The purpose of CI/CD security goes beyond identifying and remediating vulnerabilities—it also emphasizes keeping pace with other CI/CD processes. A secure CI/CD pipeline allows teams to find and fix issues without disrupting the overall CI/CD flow, achieving security without delaying or rolling back software releases.
The goal of a DevOps pipeline is to create a continuous workflow that includes the entire application lifecycle. But too often, people focus only on the tools and automating everything, not stopping to think whether their processes could further improve performance and efficiency. Let's look at some common challenges to continuous delivery and then learn five tips for refining your DevOps pipeline and taking it to the next level.
Continuous testing shortens feedback loops through automated testing that occurs throughout the development lifecycle—hence "continuous." Testing and QA become the responsibility of everyone working on the software, not just testers. Let's look at some proven practices from organizations that have used continuous testing effectively to realize tangible benefits.
A growing company was tasked to develop a test automation program from scratch, change its coding practices, and build a continuous testing toolchain. Martin Ivison details how they did it, including realizing that implementing the traditional test pyramid wasn't going to work—it would have to be turned upside down. They found out that small is beautiful, cheap is good, and cultural change matters.
Migrating an organization to continuous integration requires adoption new processes, tools, and automation. DevOps relies on dramatic culture change to encourage total transparency and collaboration among all project stakeholders.
Ryan Kenney, senior consultant at Coveros, chats with TechWell community manager Owen Gotimer about the difference between containers, container engines, and container orchestration; using containers in your CI/CD pipelines; and the cost of security.
Andy Glover, director of delivery engineering at Netflix, chats with TechWell community manager Owen Gotimer about a couple of Netflix's open source projects, the benefits of open source, and a few open source lessons his team learned along the way. Continue the conversation with Andy and Owen (@owen) on the TechWell Hub (http://hub.techwell.com/)!
In this interview, Anj Dubey, director of performance engineering for McGraw-Hill Education, discusses the need to shift left and embed your performance engineering into your CI/CD pipeline in order to ensure that every line of code is going to meet your performance requirements.
In this interview, Melissa Benua, a senior technical lead at mParticle, explains how traditional testers can use their current skill sets to easily transition to new concepts, like DevOps. She also details how continuous testing and continuous integration continue to be major hot topics.
State Farm adopted an innovative approach to a common problem many organizations face with agile transformation: How do you influence, nurture, and support a whole scale culture of agility? How do you move from doing agile to being agile?
Because of its specialized nature, many aspects of application security testing are often assigned to testers from another team or another company who may be brought in to perform a point-in-time assessment prior to a release.
What do testing and quality look like in a continuous delivery world? Who does what and how? Is there still a need for testers, or do developers do all the testing? Is it really possible to achieve quality when you deploy to production many times each day?