Pivotal Releases Commercial Version Of Concourse, An Internal Continuous Integration Tool Capable Of Rapidly Closing Security Vulnerabilities
Pivotal Software Wednesday released a commercial version of Concourse, an open-source tool developed internally to automate software delivery, that can be employed to enhance security for enterprise applications.
Concourse for Pivotal Cloud Foundry enables continuous integration processes, including automated updating and patching of software running at all layers of Pivotal's popular development platform, Justin Smith, Pivotal's chief security officer, told CRN.
The new turnkey version of the tool originally built to enhance Pivotal's internal continuous integration/continuous delivery pipeline is particularly well-suited for closing vulnerabilities across Cloud Foundry stacks and ensuring software is always compliant, he said.
"We found security of our platform is directly proportional to how fast an organization can deploy our patches," Smith said. "PCF Concourse is a huge step forward in making those updates, at the app tier or the platform itself, a zero-click operation."
Pivotal's distribution of Cloud Foundry is ubiquitous in the enterprise—the Platform-as-a-Service solution undergirds production apps across the Fortune 500.
Concourse for PCF removes friction from the process of updating software built on that platform, as well as the very nuts and bolts of the platform itself, Smith said. That allows IT security teams to focus on higher-level matters.
Software at the IaaS and PaaS layers "that's running your apps has to be updated as quickly as your apps are," Smith said. Where Cloud Foundry is "software that runs software," Concourse is "software that deploys software."
Pivotal built the tool because of dissatisfaction with other continuous integration solutions on the market. The San Francisco-based software developer that spun out of EMC, and whose investors include VMware, Dell EMC and General Electric, ultimately switched all its systems onto Concourse, which it open sourced in August 2015.
"We use it inside of Pivotal for doing all of our build and test integrations and for deploying into our hosted web services," he said.
The new commercial version packages the open-source software into a turnkey bundle that can be put to work maintaining compliance controls, security and standardization, in addition to deploying apps.
Concourse for PCF allows enterprise software to be updated in a similar style to Google's Chrome operating system—quick and effortless.
"This is the realization of that inside the data center," Smith said.
The tool is valuable for both cloud and on-premises deployments of Pivotal Cloud Foundry.
Internally, Pivotal uses Concourse to maintain the hosted Cloud Foundry environments it deploys on Google Cloud Platform and Amazon Web Services. But the tool works just as well on VMware's vSphere and OpenStack clouds.
While cloud operators maintain the infrastructure layer, customers are still responsible for ensuring the integrity of the operating systems and middleware they're running on guest VMs.
"We take care of that layer that's above the host layer," Smith said.