Platform Use cases
Continuously Monitor Security Across Your Entire Application Portfolio
Continuously Surveil Vulnerabilities and Security Risks Based on Release Versions
DeployHub Versions the Supply Chain with Historical Trend Analysis
Your Supply Chain Changes Continuously
DeployHub’s Inspector continuously watches your software lifecycle from the first commit to final deployment and beyond, ensuring adherence to internal security policies and instantly flagging vulnerabilities. DeployHub understands your logical application structure, versions, releases, and domains, providing vital context as your cloud-native environments evolves. View the usage of every shared component across your logical application ecosystem.
Your Software Supply Chain changes every day and, in some cases, every hour. For this reason, capturing and versioning the changes is essential for comparisons and historical trend analysis. IT teams have become accustomed to the concepts of versioning source code and tracking changes over time with the ability to roll back to a previous state quickly. Versioning your software supply chain provides similar insights and benefits.
Software supply chain version management tracks every software component consumed in the supply chain and captures the component configuration, security, and DevOps data for each new version introduced. Software supply chain version management is becoming increasingly important to support decoupled, cloud-native development, where thousands of objects are continuously pushed into the software supply chain.
DeployHub Versions the Changes in Your Supply Chain
DeployHub performs software supply chain versioning by tracking every software component consumed in the supply chain and capturing the component configuration, security, and DevOps data for each new version. Software supply chain versioning is becoming increasingly important to support decoupled, cloud-native development, where thousands of objects are continuously pushed into the software supply chain. One might ask, “What does the future look like when I manage and track hundreds of components that comprise a single version of my software application?” Most teams will need more than an Excel spreadsheet to track and version components.
DeployHub’s versioning engine tracks all changes across the supply change for historical comparisons. Like source code versioning, DeployHub snapshots the configuration details of the component and logical application versions. This information is used for comparisons and tracking trends over time.
DeployHub Exposes Version Drift
‘Drift’ is a common issue across the software supply chain, particularly in decoupled architectures. Drift is created when different versions of a single component run in multiple environments. DeployHub exposes when multiple versions of the same component is running in different environments. Exposing drift allows DevOps teams to correct issues and maintain version standards, simplifying rapid response to vulnerabilities.
Best Practices for Component Versioning
At the core of versioning your software supply chain is tracking every microservice and component. It is important to remember that components are deployed independently and frequently. Second, a component is more than just a container image. It has many attributes that need to be versioned and tracked. DeployHub uses the following best practices when defining a component version:
- Best Practice #1: A component’s attributes go beyond the contents of the container. Versioning the SBOM, CVE, licensing, Swagger details, Key-Value pairs, deployment logic, and endpoint configurations are all part of the component’s configuration and should also be versioned and tracked.
- Best Practice #2: Don’t change the name of the components; only update the image value with the image tag.
- Best Practice #3: Logically track a version number for every release. Use semantic versioning. Calendar versioning can get confusing if a service is changed multiple times in a single day.
- Best Practice #4: Use the Git Commit SHA in the semantic versioning number. This helps connect back to the developer’s change.
- Best Practice #5: Logically track the component’s consuming applications as part of the versioning strategy. Using this best practice will provide a clear picture of their impact.
- Best Practice #6: Include a snapshot of the service-to-service API endpoint relationships.
Conclusion
DeployHub simplifies the complexities of a decoupled architecture with component versioning designed to create a federated view of the changes in your software supply chain. Features of using DeployHub for component versioning include:
- Exposes ‘drift’ across all environments quickly
- Identifies open-source packages the component version depends upon
- Component Domain organization for sharing, reuse, and control
- Component trends with historical data
- Component version comparisons
- Component to logical application relationships
- Components Blast Radius
DeployHub uses the concepts of domains, environment, application, and component to provide the framework for versioning services with their metadata.
Make Your Security Intelligence Actionable
Put Your SBOM Data to Work. Signup for DeployHub Team, the free SaaS software supply chain security platform. DeployHub Team is based on the Ortelius Open-Source project incubating at the Continuous Delivery Foundation.
Explore DeployHub
Platform Use Cases
Bridge your dev, security and ops teams through shared insights.
Discover and de-risk your open-source usage organization-wide.
Aggregate SBOMs and instantly comply with executive order 14028.
Continuously monitor security across your entire application portfolio.
Assess impact of a vulnerability’s blast radius.
Transform devops pipelines with devsecops tool integration.