the language and the fact that they are using Rust in house as a means to develop safety-critical software components. Even more tellingly, the language has been voted by developers “the most loved programming language” every year since...

GitHub expands CLI functionality to bring Actions to your terminal

GitHub is expanding the functionality of its CLI (Command-Line Interface) tool to bring Actions to your terminal.

The first stable version of GitHub CLI launched in September last year with the aim of enabling developers to keep their repo workflows in their terminal.

“Developers spend a lot of time in their terminals, and our CLI helps to mitigate the frequent context switching between your terminal and GitHub.com,” Amanda Pinsker, Product Designer at GitHub, said...