It provides a unified framework for policy creation and management across multiple clouds, simplifies policy writing, and supports popular authorization models such as role-based and attribute-based access control. Additionally, AWS has adopted a verification-guided development process to ensure the security and safety of Cedar.

The open-sourcing of the project also includes the Cedar language specification and SDK which offers libraries for authoring and validating policies and authorizing access requests. 

Amazon Verified Permissions uses Cedar to allow you to manage fine-grained permissions in your custom applications. With Amazon Verified Permissions, you can store Cedar policies centrally, have low latency with millisecond processing, and audit permissions across different applications. 

The open-source libraries of Cedar allow users to test and validate policies on their own computers before deploying them with Amazon Verified Permissions. This makes it possible to use Cedar to run applications not connected to the network, allowing users to customize the libraries to meet their needs.

Additional details on the project are available here. 

The post SD Times Open-Source Project of the Week: Cedar appeared first on SD Times.

The Harness CET provides several advantages to developers, such as minimizing the occurrence of defects that go undetected, removing the need for manual troubleshooting, and enabling quicker resolution of customer problems. This enables teams to identify and resolve issues within a matter of minutes instead of weeks, resulting in enhanced satisfaction for both the developers and end-users.

“Our goal is to empower developers by providing a solution that addresses the pain points unmet by traditional error tracking and observability tools,” said Jyoti Bansal, CEO and co-founder of Harness. “Harness Continuous Error Tracking offers unparalleled visibility and context, enabling teams to quickly identify, diagnose, and resolve issues, ultimately ensuring a better experience for both developers and customers.”

The tool includes runtime code analysis that provides complete visibility into every exception’s source code, variables, and environment state. These issues are routed directly to the right developer for faster resolution. CET also provides the full context of errors including code variables and objects up to ten levels deep into the heap.

CET creates guardrails to ensure only high-quality code advances which prevents unreliable releases from being promoted to staging and production environments.

In addition, release stability allows developers to compare current or past releases to understand trends in new, critical, and resurfaced errors.

The tool integrates with monitoring solutions such as AppDynamics, Dynatrace, Datadog, New Relic, and Splunk. It also natively integrates into Harness build and deployment pipelines or it can be used as a standalone solution.

The post Harness announces new feature to proactively identify errors appeared first on SD Times.

The new code search engine has been remodeled to be two times faster than the old one and has more capabilities such as supporting substring queries, regular expressions, and symbol search.

Code Search understands a user’s code and brings relevant results at high speeds by searching across multiple repositories. Users can search using regular expressions, boolean operations, keyboard shortcuts, and more.

“Imagine that a user complains that they received an error message from your service saying ‘query is not satisfiable.’ You’re not sure which system produced this error message, or which repository the code is in,” ​​Colin Merkel, software engineer at GitHub, wrote in a blog post. 

“Without code search, you might have to clone a bunch of repositories and grep through them, or ask a knowledgeable coworker. But with code search, you can instantly search across all of an organization’s code at once.” 

As an example, if a company uses Kubernetes and their infrastructure team reports a shortage of memory in their cluster, one approach could be to search for YAML configuration files containing the term “memory” across the team’s code. The search results, which can be saved with a query such as “saved:blackbird lang:yaml memory,” would reveal the Kubernetes configuration files for the team’s services and their allocated memory. The search results could then be shared with the infrastructure team to initiate a discussion on the memory allocation for those services.

For teams using React, the prop dangerouslySetInnerHTML is a well-known feature that enables the direct injection of HTML into an element using a string. However, it can pose a security risk if the string being injected is untrusted. One way to identify potential vulnerabilities is by searching for the usage of this prop across GitHub’s codebase using a query such as “repo:github/github dangerouslySetInnerHTML.” The search results could reveal any occurrences of the prop, including some linter rules that forbid its use. 

GitHub also redesigned its code view to integrate search, browsing, and code navigation. The company stated that this launch is just the beginning and it is infusing intelligence into every aspect of software development moving forward. 

The post GitHub launches new code search and code view appeared first on SD Times.

Microsoft also announced that it’s moving from text-only search & chat to one that’s more visual with rich image/video answers and new multimodal support coming shortly. Users can get more visual answers including charts and graphs and updated formatting of answers, to help them find information more easily. Image Creator has also been expanded to all languages in Bing.

Microsoft Edge will be redesigned with a sleeker and enhanced UI and is adding the ability to incorporate visual search in chat so that users can upload images and search the web for related content.

Chat history allows users to pick up where they left off and return to previous chats in Bing chat with chat history. Chats can then be moved to Edge Sidebar so that they can be kept on hand while browsing. 

Microsoft stated that it will soon add export and share functionalities into chat for times when people want to easily share conversations with others on social media.

“The new AI-powered Bing has already helped people more easily find or create what they are looking for, making chat a great tool for both understanding and taking action. The integration of Image Creator saves you time by completing the task of creating the image you need right within chat,”  Yusuf Mehdi, corporate vice president and consumer chief marketing officer wrote in a blog post that contains additional details on the new features. 

The post Microsoft Bing AI moves to Open Preview, eliminating waitlist appeared first on SD Times.

Vercel KV is a serverless Redis solution that’s easy and durable, powered by Upstash. With Vercel KV, it’s possible to generate Redis-compatible databases that can be written to and read from Vercel’s Edge Network in regions that you designate, requiring only minimal configuration.

Vercel Postgres is a serverless SQL database built for the frontend, powered by Neon. Vercel Postgres provides a completely managed, fault-tolerant, and highly scalable database that offers excellent performance and low latency for web applications. It’s specifically designed to work flawlessly with Next.js App Router and Server Components, as well as other frameworks like Nuxt and SvelteKit. This makes it easy to retrieve data from your Postgres database and use it to create dynamic content on the server with the same rapidity as static content.

Lastly, Vercel Blob enables users to upload and serve files at the edge, and is powered by Cloudflare R2. Vercel Blob can store files like images, PDFs, CSVs, or other unstructured data and it’s useful for files normally stored in an external file storage solution such as Amazon S3, files that are programmatically uploaded or generated in realtime, and more. 

“Frameworks have become powerful tools to manipulate backend primitives. Meanwhile, backend tools are being reimagined as frontend-native products. This convergence means bringing data to your application is easier than ever, and we wanted to remove the final friction point: getting started,” Vercel stated. 

Vercel KV, Vercel Postgres, and Vercel Blob are built on open standards and protocols, designed for low latency, efficient data fetching, and fully integrated with Vercel’s existing tools and workflows.

Additional details are available here. 

The post Vercel introduces a suite of serverless storage solutions appeared first on SD Times.

In CMake projects, users can simply click the “Run CTest” icon along the bottom status bar or the “Testing” side panel icon to launch the test explorer.

When the project is configured, the tests in your CMakeLists.txt will load in the Test Explorer.

The new feature allows users to view their tests’ detailed status and results, run specific tests or sets of tests, debug tests, and view test output. The tool also includes a refresh button for updating test information.

This release also features open-source community contributions from users.

Microsoft stated that it plans to experiment with the CMake tools’ user experience settings and implement CMake language services and a CMake Debugger in the future. 

Additional details are available here. 

The post CMake Tools 1.14 in VS Code adds Test Explorer for CTest appeared first on SD Times.

The accelerator will provide a 10-week program for 8-12 startups and will offer them access to Google Cloud resources, mentorship, technical expertise, and networking opportunities. 

Startup founders and leaders can also benefit from deep dives and workshops on product design, customer acquisition, and leadership development. 

“Thanks to truly amazing mentorship and direct access to Googlers, we have been able to reach new levels of specialized knowledge and deployment capability in our GCP architecture and artificial intelligence projects. From a technical perspective to a business growth standpoint, this is simply invaluable,” said Francois Gand, founder, and CEO at NURO. “What we have built in three months with Google will be a part of our upcoming next-gen product line in both Healthcare and Non-Healthcare settings. We deeply thank all Googlers for their exceptional participation in our journey.”

Applications are now being accepted until May 30, and the Accelerator will kick off this July. Google has already partnered with digital-native companies such as cart.com to democratize e-commerce and with startups like kimo.ai which leverages tools to transform traditional approaches to online learning. 

“Around the world, the cloud is helping businesses and governments accelerate their digital transformations, scale their operations, and innovate in new areas. At Google Cloud, we’re helping businesses solve some of their toughest challenges,” Google stated in a blog post. 

The post Google launches inaugural North American Google for Startups Accelerator appeared first on SD Times.

“InfluxDB 3.0 is a major milestone for InfluxData, developed with cutting-edge technologies focused on scale and performance to deliver the future of time series,” said Evan Kaplan, CEO at InfluxData. “Built on Apache Arrow, the most important ecosystem in data management, InfluxDB 3.0 delivers on our vision to analyze metric, event, and trace data in a single datastore with unlimited cardinality. InfluxDB 3.0 stands as a massive leap forward for both time series and real-time analytics, providing unparalleled speed and infinite scalability to large data sets for the first time.”

The solution was originally developed as the open-source project InfluxDB IOx and was built in Rust. It was then rebuilt as a columnar database that leverages the scale and performance of the Apache Arrow data structure to deliver real-time query responses. 

Users can also benefit from unlimited cardinality and high throughput to continuously ingest, transform, and analyze billions of time series data points, low-cost object store, and SQL language support. 

The new version is available now in InfluxData’s cloud products, including the fully managed service InfluxDB Cloud Dedicated. InfluxData also announced InfluxDB 3.0 Clustered and InfluxDB 3.0 Edge to give developers next-gen time series capabilities in a self-managed database and InfluxDB 3.0 will be available in these products later in the year.

The post InfluxDB 3.0 released with rebuilt database and storage engine for time series analytics appeared first on SD Times.

The software includes all the code, examples, and documentation businesses need to add safety to AI apps that generate text. NVIDIA said it’s releasing the project since many industries are adopting large language models (LLMs), the powerful engines behind these AI apps. 

Users can set up three kinds of boundaries with NeMo Guardrails: topical, safety, and security. 

With topical guardrails, apps can be prevented from going into unwanted areas by implementing topical guardrails. An instance of this is preventing customer service assistants from responding to inquiries regarding the weather.

Safety guardrails ensure apps respond with accurate, appropriate information. They can filter out unwanted language and enforce that references are made only to credible sources.

Security guardrails restrict apps to make connections only to external third-party applications known to be safe.

The tool is compatible with the tools that enterprise app developers commonly use. For example, it is capable of functioning on LangChain, an open-source toolkit that developers are readily embracing to incorporate third-party applications with LLMs. Furthermore, NeMo Guardrails is designed to be versatile enough to function with a wide range of LLM-enabled applications, including Zapier.

The project is being incorporated into the NVIDIA NeMo framework that already has open-source code on GitHub.

The post NVIDIA’s NeMo Guardrails adds security features to AI chatbots and generative AI appeared first on SD Times.

The company’s aim behind the improvements is to help fill the skills gap since security engineers are outnumbered and 85% of respondents to a 2023 GitLab Global DevSecOps Report: Security Without Sacrifices report said their security budgets are flat or reduced. 

“We believe in a simple mantra: Velocity with guardrails. Artificial intelligence technologies and automation solutions accelerate code creation and, when paired with a comprehensive DevSecOps platform, create the security and compliance guardrails that every company needs,” GitLab stated in a blog post. 

Code Suggestions, which can improve developer productivity without context switching and within a single DevSecOps platform, is free for all Ultimate and Premium Customers in the Beta.

The recently introduced Value Streams Dashboard offers decision-makers valuable insights into metrics that can help them recognize patterns and trends, enabling them to optimize software delivery. The dashboard takes into account the DORA metrics and tracks the flow of value delivery across various projects and groups, providing strategic insights that can aid in improving the overall software delivery process.

In addition to other features, users of GitLab can establish license policies and examine software licenses for compliance. The scanner tool can retrieve license information from packages that are dual-licensed or have multiple licenses that apply. Moreover, it can identify more than 500 types of licenses, which is a significant improvement from the previous capability of identifying only 20 types of licenses. 

With the help of license approval policies, organizations can minimize the risk of using unapproved licenses, which can save them time and effort that would otherwise be needed to manually ensure compliance.

GitLab also stated that it now automatically revokes PATs leaked in public GitLab repositories to mitigate the risk of a developer mistakenly committing a PAT into their code. Leaked secrets in public projects can be responded to by revoking the credential or notifying the vendor who issued it. 

The company said that there will be more guardrails coming in 2023. One is group and subgroup dependency lists that provide users with a simple way to view their projects’ dependencies. Other capabilities will include continuous container and dependency scanning, management tools for compliance frameworks, and SBOM ingestion to import CycloneDX files from third-party tools. 

The post GitLab announces new AI-powered capabilities appeared first on SD Times.