Software supply chain management tooling company Sonatype had a busy week, announcing the acquisition of code analysis platform MuseDev as well as new products Nexus Container and Infrastructure as Code Pack. While the latter is meant to provide “out-of-the-box guidance to assist developers configuring cloud infrastructure and foster compliance with privacy and security standards,” Nexus Container is a NeuVector-based vulnerability and compliance scanning tool.
Details on the MuseDev acquisition were pretty sparse, though all employees are said to be joining Sonatype. The company has been bought for its 24 code analyzer-combining system, which is hoped to “offer tremendous value to our customers who are looking to improve the quality of code they write.”
The first parts of Muse’s tech are planned to land in Sonatype products in the spring of 2021.
Spring updates IDE tools and AWS module
With Eclipse 2021-03 just out, Spring Tools for Eclipse, Visual Studio Code, and Theia have been updated to work with the new version. Other changes in v4.10 include the option to configure the .sts4 dir location, a fix to make the debugger work with apps deployed to Docker, and a display property for the Concourse pipeline schema.
The team behind the Spring Cloud AWS meanwhile was able to finish v2.3 of the module, which is mainly of interest because of its integration with authentication service Amazon Cognito and ways to customise the configuration used when initialising AWS clients.
Logz.io jumps into the Prometheus-as-a-service business
Teams having trouble managing Prometheus on their own now have another as-a-service offering to choose from. Monitoring platform provider Logz.io’s managed Prometheus product is now generally available as part of the infrastructure monitoring plan which will set users back $12 per 1,000 time-series metrics per month.
GitLab pushes fixes to counter remote execution vulns
DevOps tooling provider GitLab has pushed out a number of security fixes for its platform, in a bid to get rid of a critical severity issue which allowed attackers to remotely execute code on the server. The issue affects all installations starting from version 13.2, updating to versions 13.9.4, 13.8.6, and 13.7.9 is strongly recommended.
GitLab also announced the licensing of its technology to Chinese company JiHu to drive adoption in that market by providing a SaaS offering hosted in China, which wasn’t an option due to local licensing requirements before. “Considering the lack of a locally based company, which constrains the growth of GitLab the DevOps platform in China, combined with the forked versions of the product that are out of date and not supported by GitLab, it made sense to evaluate the market potential for an independent, locally managed China-based offering” the company wrote.
Diamanti Spektra gets GCP-ready
Multi-cluster, multi-cloud management plane Diamanti Spektra hit version 3.2, which sees the product gaining capabilities to create Kubernetes clusters on the Google Cloud Platform, as well as to deploy and migrate apps to and from the platform. The update also brings better navigation features in the Application log UI and an option to start a terminal from the UI. Users who prefer cri-o to Docker can switch to that now, since support for the container runtime interface has been declared production ready with the v3.2 release.
HPE Ezmeral Marketplace opens for business
HPE’s digital transformation platform Ezmeral also got a couple of updates this week, one of them being a marketplace of open source and commercial apps customers can use together with the Ezmeral Container Platform to best fit their workloads. The software is mostly provided through the Technology Ecosystem program the company announced last year. Other adjustments mean that the Data Fabric component is now also available as a standalone product for persistent storage outside of HPE’s MLOps and Container Platform products.