BoxBoat awarded GSA Multiple Award Schedule (MAS) - IT Professional Services (DevSecOps, DevOps, Kubernetes, Cloud)
by Tim Hohman
| Monday, Apr 27, 2020
| Kubernetes DevSecOps
Bethesda, MD – Boxboat Technologies, LLC, a small business provider of IT products and services to government agencies, higher education, and commercial organizations, announces that the U.S. General Services Administration (GSA) has awarded the company a new Multiple Award Schedule (Contract #47QTCA20D009F) to accelerate the sale of its DevSecOps services to this critical market.
BoxBoat has experience supporting federal agencies and public sector entities including the US Air Force, the US Navy, NIST, the Department of Energy, Colorado State University, and the State of California with application modernization, cloud migration, and DevSecOps projects but is eager to engage more deeply with government customers now that this contract vehicle is established.
Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy
by David Widen
| Friday, Apr 24, 2020
| Docker Security
As packaging applications inside Docker images becomes ubiquitous, more organizations are investing in hardening their Docker images. After you’ve run your application code through static and dynamic analysis tools, organizations typically leverage a CVE image scanner installed in their Docker registry. This allows you to identify known CVEs before containers are deployed, reducing your risk profile.
There are many vendors that provide CVE scanning tools for Docker images. Unfortunately, they don’t all catch every single CVE.
Communication and Technology in the Workplace
by Kristen Hohman, Kim DeRose
| Thursday, Feb 20, 2020
| Remote Work
Working remotely may sound like a dream to some employees. According to the U.S. Bureau of Labor Statistics (BLS), more than 26 million Americans (16% of the total workforce) now work remotely at least part of the time, an increase of 115% between 2005 and 2015. At Boxboat, we’ve embraced the digital life, with a remote-first approach to both our internal team and as a service provider.
But while remote work can benefit both employers and employees, it’s not without its challenges.
Getting Stuff Done With Argo Workflows
by Bryton Hall
| Monday, Feb 10, 2020
What is Argo? Argoproj (or more commonly Argo) is a collection of open source tools to help “get stuff done” in Kubernetes. This includes Argo Workflows, Argo CD, Argo Events, and Argo Rollouts.
What is Argo Workflows? Argo Workflows is a Kubernetes-native workflow engine for complex job orchestration, including serial and parallel execution. Argo Workflows simplifies the process of leveraging Kubernetes to help deploy these workflows.
How Argo Works Argo adds a new object to Kubernetes called a Workflow, that we can create and modify as any other Kubernetes object (like a Pod or Deployment).
Writing A Custom Terraform Provider
by Jess Bodzo
| Tuesday, Feb 4, 2020
Leveraging Custom Terraform Providers Provisioning and managing infrastructure is a critical task in DevOps. To accomplish this, modern practices rely on Infrastructure as Code (IaC). By storing your infrastructure configuration in version control systems, you can standardize configuration across your organization, and simplify infrastructure updates.
HashiCorp’s Terraform is a popular choice to accomplish that task. Terraform provides a platform-agnostic configuration language known as HashiCorp Configuration Language (HCL). HCL minimizes vendor lock-in, while creating a standard language to manage your infrastructure configuration.