opensource,

Best Practices for using OpenSource Tools in Enterprises

Gini Gini Follow · 2 mins read
Best Practices for using OpenSource Tools in Enterprises
Share this

These are purely personal notes - but publicly available - and do not blindly follow the items.

Consider paid Opensource services as well

  • Opensource doesn’t mean everything free. Whatever community versions are free ($) but do consider paid optiions for better support.
  • Paid services will be better in terms of QA, Stability, Release Cycle and Support.
  • Organizations who are ready to take care of above items can think about community supported editions easily.

Be a contributor to the Community

  • Report bugs on time
  • Raise feature requests and contribute back
  • Be part of opensource development and testing team

Implement the best class Application monitoring System

  • make sure the applciation are under monitoring
  • observability is the key
  • reporting mechanism and follow up tracking should be in place

Check in Vulnerability Database

  • Check in all Vulnerability databases available.
  • Check in poduct Vulnerability page regularly.

Check the Long Term Support (LTS) before implementing

  • Make sure the tool is having long term support.
  • Check the popularity and community strength.

Practice Software Inventory

  • Keep your software and tools database uptodate.
  • Keep the version information, Vulnerability tracker, upgrade options, End of Life (EOL)

Implement Least Privilege Policies

  • Allow access based on demand and request
  • Block all access unless it is needed

Follow the Patching and Upgrade schedules

  • Do not wait for an issue
  • Upgrade and patch systems based on availability

Test, Stage and push to Production

  • Do not try anything in production as we do not know what all tests and QA has been completed from the opensource community level.
  • Refer the release notes carfully before implementation/upgrade process.

NO Default Passwords

  • Change all default passwords to secure passwords (follow organization password policies)
  • Keep passwords in vault or password manager.

Check the License of Opensource Tools

  • Make sure the license is acceptable as per organization policies
  • Check what all data will be collected and send to external systems (if any) for improvement/analytics.

Keep Source Codes in local repositories for scanning

  • Scan the source code by yourself using tools
  • Test fixes and bugs and propose to community

Refereces

Gini
Written by Gini Follow
Backpacker, Foodie, Techie

Latest Stories

How To Get Hands-On Experience in AWS

Every Time you have the same situation, you know the technology and maybe you are already a certified professional in that technology, but you are not getting enough hands-on on that ...

In AWS, Jan 04, 2021
Getting Started with Ansible Collections

Ansible Collection is a great way of getting content contributions from various Ansible Developers. Earlier there was a tagline for Ansible – “Batteries included”, but now the battery...

In redhat, ansible, Dec 22, 2020
Configure Your Windows Host to be Managed by Ansible

I was talking to my friend about Ansible automation and how we are implementing automated solutions for cloud and on-premise infrastructure. Then he told me that, his team is looking ...

In redhat, ansible, Dec 01, 2020
Remove nodes from Kubespray Managed Kubernetes Cluster

Kubespray is a combination of Ansible and Kubernetes and you can use Kubespray for deploying production ready Kubernetes clusters. You can manage full-lifecycle of Kubernetes clusters...

In containers, kubernetes, Nov 30, 2020
Adding new nodes to Kubespray Managed Kubernetes Cluster

Kubespray is a combination of Ansible and Kubernetes and you can use Kubespray for deploying production ready Kubernetes clusters. Learn how to add new nodes in a Kubernetes cluster u...

In containers, kubernetes, Nov 27, 2020

Featured