The days of DevSecOps are upon us. As organizations are addressing big challenges like cultural shifts, new processes, and new tools, developers are dealing with their own set of challenges. Part of this is the shift left revolution, that requires developers to deal with new tasks, like addressing security and quality issues early in the development lifecycle.
Thankfully, DevSecOps principles include automated tools that integrate into the development pipeline and help developers create and deliver innovative software products fast, without having to compromise on quality or security.
We’ve put together a list of five cool developer tools that all come with free versions and the promise to support developers in their DevSecOps journey. So, without further ado, here are five free tools that help developers shine.
Codefresh is a Docker-native Continuous Integration/Delivery platform that makes CI/CD pipelines fast and simple for developers. According to their documentation, Codefresh works by fetching code from developers’ GIT repositories, packaging and compiling it, and then deploying the final artifact to a target environment.
Codefresh was designed and built with microservices and container-based apps in mind, and was the first CI/CD that put the container image at the center, allowing developers to quickly and easily build, test and deploy Docker images.
Codefresh is an active member of the open source community, built on Kubernetes, contributing to various open source projects, and creating an open source library of CI/CD steps. Recently, Codefresh took their role as open source contributors even one step further and announced a $100M open source fund to help open source projects to improve their DevOps, systems, and processes to increase contributions, as well as boost the quality of code submitted.
In addition to their paid offerings, Codefresh offers a free plan for developers that want to enjoy a painless CI/CD pipeline.
Sourcegraph’s open source edition is a fast, fully-featured code search and navigation engine.
Sourcegraph’s vision applies to three groups in software development organizations. They want to provide developers with a “single place to go to answer questions and get unblocked while writing, reviewing, and reading code.” When it comes to engineering leaders and internal tools teams, their vision is to provide them with “a single place where they can automate and extend parts of the development workflow.” But that’s not all — Sourcegraph proudly promotes their purpose “to create a world where everyone builds software.”
Judging by the extremely heavy hitters that are already using this developer platform — Google, Facebook, Uber, Lyft, and Yelp, to name a few, this admirable vision is theirs for achieving. If you want to join them, try out the open source edition, available on GitHub.
Bolt is a free extension, which scans all your projects and detects open source components, their license and known vulnerabilities. Not to mention, we also provide fixes. Bolt supports most common programming languages and continuous tracking of multiple open source vulnerabilities databases like the NVD, security advisories, peer-reviewed vulnerability databases, and popular open source projects issue trackers.
Bolt integrates with your Azure DevOps Services continuous integration servers and detects all open source components in your software, without ever scanning your code. It provides you with real-time alerts on vulnerable and outdated open source components and generates comprehensive up-to-date inventory, licenses and security reports with only one click.
This relatively new visual testing tool is fast becoming a favorite, delivering on its promise to provide “fast, easy and reliable testing for anything that runs in a browser.”
Cypress puts building a “thriving, open source ecosystem that enhances productivity” at the top of their mission statement, and offers both a free plan and a plan specifically designed for open source projects. If you’re a tester or a developer that’s itching to take your app testing to the next level, you should probably check this one out.
This popular open source project is pretty much as small as they come.
The WIP app was created to be used as a reference implementation to help other integrators. Self-titled “DO NOT MERGE – as a service”, WIP enables authors of pull requests to easily set the status to pending while they are still working on it.
Apart from being a cool open source project made for helping other open source projects, WIP donates all its revenues to Rails Girls Summer of Code, so if you’re involved with an open source project that’s still a work in progress, make sure to download the WIP app.
Giving Thanks to Developers and the Tools that Support Them
Developers today are stepping up to the challenge of delivering the next great software product, within increasingly short release cycles. This Thanksgiving, make sure to give them the thanks that they deserve, along with any help that they might require – that includes providing them with the DevSecOps tools to help them focus on the task at hand, which is creating awesome software products fast, all the while making sure that they are secure and top quality.
So, happy Thanksgiving to those celebrating, and happy developing to all.