CyberArk has announced the availability of an open source version of CyberArk Conjur. CyberArk Conjur enables DevOps teams to automatically secure and manage secrets used by machines and users to protect containerized and cloud-native applications across the DevOps pipeline.
With increased DevOps adoption comes an expanding attack surface with an exponential set of secrets that insiders and malicious external threat actors can misuse, target and exploit. With CyberArk Conjur, DevOps teams gain the simplicity they need to incorporate security best practices into workflows. Secrets management is easily embedded into the CI/CD process through certified integrations with leading developer toolsets. The open source version of CyberArk Conjur is now available for download from www.conjur.org and GitHub.
“Developers tend to believe that security in development slows them down. Continuous Integration, DevOps practices and automation improves agility, but also introduces security risks, such as storing secrets in source code repositories or leaving credentials sitting around on disk,” said Adrian Lane, CTO, Securosis. “DevOps does not mean we need to capitulate on build security; quite the contrary. We need to automate secrets management into the process as well, and create an audit trail to prove we’re delivering code and services securely.”
CyberArk Conjur is the only platform-independent secrets management solution specifically architected for securing containers and micro-services. It can be deployed to any cloud or on-premises environment and supports massive scale. This solution allows DevOps teams to integrate security best practices into their cloud-native application development projects with ease, while giving security teams assurance that security and compliance best practices are being applied to these dynamic environments, without creating new security silos.
“JFrog uses CyberArk Conjur to secure our cloud infrastructure in order to build and deliver DevOps software like Artifactory and Bintray,” said Yoav Landman, co-founder and CTO, JFrog. “JFrog and open source go way back to when we launched the company in 2008 through today where we are providing free repositories and distribution services to millions of open source developers. As a customer, we are pleased to see that CyberArk is making a high quality open source version of Conjur available to the community.”
Expanding use of open source and the path to more secure DevOps adoption
According to 451 Research, there is a clear and quantitative relationship between adoption of open-source software and DevOps success. However, there is a gap in the tools available via the open source community to secure applications leveraging new architectures based on containers and micro-services. Many of these tools are exceedingly complex to deploy and create un-managed security islands. As the market leader and innovator in Privileged Account Security, CyberArk is uniquely qualified to contribute to better security tooling that sets a new industry standard for secrets management, enabling customers to move to a DevOps delivery model that reduces risk without impacting velocity.
“Companies embracing digital transformation are adopting DevOps methodologies and the cloud to bring new services to market at velocity, and open source and community-driven development has become the dominant paradigm,” said Elizabeth Lawler, vice president, DevOps security, CyberArk. “Conjur has benefited and contributed to the open source community throughout its history, so making Conjur available via open source is an opportunity for CyberArk to share its expertise for the betterment of cyber security globally.”
CyberArk Conjur enables organizations, regardless of where they are in their DevOps journey, to integrate secrets management and machine identity security into their projects with minimal effort. For customers that require enterprise features or integration with the CyberArk Privileged Account Security Solution, CyberArk offers a seamless upgrade path from the open source version to CyberArk Conjur Enterprise.