GitLab Introduces Advanced Vulnerability Tracking to Tackle Code Volatility and Double Reporting - Related to a, collaborate, double, advanced, deep

Cloud Giants Collaborate on New Kubernetes Resource Management Tool

Google Cloud, AWS, and Microsoft Azure have jointly unveiled a new open-source project called Kube Resource Orchestrator (kro, pronounced "crow"). The project is an attempt to standardise how Kubernetes resources are grouped together and deployed, and it aims to make it easier for platform teams to deploy workloads.

The announcement explains that Kubernetes lacks a native method for platform teams to create custom groups of resources that can be used by development teams, with many organisations using client-side templating tools like Helm or Kustomize, or building their own custom Kubernetes controllers. These approaches often proved costly to maintain and difficult for non-specialists to use effectively.

With kro, you can group your applications and their dependencies as a single resource that can be easily consumed by end individuals - Abdelfettah Sghiouar and Nic Slattery.

The core innovation of kro is the introduction of the ResourceGraphDefinition custom resource. kro encapsulates a Kubernetes deployment and its dependencies into a single API, enabling custom end-user interfaces that expose only the parameters applicable to a non-platform engineer. This masking hides the complexity of API endpoints for Kubernetes and cloud providers that are not useful in a deployment context.

The post outlines two practical examples of kro's application. In the first scenario, a platform engineer uses kro to give organisation members self-service access to create Google Kubernetes Engine (GKE) clusters with pre-configured administrative workloads, policies, and security settings. The second example demonstrates how DevOps engineers can create reusable definitions for web applications, encapsulating all necessary resources from deployments and services to monitoring agents and cloud storage.

Kro works seamlessly with the existing cloud provider Kubernetes extensions that are available to manage cloud resources from Kubernetes. These are AWS Controllers for Kubernetes (ACK), Google's Config Connector (KCC), and Azure Service Operator (ASO).

kro enables standardised, reusable service templates that promote consistency across different projects and environments, with the benefit of being entirely Kubernetes-native. It is still in the early stages of development. "As an early-stage project, kro is not yet ready for production use, but we still encourage you to test it out in your own Kubernetes development environments," the post states.

In a post on the AKS Engineering Blog, Bridget Kromhout and Matthew Christopher offer a brief overview of the kro project from Microsoft's perspective. This post emphasises Microsoft Azure's collaboration with AWS and Google Cloud on this Kubernetes-native tool designed to simplify resource management. Kromhout and Christopher also offer Azure-specific implementation examples and highlights opportunities for community involvement.

We're centering the needs of customers and the cloud native community to offer tooling that works seamlessly no matter where you run your K8s clusters - Matthew Christopher & Bridget Kromhout.

A walkthrough on the kro website goes under the hood to explain how kro works, explaining how kro creates a ResourceGraphDefinition by first generating a Directed Acyclic Graph (DAG) to understand the dependencies of a definition, validating them and establishing the correct deployment order. It then creates a new CustomResourceDefinition (CRD) in the Kubernetes cluster for the resources.

Some community commentary has pondered kro's ability to augment or replace other well-established tools, such as Crossplane - an open-source CNCF project that lets individuals orchestrate cloud resources with Kubernetes, and Helm, the package manager for defining, installing and upgrading Kubernetes applications.

In a YouTube video on the DevOps Toolkit channel, Viktor Farcic discusses kro's launch. He also considers its impact on Crossplane. Farcic was initially excited by kro's potential to simplify composing cloud resources, and he successfully created a simple application definition that generated correct Kubernetes resources. However, Farcic found that more complex scenarios involving conditional resource creation and database integration caused numerous issues, such as missing default values and owner references and changes from ResourceGroups not propagating properly to existing resources.

He also notes that using YAML for imperative constructs isn't ideal, and that adding more logic to a format not designed for it could lead to "abominations". Most significantly for the Crossplane community, Farcic questioned kro's purpose given its functional overlap with existing tools. "kro is serving more or less the same function as other tools created a while ago without any compelling improvement," he observed. While kro appeared to offer a simpler syntax with less boilerplate, he says it currently provides only a fraction of Crossplane's functions and is not yet a viable replacement, especially as Crossplane supports multiple languages.

In a blog post pondering "Is the Helm Killer Finally Here?", Wilson Spearman of Parity indicates that Helm's architecture has fundamental constraints in managing dependencies, handling CRD upgrades and in properly managing lifecycles, and kro succeeds in having a more human-friendly and readable syntax. Spearman concludes with a prediction that Helm will continue for open-source and smaller organisations, with kro taking mindshare in the enterprise.

The kro project is available on GitHub under joint ownership by teams from Google, AWS, and Microsoft, with the community invited to contribute to its development. Comprehensive documentation and example use cases are available on the project's website.

Microsoft has released Visual Studio 2022 [website], introducing significant improvements in AI-assisted development, debugging, productivity, and cloud ......

in the recent past I've been asked to work on a solution of efficiently running Cypress component tests on pull requests without taking a lot of time. At first,......

If you’re heading to KubeCon Europe in London this April, chances are you’re not paying to sample the food. You’re going for the sessions and specific......

GitLab Introduces Advanced Vulnerability Tracking to Tackle Code Volatility and Double Reporting

GitLab has introduced a new feature that addresses two significant challenges in vulnerability management: code volatility and double reporting. Code volatility refers to the frequent changes in codebases that can reintroduce previously resolved vulnerabilities, while double reporting occurs when multiple security tools identify the same vulnerability. This new feature integrates advanced tracking mechanisms to tackle these issues, enhancing the accuracy and efficiency of vulnerability detection and management.

Julian Thome, Staff Backend Engineer at GitLab summarised the announcement in a blog post. Highlighting the challenges of tracking vulnerabilities in dynamic codebases and heterogeneous environments, Thome mentioned that this new feature is particularly useful for teams practicing DevSecOps.

In modern software development, DevSecOps integrates security into the development lifecycle, enabling teams to deliver functions quickly while maintaining security standards. However, the dynamic nature of CI/CD pipelines and the use of multiple Static Application Security Testing (SAST) tools create two significant challenges. The first is code volatility, where frequent changes in codebases can reintroduce previously resolved vulnerabilities. The second is double reporting, where multiple tools investigation the same vulnerability, leading to duplication and inefficiency. These challenges make vulnerability management difficult for developers and security teams to identify unique issues and prioritize fixes effectively.

GitLab's Advanced Vulnerability Tracking is designed to address these challenges by improving the accuracy and efficiency of vulnerability identification. The feature uses contextual information from generated syntax trees to scope vulnerabilities more precisely.

Traditional methods often rely on pairs to identify vulnerabilities. The new feature utilizes a method called "location fingerprinting," which generates identifiers for vulnerabilities that are less fragile across code changes compared to traditional tracking methods.

A study conducted by GitLab demonstrated that its Advanced Vulnerability Tracking method is 30% more effective than traditional line-based tracking. The study also found that the benefits of this approach increase over time.

We saw an interesting conversation on Reddit about Centralized Vulnerability Management tools. The original poster invited suggestions for centralised vulnerability management tools from the tech community. The responses on the post included tools such as Qualsys, Tenable, Vanta, Plextrac, etc.

About narrowing down the vulnerability management tool, one of the Reddit clients, Beneficial_West_7821, gave an insightful response,.

[website] highly recommend running a technical PoV and making sure you pay attention to things like compatibility in practise with your security tool landscape, as well as aggregation, de-duplication, configurability, dashboarding, reporting etc. There is a very wide range of capability and maturity in the market, and performance can vary significantly (for example in ingestion and processing, as well as in responsiveness of the UI).

The findings from the study related to Advanced Vulnerability Tracking method will be presented at the 47th International Conference on Software Engineering (ICSE) 2025 in the Software Engineering in Practice Track. The preprint of the study is named "A Scalable, Effective, and Simple Vulnerability Tracking Approach for Heterogeneous SAST Setups Based on Scope+Offset," authored by Lucas Charles, Jason Leasure, and Hua Yan.

Web3 represents the next phase of the internet, shifting from centralized control to a decentralized, blockchain-powered ecosystem. This......

We're a place where coders share, stay up-to-date and grow their careers....

If you’re heading to KubeCon Europe in London this April, chances are you’re not paying to sample the food. You’re going for the sessions and specific......

Microsoft Releases BioEmu-1: A Deep Learning Model for Protein Structure Prediction

Microsoft Research has introduced BioEmu-1, a deep-learning model designed to predict the range of structural conformations that proteins can adopt. Unlike traditional methods that provide a single static structure, BioEmu-1 generates structural ensembles, offering a broader view of protein dynamics. This method may be especially beneficial for understanding protein functions and interactions, which are crucial in drug development and various fields of molecular biology.

One of the main challenges in studying protein flexibility is the computational cost of molecular dynamics (MD) simulations, which model protein motion over time. These simulations often require extensive processing power and can take years to complete for complex proteins. BioEmu-1 offers an alternative by generating thousands of protein structures per hour on a single GPU, making it 10,000 to 100,000 times more computationally efficient than conventional MD simulations.

BioEmu-1 was trained on three types of datasets: AlphaFold Database (AFDB) structures, an extensive MD simulation dataset, and an experimental protein folding stability dataset. This method allows the model to generalize to new protein sequences and predict various conformations. It has successfully identified the structures of LapD, a regulatory protein in Vibrio cholerae bacteria, including both known and unobserved intermediate conformations.

BioEmu-1 demonstrates strong performance in modeling protein conformational changes and stability predictions. The model achieves 85% coverage for domain motion and 72–74% coverage for local unfolding events, indicating its ability to capture structural flexibility. The BioEmu-Benchmarks repository provides benchmark code, allowing researchers to evaluate and reproduce the model’s performance on various protein structure prediction tasks.

Experts in the field have noted the significance of this advancement. For example, Lakshmi Prasad Y. commented:

The open-sourcing of BioEmu-1 by Microsoft Research marks a significant leap in overcoming the scalability and computational challenges of traditional molecular dynamics (MD) simulations. By integrating AlphaFold, MD trajectories, and experimental stability metrics, BioEmu-1 enhances the accuracy and efficiency of protein conformational predictions. The diffusion-based generative approach allows for high-speed exploration of free-energy landscapes, uncovering crucial intermediate states and transient binding pockets.

Moreover, Nathan Baker, a senior director of partnerships for Chemistry and Materials at Microsoft, reflected on the broader implications:

I ran my first MD simulation over 25 years ago, and my younger self could not have imagined having a powerful method like this to explore protein conformational space. It makes me want to go back and revisit some of those molecules!

BioEmu-1 is now open-source and available through Azure AI Foundry Labs, providing researchers with a more efficient method for studying protein dynamics. By predicting protein stability and structural variations, it can contribute to advancements in drug discovery, protein engineering, and related fields.

More information about the model and results can be found in the official paper.

Extract, transform, and load (ETL) is the backbone of many data warehouses. In the data warehouse world, data is managed through the ETL process, whic......

In the wave of big data, the data volume of enterprises is growing explosively, and the requirements for data processing and analysis are becoming inc......

The TC39 committee, which oversees JavaScript standards, advanced three JavaScript proposals to Stage 4 at its February meeting. Evolving to stage fou......