The previous chapter in this WhiteHat Security series discussed Codebase as the first step of the Twelve-Factor App and defined a security best practice approach for ensuring a secure source control system. Considering the importance of applying security in a modern DevOps world, this next chapter examines the security component of step two of the Twelve-Factor methodology. Here follows some actionable advice from the WhiteHat Security Addendum Checklist, which developers and ops engineers can follow during the SaaS build and operations stages ...
Customers always want more, which means release cycles have to keep up. Easier said than done! Dev teams are doing their best to give the customers what they want, but oftentimes find themselves in between a rock and a hard place. Teams are struggling to get up to speed with new tools that are meant to make their lives easier and more realistic to hit deadlines. With demand on the rise, how can teams work together to fast-track their release cycles?
With a little elbow grease, teams can work together to fast-track release cycles and meet customer demands.
With spring cleaning season upon us, take time this season to tune up agile processes and continue the work of advancing the shift towards DevOps.
Embrace New and Improved Processes
As release cycles accelerate, team leads should analyze their software development lifecycle (SDLC) to determine where roadblocks are occurring and what exactly is holding employees back. Analyzing not only the quality of outputs, but also how quality assurance is embedded throughout continuous integration (CI) process is a good start.
Establish best practices for how each developer across the SDLC can incorporate their colleagues' work when editing, updating and continuously testing. It's important that application health is communicated across all teams. This will ensure code is well-maintained and that there are no memory leaks or poor code development practices throwing the process off. Continuous testing across different feature teams also assures teams that every code component for different functionalities is working once they all finally merge.
Getting everyone on the same page will also make it easier to simplify real-time decision-making. Be sure to work with teams to define their dashboards, ensuring everyone is seeing the same actionable results at any given time.
Revamp Your Tech
The different types of technologies utilized throughout the DevOps pipeline must integrate seamlessly with revised processes throughout the lab environment.
The lab is the glue that keeps the entire CI process together. It must be current with all devices and platforms. If unstable or unavailable at any given moment, the entire process breaks.
As more organizations adopt an agile approach to software development, remember that it's nearly impossible to build a one-size-fits-all solution; every new process, tool or technology should integrate within the existing toolchain. Keep in mind that this will vary from business to business.
Lastly, don't forget about your frameworks. Make sure the entire team has tools and access to different frameworks based on their unique needs. For example, a developer may run a small number of unit tests, whereas test engineers require end-to-end functional test frameworks.
Dust Off Roles and Responsibilities
Software development has recently become much more agile as the need for faster release cycles proliferates. According to a recent VersionOne report, almost 75 percent of respondents attribute the need to accelerate software delivery to their adoption of agile practices. While DevOps is supposed to help dev teams more quickly deliver applications, managers encouraging the implementation of these processes often overlook the true meaning of DevOps and how these transformations will actually change employees day-to-day.
DevOps is meant to reflect the combination of development and operations, which covers a range of tasks once performed by developers, testers and operations at different stages throughout the SDLC. However, a more agile approach means that barriers should be taken down, teams should work together, sharing tools and processes.
Before jumping into the clean up processes or technologies, be sure to confirm all teams are aligned on evolving roles and responsibilities. Sit down with individuals, teams and managers to get everyone on the same page and provide guidance on best steps for moving forward this year.
Mind the Skills Gap
Despite developers' growing list of responsibilities, a 2018 report from LinkedIn found that there is a significant skills shortage when it comes to software engineers and other similar career trajectories. That gap shrinks even further when you consider the different roles within software engineering itself.
This spring, dedicate time with employees to brush up on their skills, refine their job responsibilities and up level their expertise. While this isn't a task that can be performed and executed on overnight, try:
■ Working with the boss: Teams will need leadership buy-in to really make this a reality. Be sure to sit down with senior leaders to explain the benefits of team-wide training to the bottom line.
■ Phoning a friend: Pair up programmers from different departments and levels to mentor one another; you can often learn things from unexpected places!
■ Augmenting software delivery practices to improve quality: Acceptance test driven development (ATDD) is a proven accelerator and behavior-driven development (BDD) helps bridge varying skills and blind spots between the different personas across the SDLC.
Although spring cleaning can be a drag, it is also an opportunity for discovery! Taking the time to polish up processes, train team members and spruce up your stack, will help ensure release cycles are on time – and spotless – by the time the summer rolls around.