Atlassian Labs introduces 3 new Bamboo plug-ins for tuning your builds

In the last month’s Atlassian Labs has introduced several new Bamboo plug ins to help monitoring your builds and pinpointing bottle necks in your build farm.

Let’s review three of the most interesting ones for build managers that have problems identifying bottlenecks and optimizing performance.

Build Times

image2016-10-28 9_58_31.png

The first one is “Build Times”. The plugin was available for older instances but support for 5.10+ has been added recently. The plugin automates the effort of going manually through the log file and writing down the timings for each step.

It add a “Build Times” tab to existing jobs showing not only Build Times but also queue time, actual build time and the time for git to checkout the sources.

Very powerful as it also allows end-users to identify why their job took so long.

Agent Usage

image2016-10-28 10_0_6.png

After installing the Build Times plugins the administrator is left with the task to identify which agents are idling and which are working overtime.

And because Bamboo license model is based on agent you want to make sure that the load is evenly spread and agent are efficiently put to use.

With the plugin it shows a list of all the agent and the time their are in use, quickly pinpointing bottlenecks. Adding or removing capabilities to agent can solve possible bottlenecks.

Bamboo Agent Notificationimage2016-10-28 10_1_14.png

Build Manager having a large amount of agent now already the problem. Agents go off-line for an various amount of reasons and only find out after a long period when jobs are hanging or build throughput slows down.

With this agent you can add notifications so you’re immediately informed of build agent going off-line. This way you can quickly respond on any problems so users don’t notice any outages.

Geplaatst in atlassian, Geen categorie | Tags: , | Een reactie plaatsen

Atlascamp 2016, Barcelona

Binnenkort de blog met wat er nu allemaal te doen was 😉

Hieronder alvast een korte visuele sfeerimpressie

Geplaatst in atlassian | Tags: | Een reactie plaatsen

Jenkins 2.0 alpha out now!

Installed the new Jenkins 2.0 last week. New improved installer which makes starting Jenkins a breeze. Backwards compatible and now with the option to build individual branches.

According to Jenkins:

“Currently, the pipeline capability can be downloaded as separate plug-ins. “Pipelines are going to be the core concept to Jenkins instead of just jobs.

So it’s really sending signal to the market that it’s a new life of Jenkins for the next few years,” CloudBees CEO Sacha Labourey.

The plug-ins in Jenkins 1.x will be compatible with Jenkins 2.0 upgrade. Also, the upgrade will enable users to cope up with the problem of highly complex Jenkins configurations. ”


More details @

Geplaatst in Geen categorie | Een reactie plaatsen

SHA-1 cracked, are your GIT archives vulnerable to attacks?

Recently it was announced that SHA-1 signatures are now susceptible to collision attacks (source).

As GIT uses SHA-1 signatures to uniquely identify objects you might ask yourself if it is still safe to store objects in your GIT code archive.

Let’s find out!

First, SHA-1 signatures are used in GIT to ensure data integrity and consistency to detect corruption by DRAM or disks etc.

However, it was never implemented as a security feature to keep attackers out. For that purpose other mechanism have been implemented in GIT: signed commits.

While in 2012 it was predicted it would take approx. $2.7M (source) to break a single hash value it can now (fall 2015) be done with a budget of $100.000 by renting CPU from a cloud provider like Amazon EC2.

If you are curious how a SHA-1 hash of an object or text string looks like you can do this by executing the following line in a DOS command window:

D:\>echo '' | git hash-object --stdin

Now, let’s assume the attacker is attacking a remote repository.

When the attacker has access to a local repository there are probably much easier and cheaper ways to inject code into a GIT repository, so this is the logical scenario.

The attacker created a file containing malicious code with an identical SHA-1 and committed it to the remote repository.

Now what happens is that the new object will not be created!

Since the malicious file that the hacker wants to inject  has the same SHA-1 has the original file in your repository the commit or GIT index ends up pointing  to the old object.

GIT thinks you have committed the same object as it has an identical SHA-1 hash.

Bottom line is that SHA-1 collisions are not very relevant for existing GIT repositories. Use signed commit messages for extra security instead.

Geplaatst in Geen categorie | Tags: | Een reactie plaatsen

Weer een flinke boost voor GIT


Google sluit de deuren van sourcecodehosting-site Code, weer een steuntje in de rug van het populaire open source versiebeheersysteem GIT. 


Geplaatst in Geen categorie | Een reactie plaatsen

Support Wikipedia

Word sponsor, net als ik! 

Geplaatst in Geen categorie | Tags: , | Een reactie plaatsen

Clearcase no more

Jarenlang gedraait met teleurstellende bezoekersaantallen. IBM die geen grof geld wil neerleggen voor mijn site: Een schande dus 😉

Daarom gooien we het over een andere boeg… gaat voortaan informatie bieden over configuration management / ALM tooling en dan vooral voor / GIT.



Geplaatst in Geen categorie | Tags: , , , , , , | Een reactie plaatsen