Resources DevOps

DevOps is a software engineering culture and practice that aims at unifying software development (Dev) and software operation (Ops).

The main characteristic of the DevOps movement is to strongly advocate automation and monitoring at all steps of software development , from integration , testing , releasing to deployment and infrastructure management . DevOps aims at shorter development cycles, continuous delivery , and more dependable releases, in close alignment with business objectives.

DevOps is NOT ENOUGH! DevSecOps is what must be implemented with the cybersecurity stack built into the DevOps pipeline.

What are the Benefits of DevOps?

DevOps allows organizations to get more done. It promotes teamwork by eliminating silos and encouraging collaboration. Teams that adopt this model increase lead times, create new features faster, and drive innovation while gaining employee engagement and communication. This allows to create applications that are more secure and stable.

DevOps used with continuous integration and continuous delivery (CI/CD) allows organizations to improve deployment frequency, lead time, detection of cybersecurity vulnerabilities and flaws, mean time to repair and mean time to recovery. Learn more

Avoids shadow IT by enabling all directorates / divisions / services to reuse the DevSecOps pipeline instead of reinventing the wheel and building their own pipeline without supervision

Allows for rapid experimentation and embracing uncertainty while focusing on mission end goals.

Enables rapid prototyping and A/B testing or canary releases.

Makes new services and innovations available.

Increases frequency of deployments

Increases collaboration between various departments

Reduces time spent maintaining applications and fixing them

Reduces time needed for testing, development and operations

Reduces time-to-market

Improves performance and quality of applications

Avoids technical debt by continuously fixing bugs and security issues thanks to automated tests and real-time scans.

DevOps Metrics

Mean-time to recovery shows how long it takes for an application in the production stage to recover from failure

Mean-time to production shows how long it takes when new code is committed into code repository

Average lead-time shows how long it takes for a new requirement to be delivered and deployed

Deployment speed shows how fast you can deploy a new version of the application between staging, test and production

Deployment frequency shows how often you can deploy a new release into production environment and testing / QA

Production failure rate shows how often software fails in production

DevSecOps Metrics

Ability to detect and prevent security flaws and injections

Ability to perform fuzzing and static/dynamic source code analysis

Ability to monitor container security including container base images and libraries

DEVOPS SUCCESS FACTORS

Collaborative Culture: Foster shared goals and identify DevOps champions within the organization.

Test Automation: Prioritize continuous testing and integrate security from the start.

Legacy Systems: Plan for legacy infrastructure and application integration.

Application Complexity: Consider architecture changes for on-premises, cloud, and containers.

DevOps Plan: Create a clear roadmap with milestones and defined deliverables.

Automated Environments: Utilize cloud sandboxes and automation for streamlined management.

Skillset Development: Provide training and standardize operational procedures.

Budget Considerations: Factor in integration and operational complexities beyond open-source tools.

Integrated Tools: Avoid fragmented toolsets to reduce costs and improve efficiency.

Leadership Support: Educate leaders to gain resource and budgetary support.

CI/CD - Continuous Integration (CI) and Continuous Delivery (CD)

Continuous integration (CI) is the practice of consolidating all new source code into a shared version control server such as GitHub, several times a day.

Continuous delivery (CD) is used to deliver (release) software in short cycles, ensuring that the software can be released reliably at any time. It aims at building, testing, and releasing software with complete automation.

This approach helps reduce the cost, time, and risk of delivering changes by allowing incremental updates to applications in production. A reliable and repeatable deployment process is essential for continuous delivery.

Extreme Programming (XP) is an agile methodology that emphasizes frequent integration and continuous feedback. In XP, developers are encouraged to integrate code changes into the shared codebase multiple times a day, sometimes as frequently as tens of times per day. This ensures early detection and resolution of integration issues, reducing conflicts and bugs caused by delayed integration.

DevSecOps is the next evolution of agile and builds on the agile principles by adding the following:

Leveraging Containers and Micro-services for enhanced scalability and prototyping, ensuring easier development, testing, and maintenance.

Leveraging cloud infrastructure for scalable deployment, providing flexibility and cost-efficiency.

Implementing CI/CD to rapidly prototype, test, and deploy updates, optimizing the software development lifecycle.

Utilizing A/B testing and canary deployment for rapid feedback loops and effective feature comparison.

Embedding security in the development pipeline to address vulnerabilities early and ensure a secure application.

Container Benefits

Platform independence. Build it once, run it anywhere

Resource efficiency and density

Effective isolation and resource sharing

Speed; Start, create, replicate or destroy containers in seconds

Immense and smooth scaling

Operational simplicity

Improved developer productivity and development pipeline (thanks to DevOps)

Learn more about containers here .

Automated testing in DevSecOps is a crucial practice that ensures the continuous validation of code changes for security and functionality

It is a key part of DevSecOps. It is enabled by multiple tools that measure both test code coverage and test results. They are fully automated and do not require human action. It also enables new concepts like pair programming and peer code review.

Agile brings several new models for creating the right tests:

Test-driven development (TDD) is a software development process that relies on very short development cycles: requirements are turned into very specific test cases first, then the software is built to pass the tests.

Acceptance test–driven development (ATDD) is a development methodology based on communication between the business customers, the developers, and the testers.

ATDD encompasses many of the same practices as specification by example, behavior-driven development (BDD), example-driven development (EDD), and support-driven development also called story test–driven development (SDD).

All these processes aid developers and testers in understanding the customer’s needs prior to implementation and allow customers to be able to converse in their own domain language.

Extreme DevOps

Risk Management Case Study

Chaos Monkey, developed by Netflix in 2011, is a tool used for resilience testing of their IT infrastructure. It deliberately disables computers in their production network to observe how the remaining systems respond to the outage. Part of the Simian Army suite, it simulates and tests various system failures and edge cases. Embracing the principles of DevOps, Chaos Monkey contributes to continuous testing and supports the “Design for failure” pattern, ensuring computer applications can handle the failure of underlying components.

Learn more about this story here .