Just to chip in, we've helped folks consume updates for their CF
deployments that averaged out at a new *thing* (stemcell, release) every 4
days. Having your entire platform pipelined with something like Concourse
makes a massive difference - if you're not used to this pace of change and
are trying to do things manually, you'll never keep up. It shouldn't take
more than hours to get a new stemcell tested and into production.
Daniel Jones - CTO
+44 (0)79 8000 9153
*EngineerBetter* Ltd <http://www.engineerbetter.com>
- UK Cloud Foundry
On 2 March 2017 at 06:02, James Bayer <jbayer(a)pivotal.io> wrote:
pivotal deploys updated stemcells regularly to PWS. high and critical
have a 48hr goal. we catch up on lows and mediums generally approximately
once per month.
On Wed, Mar 1, 2017 at 5:48 PM, Jonathan Stockley <jstockle(a)opentext.com>
> Hi, before deploying/upgrading a stemcell in production our security
> group runs vulnerability scans on our staging deployments.
> The problem is that by the time we get the stemcell into staging (about a
> 4-6 weeks), they have updated the vulnerability database and then there
> scan find new issues.
> How often are people upgrading stemcells in production?
> How do you handle vulnerability scanning of BOSH deployed apps?
> How about run.pivotal.io? How do they address this?