Home » Cybersecurity » DevOps » Improve DevOps Productivity with Azul Intelligence Cloud for Any JVM
For decades DevOps teams have been under pressure to do four things: make software faster, make it cheaper, keep it secure, and accelerate time to market. But with fewer engineering resources, enterprises that use Java must find a way to speed up application innovation and fortify application security across their entire Java estate more efficiently. The rewards (and costs of not doing so) are high – companies in the top quartile of McKinsey’s Developer Velocity Index (DVI) perform significantly higher than bottom-quartile companies:
Two primary challenges to DevOps productivity are alert fatigue due to out-of-control false positives for vulnerabilities and unnecessarily maintaining unused code in legacy codebases. Modernizing codebases for cloud-native environments is made further complicated by the complex mix of JDK distributions and Java versions in use by many large enterprises.
Azul Intelligence Cloud helps bring efficiency to these DevOps operations, making these DevOps initiatives achievable and even commonplace for Java applications.
Intelligence Cloud is designed to help engineering managers effectively deal with the challenges of technical debt and security maintenance with the Code Inventory and Vulnerability Detection features. And now, in an exciting new development, Intelligence Cloud works for any JVM from any Java vendor. Whether you’re using a JDK distribution from Azul, Microsoft, Red Hat, IBM, Oracle, Eclipse Temurin, or any other Java provider, Intelligence Cloud works for you.
Azul Vulnerability Detection is a cloud service that eliminates false positives by accurately identifying and prioritizing known vulnerabilities in Java applications in production. Unlike other tools, it has no performance penalty. And unlike security scanners that report vulnerabilities on all code, including code that is present but unused, Vulnerability Detection pinpoints code that actually runs in production to efficiently prioritize the backlog to focus on vulnerable code that is used. DevOps teams responsible for keeping applications secure can keep their attention on real threats without wasting time on code that never runs.
Vulnerability Detection helps teams prioritize and de-prioritize CVEs based on whether the component loaded in production. Intelligence Cloud now goes beyond this to address the question of unused code – do I need this code at all?
Code Inventory identifies code that exists in a company’s servers but doesn’t run. It’s a clutter finder. It’s the only solution that accurately identifies unused and dead code for removal by precisely detailing what custom and third-party code is running.
Inefficient prioritization of unused code for removal wastes effort, hampers agility, and reduces developer productivity due to unproductive code maintenance tasks.
With Code Inventory, we identified large portions of unused code, archived it, and now spend our time working on the important parts. This has significantly sped up our development cycles.
A recent study from Goldman Sachs’ DevOps organization underscores the importance of deleting unused and dead code by revealing that they:
For many software engineers, the last decade of rapid feature design has amassed large amounts of code that they own. The authors of this code have often changed teams, or business owners have selected to prioritize features over reducing technical debt. The pace of feature delivery has slowed for some applications and creates a stressful workplace for software engineers. Sometimes small changes that feel like they could be done quickly take entire sprints, leading to dissatisfaction from both the engineers and the stakeholders, both of whom want a faster pace.
An Azul Intelligence Cloud user from a leading fintech trading firm recently told us, “We acquired another firm recently and aren’t familiar with their codebase. It contains millions of lines of code – reading and understanding that code would take months. With Code Inventory, we identified large portions of unused code, archived it, and now spend our time working on the important parts. This has significantly sped up our development cycles.”
Code Inventory helps by passively building up an inventory of what code runs within the application. This inventory is built up based on the first-execution of each method. As an application runs over time, methods are invoked and recorded. There is no need for teams to dedicate time towards finding dead or unused code. This inventory can include queries later to evaluate what ran, as well as the first/last time it was seen. Methods that never run are present in the source/bytecode but not the code inventory, making them a candidate for deprecation and removal.
Code Inventory is best used over time and helps teams build confidence the longer it runs. Often the application owner has an idea that some code is unused but just wants the comfort of verification. This first tier can be watched for a short time, maybe a few weeks, before making the decision to deprecate and remove that code. The longest amount of code may deal with annual reporting modules, where teams should monitor execution. A shopping portal, for example, may need to go through a major annual holiday time to see what they can safely deprecate and get rid of. A large portion can be determined over a few months. In general, though, the benefit is from teams passively building up the list of “what’s still used” to identify “what’s not used anymore” without impacting standard feature work and schedules.
Intelligence Cloud works with any JVM from any vendor or distribution including Azul, Oracle, Amazon, Microsoft, RedHat, and Temurin to dramatically slash time from unimportant tasks across an enterprise’s entire Java estate. It frees up developers for more important business initiatives and improves DevOps productivity. Try Intelligence Cloud, including Vulnerability Detection and Code Inventory, and see if it’s right for your business.
The post Improve DevOps Productivity with Azul Intelligence Cloud for Any JVM appeared first on Azul | Better Java Performance, Superior Java Support.
*** This is a Security Bloggers Network syndicated blog from Security Blog Posts – Azul authored by Erik Costlow. Read the original post at: https://www.azul.com/blog/improve-devops-productivity-with-azul-intelligence-cloud-for-any-jvm/
Secure Coding Practices
Step 1 of 7
14%
Does your organization currently implement secure guardrails in the software development process?(Required)
Yes, extensively across all projects
Yes, but only in specific projects or teams
In the process of implementation
No, but planning to in the near future
No, and no plans to implement
What are the biggest challenges you face in implementing secure guardrails within your development processes? (Select all that apply)(Required)
Lack of awareness or understanding
Technical difficulties in integration
Resistance from development teams
Lack of suitable tools
Cost constraints
Other
Other, tell us more:
How effective do you find secure guardrails in preventing security vulnerabilities in your projects? Rate on a scale from 1 (Not effective) to 5 (Highly effective)(Required)
1
2
3
4
5
To what extent are your secure guardrails automated?(Required)
Fully automated
Mostly automated with some manual processes
Equally automated and manual
Mostly manual with some automation
Entirely manual
What features do you prioritize in a secure guardrail solution? (Rank in order of importance)Ease of integration into existing workflowsComprehensive coverage of security vulnerabilitiesCustomizability for specific project needsMinimal impact on development speedActionable insights and recommendationsSupport for a wide range of programming languages and frameworks
What are your organization’s plans regarding the adoption or enhancement of secure guardrails within the next 12 months?(Required)
Expand the use of secure guardrails to more projects
Enhance the capabilities of existing secure guardrails
Maintain current level of secure guardrail use without changes
Reduce reliance on secure guardrails
No plans related to secure guardrails
What best describes your primary role?(Required)
Security Engineer
DevOps Engineer
Platform Engineer
Security champion on the development team
Software Developer
CISO (or equivalent)
Sr. Management (CEO, CTO, CIO, CPO, VP)
Manager, Director
Other
Δ