Pivotal Software Wednesday released a commercial version of Concourse, an open-source tool developed internally to automate software delivery, that can be employed to enhance security for enterprise applications.
Concourse for Pivotal Cloud Foundry enables continuous integration processes, including automated updating and patching of software running at all layers of Pivotal's popular development platform, Justin Smith, Pivotal's chief security officer, told CRN.
The new turnkey version of the tool originally built to enhance Pivotal's internal continuous integration/continuous delivery pipeline is particularly well-suited for closing vulnerabilities across Cloud Foundry stacks and ensuring software is always compliant, he said.
"We found security of our platform is directly proportional to how fast an organization can deploy our patches," Smith said. "PCF Concourse is a huge step forward in making those updates, at the app tier or the platform itself, a zero-click operation."
Pivotal's distribution of Cloud Foundry is ubiquitous in the enterprise—the Platform-as-a-Service solution undergirds production apps across the Fortune 500.
Concourse for PCF removes friction from the process of updating software built on that platform, as well as the very nuts and bolts of the platform itself, Smith said. That allows IT security teams to focus on higher-level matters.
Software at the IaaS and PaaS layers "that's running your apps has to be updated as quickly as your apps are," Smith said. Where Cloud Foundry is "software that runs software," Concourse is "software that deploys software."
Pivotal built the tool because of dissatisfaction with other continuous integration solutions on the market. The San Francisco-based software developer that spun out of EMC, and whose investors include VMware, Dell EMC and General Electric, ultimately switched all its systems onto Concourse, which it open sourced in August 2015.
"We use it inside of Pivotal for doing all of our build and test integrations and for deploying into our hosted web services," he said.
The new commercial version packages the open-source software into a turnkey bundle that can be put to work maintaining compliance controls, security and standardization, in addition to deploying apps.