Abstract: Techniques are described for securing secrets in software build workflows. In some implementations, build instructions call for execution of a first program module and a second program module, where the first program module has been approved to make a privileged request, but the second program module has not. The first program module can be stored in a trusted repository, separately from the second program module. When the first program module is loaded for execution, a cryptographic signature can be validated to determine that the first program module is authentic and as a condition for passing a privileged credential to the first program module. The second program module has no access to the privileged credential. Instead, when the second program module is loaded for execution, a determination can be made whether the second program module makes any privileged requests. Any privileged requests from the second program module will not be fulfilled.

Abstract: Computing systems and methods are provided for executing steps of a workflow in a stateful and parallelizable manner. A worker computing system receives indication of an assigned step of the workflow and downloads, to its local storage, a snapshot of changes from a preceding step of the workflow from a distributed storage on a network, where the snapshot includes data indicative of the changes associated with execution of the preceding step. The worker computing system performs the assigned step using the data from the snapshot to generate a second snapshot of changes associated with execution of the assigned step and uploads the second snapshot of changes associated with the assigned step to the distributed storage.

Abstract: Systems and methods are provided for receiving, at a server, a workflow definition and generating a unique key for the received workflow definition. A distributed log storage may store the internal workflow schema having the not-started states to a state topic of the distributed log storage using the generated unique key, where the state topic includes the states of the internal workflow schema. One or more workers at the server may perform at least one operation based on a received message. The state may be updated at the distributed log storage based on the performed at least one operation. The state topic of the internal workflow schema for the generated key may be compacted based on the updated state, where the compacting reduces the states of the internal workflow schema to the current states, without intermediary states.

Abstract: Systems and methods are provided for receiving a code change at a continuous integration and continuous deployment (CICD) server system, generating a unique change identifier, generating a new code build which includes the code change, testing the generated new code build by performing a code trace for phase of testing or production environment based on at least one predetermined testing parameter that includes a predetermined trace time for the code change of the generated change identifier, and displaying test results for the change identifier for the phase of testing or production environment to visually highlight a pass or failure of the testing for the code change based on the predetermined testing parameter for the predetermined trace time.

Abstract: Systems and methods are provided for performing, at a computing system, a code trace of at least a portion of computer code having a plurality of components that are executed by the computing system. A dependency map may be generated for the plurality of components of the computer code based on the code trace, the dependency map identifying at least an upstream component that is executed upstream of a first component of the plurality of components and a downstream component that is executed downstream of the first component. An observed failure rate may be determined of at least the first component, based on at least one of the upstream component and the downstream component. A fault tree analysis map that includes the generated dependency map and the observed failure rate of at least the first component of the plurality of components may be displayed on a display device.

Abstract: Systems and methods are provided for receiving a code change at a continuous integration and continuous deployment (CICD) server system, generating a unique change identifier, generating a new code build which includes the code change, testing the generated new code build by performing a code trace for phase of testing or production environment based on at least one predetermined testing parameter that includes a predetermined trace time for the code change of the generated change identifier, and displaying test results for the change identifier for the phase of testing or production environment to visually highlight a pass or failure of the testing for the code change based on the predetermined testing parameter for the predetermined trace time.

Abstract: Systems and methods are provided for receiving a code change at a continuous integration and continuous deployment (CICD) server system, generating a unique change identifier, generating a new code build which includes the code change, testing the generated new code build by performing a code trace for phase of testing or production environment based on at least one predetermined testing parameter that includes a predetermined trace time for the code change of the generated change identifier, and displaying test results for the change identifier for the phase of testing or production environment to visually highlight a pass or failure of the testing for the code change based on the predetermined testing parameter for the predetermined trace time.

Abstract: A request message is generated with a trusted network entity executing trusted code on a first network layer. The request message to target a non-trusted network entity executing non-trusted code on a second network layer. The request message is transmitted from the trusted network entity to the non-trusted network entity through at least a policy enforcement entity. The policy enforcement entity applies one or more network traffic rules to enforce a unidirectional flow of traffic from the first network layer to the second network layer. A response check message is generated with the trusted network entity. The response check message to determine whether response information is available on the non-trusted network entity in response to the request message. The response check message is transmitted from the trusted network entity to the non-trusted network entity through at least the policy enforcement entity.

Abstract: A request message is generated with a trusted network entity executing trusted code on a first network layer. The request message to target a non-trusted network entity executing non-trusted code on a second network layer. The request message is transmitted from the trusted network entity to the non-trusted network entity through at least a policy enforcement entity. The policy enforcement entity applies one or more network traffic rules to enforce a unidirectional flow of traffic from the first network layer to the second network layer. A response check message is generated with the trusted network entity. The response check message to determine whether response information is available on the non-trusted network entity in response to the request message. The response check message is transmitted from the trusted network entity to the non-trusted network entity through at least the policy enforcement entity.

Abstract: A request message is generated with a trusted network entity executing trusted code on a first network layer. The request message to target a non-trusted network entity executing non-trusted code on a second network layer. The request message is transmitted from the trusted network entity to the non-trusted network entity through at least a policy enforcement entity. The policy enforcement entity applies one or more network traffic rules to enforce a unidirectional flow of traffic from the first network layer to the second network layer. A response check message is generated with the trusted network entity. The response check message to determine whether response information is available on the non-trusted network entity in response to the request message. The response check message is transmitted from the trusted network entity to the non-trusted network entity through at least the policy enforcement entity.

Abstract: A request message is generated with a trusted network entity executing trusted code on a first network layer. The request message to target a non-trusted network entity executing non-trusted code on a second network layer. The request message is transmitted from the trusted network entity to the non-trusted network entity through at least a policy enforcement entity. The policy enforcement entity applies one or more network traffic rules to enforce a unidirectional flow of traffic from the first network layer to the second network layer. A response check message is generated with the trusted network entity. The response check message to determine whether response information is available on the non-trusted network entity in response to the request message. The response check message is transmitted from the trusted network entity to the non-trusted network entity through at least the policy enforcement entity.

Abstract: A request message is generated with a trusted network entity executing trusted code on a first network layer. The request message to target a non-trusted network entity executing non-trusted code on a second network layer. The request message is transmitted from the trusted network entity to the non-trusted network entity through at least a policy enforcement entity. The policy enforcement entity applies one or more network traffic rules to enforce a unidirectional flow of traffic from the first network layer to the second network layer. A response check message is generated with the trusted network entity. The response check message to determine whether response information is available on the non-trusted network entity in response to the request message. The response check message is transmitted from the trusted network entity to the non-trusted network entity through at least the policy enforcement entity.

Abstract: In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for assigning code lines to clusters with storage and other constraints in an on-demand service environment including, for example, receiving as input, a plurality of code lines for test within a host organization; determining available resource capacity for each of a plurality of clusters within the host organization; determining required resource capacity for each of the plurality of code lines for test within the host organization; sorting the plurality of clusters according to the determined available resource capacity for each; sorting the plurality of code lines according to the determined required resource capacity for each; and allocating the plurality of code lines amongst the plurality of clusters based on the sorting of the plurality of clusters and based further on the sorting of the plurality of code lines. Other related embodiments are disclosed.

Abstract: In an embodiment, first and second lists of virtual machine datastore paths are obtained. The first list includes datastore paths on a datastore. The second list includes datastore paths that are associated with existing virtual machines. The first and second lists are compared and non-matching datastore paths are deleted from the datastore, thereby freeing up disk space on the datastore.

Abstract: A request message is generated with a trusted network entity executing trusted code on a first network layer. The request message to target a non-trusted network entity executing non-trusted code on a second network layer. The request message is transmitted from the trusted network entity to the non-trusted network entity through at least a policy enforcement entity. The policy enforcement entity applies one or more network traffic rules to enforce a unidirectional flow of traffic from the first network layer to the second network layer. A response check message is generated with the trusted network entity. The response check message to determine whether response information is available on the non-trusted network entity in response to the request message. The response check message is transmitted from the trusted network entity to the non-trusted network entity through at least the policy enforcement entity.

Abstract: In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for assigning code lines to clusters with storage and other constraints in an on-demand service environment including, for example, receiving as input, a plurality of code lines for test within a host organization; determining available resource capacity for each of a plurality of clusters within the host organization; determining required resource capacity for each of the plurality of code lines for test within the host organization; sorting the plurality of clusters according to the determined available resource capacity for each; sorting the plurality of code lines according to the determined required resource capacity for each; and allocating the plurality of code lines amongst the plurality of clusters based on the sorting of the plurality of clusters and based further on the sorting of the plurality of code lines. Other related embodiments are disclosed.

Abstract: In an embodiment, first and second lists of virtual machine datastore paths are obtained. The first list includes datastore paths on a datastore. The second list includes datastore paths that are associated with existing virtual machines. The first and second lists are compared and non-matching datastore paths are deleted from the datastore, thereby freeing up disk space on the datastore.