Parasoft announces the opening of its new office in Northeast Ohio.
Firefly Introduces Validiac
March 16, 2022
Firefly announces the release of a new open-source solution called ValidIaC, which enables DevOps and Cloud Teams to validate, secure, and map Infrastructure-as-Code (IaC) with an all-in-one browser-based tool.
Inspired by Komodor's open-source project ValidKube that combines the best open-source tools to help ensure Kubernetes YAML best practices, Firefly built a sister project for the purpose of Infrastructure-as-Code.
ValidIaC is a new open-source tool that combines several open-source projects and tools to allow developers to check their Terraform HCL (stay tuned for more IaC tools in the near future) code without changing context and from within the same workflow. ValidIaC integrates four popular tools for Terraform to bring the combined value of each tool:
- Lint - tflint, A Pluggable Terraform Linter that finds possible errors (like illegal instance types) and warns about deprecated syntax and unused declarations
- Security - tfsec uses static analysis of your Terraform templates to spot potential security issues.
- Cost - infracost, shows cloud cost estimates for Terraform, before making changes to the cloud.
- Mapping - inframap reads your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.
"Infrastructure-as-Code is changing the way modern organizations are managing their infrastructure. With ValidIaC, developers can move faster but still have confidence when it comes to security, compliance, cost, and reliability," said, Ido Neeman, CEO at Firefly.
ValidIaC makes it possible to leverage the power of four tools in a single place, at any time, directly from your browser to provide DevOps, SRE, and Cloud teams with peace of mind when deploying and managing Terraform blueprints.
"I've seen firsthand the challenges developers have with making sure that their Terraform HCL is aligned with best practices. ValidIaC will make this a simple task that anyone on the team can do, directly from their browser," said, Eran Bibi, Chief Product Officer at Firefly.
ValidIaC is an open-source tool, so community contributors can add more tools or capabilities that will help them and the community. Moreover, Firefly announced that it'll soon introduce support to more Infrastructure-as-Code tools, such as Pulumi, Cloudformation, etc.
Industry News
May 02, 2024
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
May 02, 2024
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
May 02, 2024
Nokod Security announced the general availability of the Nokod Security Platform.
May 02, 2024
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
May 01, 2024
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
May 01, 2024
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
May 01, 2024
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
May 01, 2024
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
May 01, 2024
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
April 30, 2024
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
April 30, 2024
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
April 30, 2024
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
April 29, 2024
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
April 29, 2024
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.
