The survey, Anchore’s 2024 Software Supply Chain Security Report, also found that less than half of respondents are following supply chain best practices like creating software bill-of-materials (SBOMs) for the software they develop (49% of respondents) or for open source projects they use (45%) of respondents. Additionally, only 41% of respondents request SBOMs from the third-party vendors they use. Despite these low numbers, this is a significant improvement from 2022’s survey, when less than a third of respondents were following these practices. 

The report found that 78% of respondents are planning on increasing their use of SBOMs in the next 18 months, and 32% of them plan to significantly increase use. 

“The SBOM is now a critical component of software supply chain security. An SBOM provides visibility into software ingredients and is a foundation for understanding software vulnerabilities and risks,” Anchore wrote in the report.

The report also found that currently 76% of respondents are prioritizing software supply chain security.

Many companies are having to make this a priority as part of their efforts to comply with regulations. According to the report, organizations are now having to comply with an average of 4.9 regulations and standards, putting more pressure on them to get security right. 

Of the companies surveyed, more than half have a cross-functional (51%) or fully dedicated team (8%) that works on supply chain security. 

Finally, 77% of respondents are worried about how embedded AI libraries will impact their software supply chain security.  

For the survey, Anchore interviewed 106 leaders and practitioners that are involved in software supply chain security at their company.

The post Report: Only 1 in 5 organizations have full visibility into their software supply chain appeared first on SD Times.

Environments compatible with TCE include local workstations as well as public clouds. The platform automates end-to-end application delivery by offering a space for application developers, IT operators, and DevOps engineers.

TCE enables users to experience VMware Tanzu easily by providing: freely available software and services free of usage restrictions or functionality limitations, the same software used in Tanzu commercial editors, and a way to easily install the platform in minutes. 

TigerGraph announces new graph analytics product release

TigerGraph today announced the release of its newest version, containing more than 40 capabilities. The release brings several new features including: enterprise-grade capabilities in availability, scalability, manageability, and security; developer-friendly features for a more productive experience; and advanced ML capabilities.

This new version of TigerGraph is aimed at meeting the needs of financial services, health care, and supply chain as their demands rapidly grow and evolve. With the new enterprise-grade capabilities, it can be ensured that mission-critical graph applications can work in private and public clouds. In addition, the developer-friendly features are aimed at enhancing accessibility compliance, query language, and query build. Finally, the advanced ML capabilities to the TigerGraph In-database Graph Science Library doubles the number of built-in graph algorithms, including graph embedding algorithms.

Anchore Enterprise 3.2

Today, Anchore announced the release of Anchore Enterprise 3.2, bringing new key features with it. These new features enable organizations to protect against security risks and vulnerabilities within their software supply chain. 

Some of the new key capabilities in the release include: identifying vulnerabilities more accurately with a next-generation scanning engine, support for scanning SUSE Enterprise Linux, expanded options for policy rules in the UI, and more allowlist customization options in UI.

“With 64 percent of large enterprises impacted by software supply chain attacks, Anchore is focused on providing organizations with best-in-class tools to proactively combat against these threats to software integrity,” said Neil Levine, vice president of product at Anchore. 

To learn more, visit here.

Google announces Flutter Meetup Network

Recently, Google announced its new Flutter Meetup Network (FMN), an international network of Meetup groups united by their enthusiasm for Flutter. The goal of this program is to foster a thriving worldwide community of Flutter developers by empowering community organizers to educate and inspire local communities with engaging events.

As Flutter has grown in popularity, over 100 Meetup groups have come about globally to celebrate and educate their members about Flutter. With the FMN those groups will be supported officially. Network members will be granted access to various resources that make it easier to plan and host Flutter-themed events. 

Aside from networking, meetups can also help connect developers who are running into problems with a Flutter project with other members of the community who have solved a similar problem and can give them the help they are looking for. To join a group near you, visit here.

The post SD Times news digest: VMware Tanzu Community Edition now available, TigerGraph announces new graph analytics product release, and Anchore Enterprise 3.2 appeared first on SD Times.

Syft analyzes container images and filesystems, then creates a bill of materials, which is a record of all operating system packages and language artifacts. Developers can use Syft to inspect the contents of new software components before deciding to use them. It is also helpful in maintaining a record of third-party software included in a project.

Grype scans container images and filesystems for known vulnerabilities. It matches the contents against data compiled from multiple data sources. Developers can use Grype to quickly discover vulnerable components and take the appropriate remediation steps. 

“As an open source company, we do research and development in the open,” said Neil Levine, vice president of product management at Anchore. “In recent surveys, customers and community members agreed that security scanning can never be too fast and integration can never be too easy. We are looking forward to seeing how developers and DevOps teams use the tools while we focus on enhancing them with the policy features of our continuous compliance platform, Anchore Enterprise.”

Syft and Grype can be accessed in the Anchore Toolbox here. 

The post SD Times Open Source Project of the Week: Syft and Grype appeared first on SD Times.

“Our new name doesn’t change the work we’re doing with you or our mission. Our mission continues to be that Dialogflow is your end-to-end platform for building great conversational experiences and our team will help you share what you’ve built with millions of users,” Ilya Gelfenbeyn, lead product manager at Google, wrote in a post.

The company also announced two new features for Dialogflow: an in-line code editor and multi-lingual agent support.

CFCR becomes the Cloud Foundry’s default method for deploying containers
The Cloud Foundry Foundation has announced that Cloud Foundry Container Runtime (CFCR) is now the default Cloud Foundry approach to deploying containers using Kubernetes and BOSH. Users can now use the Container Runtime to deploy Kubernetes or application runtime for a Cloud Application Platform. This project was originally donated to the Cloud Foundry Foundation in June by Google and Pivotal, in order to expand choice for Cloud Foundry’s massive user base.

“The technology has progressed quickly—after only four months in incubation, the first commercial offering has already been launched. Container Runtime expands the capabilities of Cloud Foundry beyond Application Runtime, giving enterprises more options to take advantage of cloud-native best practices,” said Abby Kearns, executive director for the Cloud Foundry Foundation. “With nearly 70 percent of enterprises using containers in some capacity, choice is critical. This expansion enables businesses to take advantage of the power of Kubernetes combined with BOSH, an open source, enterprise-grade management tool.”

Microsoft adds UWP support for .NET Standard 2.0
Microsoft has announced a major update to UWP for .NET developers, which is their largest release since shipping .NET Native with Windows 10. The company is adding support for .NET Standard 2.0, which will give UWP developers access to about 20k more APIs. The update will also allow developers to migrate code into UWP apps more easily. UWP apps use .NET Core for debugging and .NET Native for release builds. This release adds incremental build support for .NET native, making debugging with .NET Native more approachable, according to the company.

Sauce Labs announces Extended Debugging for Selenium tests
Sauce Labs has announced Extended Debugging for Selenium tests, which provides faster resolution times for fixing errors. This tool combines browser console log information with networking data in order to determine the cause and location of a problem.

“Automated testing is the backbone of continuous delivery. By adding Extended Debugging to our platform, we’re ensuring that our customers can identify the root case of test failures faster,” said Lubos Parobek, vice president of product at Sauce Labs. “This has been a much anticipated addition to our platform as browser and networking failures can often be difficult to reproduce, troubleshoot and fix.”

Anchore releases Anchore Cloud 2.0
Anchore announced the release of Anchore Cloud 2.0, a series of software tools that provides developers, operations, and security teams with a means to achieve proper container compliance, both on-premises or in the cloud. Anchore Cloud is a SaaS product built on an open source analysis and policy engine, and allows users to look for container images on both public and private registries. Anchor is integrated with popular open source tools such as Jenkins and Kubernetes.

“Anchore Cloud 2.0 gives users the tools necessary to achieve a controllable containerized software flow in a way that can be certified by the user for their specific needs,” said Daniel Nurmi, CTO and cofounder of Anchore. “Coupled with our open source on-premise engine, Anchore Cloud 2.0 provides users the ability to quickly and easily integrate powerful inspection, reporting, and security and compliance checks into their existing or new container build environments.”

Syncfusion updates Dashboard and Data Integration platforms
Syncfusion is announcing an update to their Dashboard and Data Integration platforms. In this release, the Dashboard Platform and Data Integration Platform will be integrated, enabling users to access workflows from the Data Integration Server in the Dashboard. New Dashboard features include advanced sorting options for the Dashboard Designer, a common ODBC connection, a waterfall chart widget, and a widget for radar and polar charts.

The Data Integration Platform now offers a user-friendly design for processors, process groups, and ports, allowing views to be expanded and collapsed. It also features support for monitoring tasks, and allowing disk and JVM memory to be monitored.

“We’ve been very pleased at the success of our Data Platform,” said Daniel Jebaraj, vice president. “We’ve taken some innovative steps toward simplifying effective data usage for businesses, and we hope to continue improving the platform with releases like this.”

The post SD Times news digest: Google renames API.AI to Dialogflow, the Cloud Foundry Container Runtime, and Microsoft’s UWP support for .NET Standard 2.0 appeared first on SD Times.

“As a part of our continuous effort to simplify the daily workflow for developers, we are today enabling mobile web developers to debug JavaScript running on their iOS devices directly from their editor, with our new iOS Web Debugger for Visual Studio Code,” wrote Kenneth Auchenberg, program manager for JavaScript diagnostics at Microsoft, in a blog post.

The debugger supports setting breakpoints, stepping, stack traces, Locals pane, watches, consoles, and debugging eval scripts, and script tags.

In addition, the debugger is designed to find out if developers are gaining value from an integrated iOS debugging solution.

Citrix gives developers a free version of its NetScaler CPX solution
Citrix has announced NetScaler CPX Express, a free version of NetScaler CPX for developers. CPX Express provides the same functionality such as a codebase, REST API and operations interface from the company’s NetScaler platform. It is designed to help developers create microservices applications.

“With the rise of DevOps and microservices, developers increasingly are concerned with reliable application delivery as well as with application development,” said Brad Casemore, research director for data center networks at IDC. “Unfortunately, at the inception of many projects, developers do not always have access to a full-featured ADC. With the introduction of the NetScaler CPX Express, Citrix is responding to that developer need and helping to accelerate the speed at which microservices-based applications can advance from development to deployment.”

The free version features load-balancing capabilities, in-service upgrades, advanced security capabilities, service discovery, auto-reconfiguration, and real-time visibility.

Google’s gRPC framework reaches version 1.0
Google’s Internet-scale RPC framework is ready for deployments. According to the company, gRPC is designed to provide developers with the same scalability, performance and functionality used at Google.

“gRPC can help make connecting, operating and debugging distributed systems as easy as making local function calls; the framework handles all the complexities normally associated with enforcing strict service contracts, data serialization, efficient network communication, authentications and access control, distributed tracing and so on,” wrote Varun Talwar, product manager at Google, in a blog post.

Version 1.0 features multiple language bindings, support for Android and iOS, single-line installation, API stability, and improved performance.

Google plans to release its Daydream VR platform soon
Google is getting deeper into virtual reality. The company recently released Android Nougat with a VR mode, and according to a report from Bloomberg, it is getting ready for the debut of its Daydream VR platform.

According to Bloomberg, Google will promote the platform through apps, shorts and games—specifically Hulu and YouTube.

Google to update mobile search results
Google wants to make the viewing experience on mobile devices easier and simpler. The company announced in the next coming months it will be making changes to its mobile search results in order to make finding content a smoother process.

As part of the updates, Google will be removing the mobile-friendly label to unclutter search results. The label was used to help users find better mobile content, but the company said almost 85% of mobile search pages are mobile-friendly.

In addition, the company will begin to decrease things that make content difficult for users to read such as popups that cover main and standalone interstitials.

Open Container Initiative announces new members
The Open Container Initiative announced that startups are joining its mission to guide the future of container technology. The startups include Anchore, ContainerShip, EasyStack and Replicated.

The Open Container Initiative (OCI) is an open-source project that is aiming to create industry standards around container formats and runtime.

“The rapid growth and interest in container technology over the past few years has led to the emergence of a new ecosystem of startups offering container-based solutions and tools,” said Chris Aniszczyk, the executive director of the OCI. “We are very excited to welcome these new members as we work to develop standards that will aid container portability.”

The post Microsoft’s iOS Web debugger for VS Code, Citrix’s NetScaler CPX Express, and gRPC version 1.0—SD Times news digest: Aug. 24, 2016 appeared first on SD Times.

Version 2.1 introduced more than 20 features based on developer feedback, from functionality for building tables, to error-handling actions, and also flexible options for UI design.

With MobileTogether 2.1, the app development environment is free of charge, so it can be rolled out to an unlimited number of developers in a company. Besides the new pricing, the enhancements to tables in MobileTogether 21 include scrollable tables and the ability to align nested tables. These enhancements will help developers for building tables of any size, said the company.

“Support for scrollable tables provides flexibility for table creation in MobileTogether,” wrote Erin Cavanaugh, marketing director for Altova, on the company’s blog. “Now, to ensure easy display on devices of all sizes, developers can set the maximum visible size of a table, or set it to fit the rest of the screen, with horizontal or vertical scrolling enabled to view the rest.”

Also with MobileTogether 2.1, there are new controls to allow developers to add visual elements to their UIs, new actions, and new XPath functions, properties and operators.

Amazon adds functionality to Alexa Skills Kit for developers
Today Amazon introduced the Smart Home Skill API for the Alexa Skills Kit, which enables developers to add capabilities to Alexa. Developers can now teach Alexa how to control their cloud-controlled lighting and thermostat devices so customers can give Alexa commands like, “Alexa, turn on the kitchen lights.”

With this API, there is no need to build a voice interaction model to handle customer requests. This work is done when the Smart Home API is used. Developers can create skills that connect the devices directly to the lighting and thermostat capabilities so that customers can control their lights, switches, smartplugs or thermostats.

Amazon first introduced the Smart Home Skill API as a beta called the Alexa Lighting API in August 2015. As part of the beta program, the company worked with other companies such as Ecobee, Nest, Samsung SmartThings, Sensi and Wink to gather developer feedback while extending Alexa’s smarthome capabilities to work with its devices.

Anchore startup wants to build safer software
Anchore, a startup based in California, said it has a new way to inspect, track and secure software containers. The company says that it wants to attack a different problem by making sure that what is in the container itself is ready to go before the container goes into full production, according to a Fortune report.

An early version of the software, which will be made available as a subscription service, has been tested by a couple of unnamed Fortune 10 companies, cofounder and CEO of Anchore Saïd Ziouani said.

A fuller test version of the product should be out in the second quarter, and developers can sign up for that now. General availability is expected later this year. CoreOS, Docker and Mesosphere have components that do some of what Anchore can do, wrote Fortune, but Ziouani said users of those tools will also want to use Anchore to give them a view into the container from its creation until deployment in production.

The post Altova’s MobileTogether 2.1 gets new features, Amazon adds Smart Home Skills API, Anchore wants to make software safer—SD Times news digest: April 6, 2016 appeared first on SD Times.