Home / Companies / Harness / Blog / March 2025

March 2025 Summaries

11 posts from Harness

Filter
Month: Year:
Post Summaries Back to Blog
Software experimentation is a valuable tool for accelerating development, improving insights, and reducing risks, contrary to common misconceptions that it is risky or solely for marketers. It encompasses a range of techniques beyond just A/B testing, such as multi-variant testing, canary releases, phased rollouts, and feature flags, which enable safer and more efficient rollouts. Experimentation empowers not only product teams but also engineering teams by allowing them to measure the impact of features directly, leading to faster iterations and reduced risk. Despite fears that it might slow down processes, when done correctly, experimentation can actually speed up development by providing early insights and allowing for quick adjustments. It fosters a culture of innovation and psychological safety, encouraging teams to experiment without the fear of failure. As a fundamental part of modern software delivery, experimentation helps teams move faster and innovate boldly, providing the tools to test, learn, and iterate effectively.
Mar 31, 2025 1,068 words in the original blog post.
Adeeb Valiulla emphasizes the importance of implementing a robust Engineering Metrics Program to transform raw data into actionable insights, boosting efficiency, productivity, and business alignment within software development. By leveraging tools like Harness Software Engineering Insights and frameworks such as DORA, teams can identify bottlenecks and drive measurable improvements. The program focuses on optimizing people, processes, and tools to achieve engineering excellence, with metrics categorized into engineering excellence and business alignment. The DORA metrics, regarded as the gold standard, include Lead Time for Changes, Deployment Frequency, Mean Time to Restore, and Change Failure Rate, but deeper analysis is required to uncover underlying issues. The Harness Engineering Metrics Program offers a structured four-step approach to enhance developer productivity and business alignment by gaining visibility, setting benchmarks, targeting conditions for improvement, and iterating towards these goals. Real-world applications illustrate how the program can address issues such as PR approval times, deployment frequency, and change failure rates, while emphasizing the importance of a clear roadmap with specific objectives, timelines, and accountability to ensure continuous improvement and alignment with business outcomes.
Mar 31, 2025 971 words in the original blog post.
Resilience testing is a crucial aspect of the Software Development Life Cycle (SDLC), ensuring business services remain reliable during system disruptions, especially under high load. The article provides a detailed guide on implementing resilience testing using Grafana K6 for load testing and Harness Chaos Engineering for chaos experiments, with a focus on an e-commerce application deployed on Kubernetes. The process involves setting up roles and permissions, deploying necessary tools like the Harness Delegate, and creating resilience probes to monitor system health. The integration of load testing with chaos engineering aims to prepare systems for real-world failures by validating their performance and reliability when key components malfunction under stress. The guide outlines steps for signing up on the Harness platform, setting up a testing environment, and running parallel chaos experiments and load tests to measure system resilience. This combined approach enables teams to transition from theoretical planning to practical application, enhancing the system's ability to withstand real-world challenges.
Mar 26, 2025 1,773 words in the original blog post.
Harness CI significantly enhances Bazel builds by integrating automatic remote caching and Build Intelligence, which reduces build times by up to four times without requiring manual configuration. As projects grow in size, build times can become a bottleneck, even with efficient tools like Bazel that are known for handling large codebases effectively. Harness CI optimizes Bazel's performance by automatically managing the configuration of remote caches, ensuring that only necessary tasks are executed and unchanged files are reused, thus minimizing redundant tasks and optimizing resource usage. A benchmarking comparison highlights that Harness CI delivers faster builds compared to GitHub Actions by leveraging enhanced caching mechanisms. This integration allows developers to focus more on delivering quality code and less on waiting for builds, making it an appealing choice for those looking to optimize their Bazel build processes. Dewan Ahmed, a Principal Developer Advocate at Harness, has extensive experience addressing DevOps challenges and advocates for open-source technology, while also supporting underrepresented groups in tech through career coaching.
Mar 20, 2025 824 words in the original blog post.
In March 2025, a significant supply chain attack targeted the widely-used tj-actions/changed-files GitHub Action, compromising over 23,000 repositories and exposing sensitive CI/CD secrets. The attack, tracked as CVE-2025-30066, involved injecting malicious code through a spoofed commit, which executed a script leaking credentials via workflow logs. Initial findings suggest the breach originated from a separate attack on reviewdog/actions-setup@v1, highlighting the risk of recurrence. Security teams are advised to take immediate actions such as identifying affected repositories, rotating credentials, and enforcing security practices like pinning GitHub Actions to specific commit hashes. The incident underscores the importance of proactive security measures, and tools like Harness Supply Chain Security (SCS) can help mitigate such risks by identifying vulnerabilities and enforcing minimal token permissions. Future enhancements, including integration with the Traceable eBPF agent, aim to provide improved runtime protection by detecting leaked secrets, monitoring suspicious GitHub Action calls, and identifying malicious remote code execution attempts.
Mar 17, 2025 851 words in the original blog post.
OpenID Connect (OIDC) is an authentication protocol that enhances security and user experience by simplifying the authentication process and managing permissions, enabling secure software deployments with tools like Harness. Built on top of OAuth 2.0, OIDC acts as a digital identity card, providing a standardized way to verify user identities without the need for multiple passwords, thus supporting regulatory compliance and streamlining user management and access control. It utilizes short-term tokens to reduce security risks and ensures only legitimate users can access applications, with OAuth 2.0 determining user actions and permissions. Key components of OIDC include Relying Parties, Identity Providers, ID Tokens, UserInfo Endpoints, and Scopes and Claims, which collectively facilitate a seamless user experience and robust security measures. OIDC is particularly useful in modern applications requiring identity verification, offering advantages such as secure and seamless login, no password storage, and interoperability across platforms and identity providers. When integrated with platforms like Harness, OIDC strengthens security in software deployments, allowing organizations to focus on innovation while providing a secure and user-friendly experience.
Mar 13, 2025 1,662 words in the original blog post.
Harness Pipeline Notifications for Datadog is an integration designed to enhance the visibility of CI/CD pipelines by providing real-time event notifications directly in Datadog, allowing teams to quickly address issues and improve operational efficiency. This integration enables DevOps teams to utilize Datadog's dashboards and alerts for better monitoring and incident management, bridging the gap between CI/CD processes and monitoring infrastructure. The feature allows for configurable events, custom headers for better categorization, and native integration capabilities for enhanced search and analytics. By alerting teams to pipeline events such as stage successes or failures, the integration facilitates rapid response to potential issues, thereby minimizing downtime and optimizing the software delivery process.
Mar 13, 2025 1,251 words in the original blog post.
Platform engineering is undergoing a crucial transformation, shifting from a technology-first to a product-first mindset, with a focus on business outcomes and developer experience to navigate the "Trough of Disillusionment" depicted in the Gartner Hype Cycle. The challenges faced, such as measurement disconnects, the "build your own" trap, and adoption hurdles, are seen as growing pains of a maturing practice rather than signs of failure. Successful platform initiatives involve shifting to platform-as-product, emphasizing business-aligned metrics, embracing composability over monolithic solutions, and prioritizing developer delight. By adopting these strategies, organizations can move beyond current disillusionment and realize platform engineering's potential for delivering significant business value. Eric Minick, a recognized expert in the field, highlights that this period of reflection and recalibration sets the stage for a more sustainable and impactful future in platform engineering.
Mar 12, 2025 1,158 words in the original blog post.
Harness Feature Management & Experimentation (FME) introduces "Large Segments" to enhance feature management at an enterprise scale, addressing challenges that traditional feature flagging tools and homegrown solutions face in handling vast user bases. This capability allows enterprises to efficiently manage targeted feature rollouts for millions of users, ensuring precision, control, and security without the complexities of managing extensive user lists manually. Large Segments offer benefits such as faster rollouts, improved application performance, large-scale experimentation, consistent user experiences, and enhanced governance and security. This innovation empowers enterprises, especially those in regulated industries, to conduct seamless phased rollouts and experiments with robust A/B testing and compliance controls, providing a powerful tool for managing digital initiatives at an unprecedented scale.
Mar 12, 2025 1,063 words in the original blog post.
Harness CI significantly enhances Gradle build times by utilizing Build Intelligence, resulting in builds that are nearly six times faster than those conducted on GitHub Actions, thus improving developer productivity and resource efficiency. The blog post highlights how complex software projects often encounter slow build times as a bottleneck, impacting resource usage and development cycles. Harness CI optimizes Gradle build performance through features like Build Intelligence, Test Intelligence, and Cache Intelligence, which effectively reuse build artifacts, execute only relevant tests, and efficiently cache dependencies. The Spring Framework serves as a case study, demonstrating the benefits of these optimizations for large Java projects. Dewan Ahmed, the author, a Principal Developer Advocate at Harness, brings extensive experience from his previous roles at IBM, Red Hat, and Aiven, and is passionate about open-source and advocating for underrepresented groups in tech.
Mar 07, 2025 852 words in the original blog post.
The new Elixir SDK from Harness allows development teams to integrate feature flagging and event tracking directly into their Elixir applications without altering their existing tech stack. Built as a lightweight and efficient solution, the SDK leverages Split Daemon to connect to Harness Feature Management & Experimentation (FME) seamlessly. Initially developed in collaboration with Cars.com, the Elixir SDK has been enhanced for broader compliance with Harness and is now available for all customers. This thin client SDK is particularly beneficial for Elixir, a language widely used for scalable and fault-tolerant applications, as it improves performance with low latency, enhances security by keeping data within the local network, and simplifies maintenance by standardizing feature flag implementation. It supports native feature flagging, simplifies multi-language support, and is optimized for high-traffic applications, enabling companies to deploy and experiment confidently. The release of the Elixir SDK demonstrates Harness's commitment to providing scalable, secure, and accessible feature management solutions across diverse tech stacks.
Mar 03, 2025 520 words in the original blog post.