The purpose of CI/CD security goes beyond identifying and remediating vulnerabilities—it also emphasizes keeping pace with other CI/CD processes. A secure CI/CD pipeline allows teams to find and fix issues without disrupting the overall CI/CD flow, achieving security without delaying or rolling back software releases.
The goal of a DevOps pipeline is to create a continuous workflow that includes the entire application lifecycle. But too often, people focus only on the tools and automating everything, not stopping to think whether their processes could further improve performance and efficiency. Let's look at some common challenges to continuous delivery and then learn five tips for refining your DevOps pipeline and taking it to the next level.
Containerization has replaced virtual machines to a great extent because containers are lightweight and make efficient use of the OS kernel. Docker’s efficient nature helps with software development, testing, delivery, and deployment in a DevOps environment, and all the benefits of Docker also apply to Kubernetes. Let’s explore some of the additional agile and DevOps benefits you can gain by using Kubernetes.
DevSecOps is a growing movement to incorporate security into DevOps practices in order to ensure flaws and weaknesses are exposed early on through monitoring, assessment, and analysis, so remediation can be implemented far earlier than traditional efforts. By failing fast with security testing, organizations reduce risk of a security incident and decrease the cost of rework.
The current trend of using DevOps to describe every effective automated procedure is creating more confusion and even some dysfunctional behavior as software organizations continue to adopt this build-test-deploy approach. Bob Aiello and Leslie Sachs describe the DevOps approach you should use.
Better Software magazine editor Ken Whitaker highlights the contents of the July/August issue with two articles featuring mobile and wearable intelligent devices and the challenges they present to typical software development. Ken also provides information on ordering a print copy of Better Software.
With the cloud providing tremendous freedom like instant deployment of updates, you're definitely going to have to adjust how you develop and deploy apps. Pete and Matt have created a list of things you need to consider when developing apps for the cloud.
One of the most effective approaches to DevOps involves moving the automation of the application build, package, and deployment upstream to the beginning stages of the software development lifecycle—an industry best practice long before DevOps became as popular as it is today.
Ryan Kenney, senior consultant at Coveros, chats with TechWell community manager Owen Gotimer about the difference between containers, container engines, and container orchestration; using containers in your CI/CD pipelines; and the cost of security.
In this interview, Jeff Morgan, the chief technology officer and cofounder of LeanDog, explains how continuous delivery and continuous deployment have changed how software teams do business. He breaks down funding projects versus teams and validating quality as you build your product.
In this interview, Hans Buwalda, the CTO at LogiGear, details the common misconceptions people have when it comes to DevOps. He also discusses continuous integration and continuous deployment, having the right amount of confidence when it comes to testing, and how to know if DevOps is right for you.
In this interview, Neal Ford, a director and software architect at ThoughtWorks, explains why software architecture has traditionally been so difficult to change later on in the process and how you can adapt your modern architecture to be much more evolvable.
When developing software, teams can often get bogged down with mundane tasks such as code linting, manual testing, or even just deploying code to a particular environment. Everyone dreams of setting up continuous integration to automate this work, but they believe it to be too time-consuming for their current budget. Join Brian Thompson as he discusses how, after many years of manually performing repetitive tasks and occasionally making a mistake in mundane work, he learned to embrace the robot overlords. Learn about a variety of different continuous integration services such as CircleCI, TravisCI, and GitLab CI, and how utilizing continuous integration does not have to be a drain on time. Brian will discuss how CI can be leveraged in a repeatable way so as not to use up project budgets before starting development.
Trying to reach continuous deployment (CD) can feel like scaling a gigantic mountain full of sheer faces, icy passes, and incredible dropoffs. When a company doesn’t take the proper precautions on its journey to CD, it can result in an overworked engineering organization and high-risk issues reaching the end-users. Join Michele Campbell as she discusses key insights about the journey to CD her company is on right now. In just three short months, the organization has managed to double its number of production releases, without overwhelming teams or causing the quality of the program to suffer. Learn what it took to get there, including the tools that were built, how an organization-wide effort was led, and what goals were set and met.
Staging environments are notoriously difficult to set up and maintain. Unless you have a top-notch DevOps team, staging environments are usually different from production environments, and consequently, they are fraught with problems—failing deployments, "out of disk space" errors...
The growth of automation testing in today’s software development organizations is changing the way we test applications. Software development practices have matured over the last thirty years to include all forms of testing in order to verify software quality. In the last ten years, there has been a huge spike in the adoption of automated tests, effectively replacing some manual testing practices and supplementing traditional testing activities. Many parts of the software development industry, however, are wary of replacing manual testing with automated testing. Not only is there often a lack of confidence in the automation tests, but some also see automated testing as fragile, unmaintainable, and, ultimately, something with a low return on investment. Max believes that by employing mature software development techniques, we can achieve robust, maintainable tests that deliver confidence in the application under test.