CodeSecure and FOSSA announced a strategic partnership and native product integration that enables organizations to eliminate security blindspots associated with both third party and open source code.
Steps You Should Be Automating in the SDLC - Part 5
November 09, 2018
DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 5, the final installment, covers deployment and production.
Start with Steps You Should Be Automating in the SDLC - Part 1
Start with Steps You Should Be Automating in the SDLC - Part 2
Start with Steps You Should Be Automating in the SDLC - Part 3
Start with Steps You Should Be Automating in the SDLC - Part 4
DEPLOYMENT
A common bottleneck in software development that I believe should receive higher priority for automation is deployment.
Logan Daigle
Director of DevOps Strategy and Delivery, CollabNet VersionOne(link is external)
The deployment phase of the software development lifecycle (SDLC) is one that often happens in the background — most people have little or no visibility into its effectiveness until software is actually deployed and released to users. However, it's the phase with the largest impact on immediate usability, which requires it to be right from the moment of deployment. With an emphasis on powerful automation, companies can provide quality assurances for users and ensure an accelerated deployment process with the least amount of configuration errors, ultimately reducing costs for the business. Monitoring the effectiveness of automation at the deployment phase is one sure way to improve the final released product.
Kailem Anderson
VP of Product Management for Software and Services, Ciena(link is external)
FEEDBACK LOOP
One area of automation that is often overlooked is how do we automate the collection of error information in production and deliver it back to a developer so that they can troubleshoot root cause more effectively. The state of the art for this has traditionally been the less-than-optimal adding logging statements and sifting through log data. However, it makes more sense to gather this data automatically from the runtime execution point where the information already exists, and feed that back to development to speed up the process of troubleshooting.
Tal Weiss
CTO and Co-Founder, OverOps(link is external)
Observability is key to accelerating the application lifecycle from DevOps through production but with so many specialized monitoring tools in the mix, there is lots of room to improve on automating the feedback loop with the performance analysis effort, from design through implementation and test. And don't neglect to use automation to create integrated workflows across your network, app, and log monitoring.
Peco Karayanev
Product Management Director, Riverbed(link is external) APM
Enterprises are leveraging complex cloud environments to build and deploy applications quickly and at scale, however doing this while trying to minimize performance issues has increasingly become an overwhelming task. As such, when it comes to the development process, automating continuous delivery and feedback has become necessary. By automating continuous delivery and feedback loops, teams can track all key technical metrics from each developer workstation all the way through CI/CD into Ops. Through fact-based feedback, such as memory consumption, CPU usage and response time, the team can stop faulty builds before they reach production and start deploying software faster and at a higher quality.
Andi Grabner
DevOps Activist, Dynatrace(link is external)
ROLLBACK
Not many people think about the rollback part, as too many people want to make break-fix changes in production as opposed to rollback a deployment. But having an automated rollback is as necessary as the automated deployment.
Thomas LaRock
Head Geek, SolarWinds(link is external)
PRODUCTION
There's two quick heuristics I use for working out what to automate next. One, pick the items that are closest to production as the problems you're solving with automation tend to be visible, and solving visible problems increases trust across the organization. Second, focus on small, easily understood fundamental building blocks that most of your services rely upon such as time synchronization, DNS, authentication and authorization.
Nigel Kersten
VP of Ecosystem Engineering, Puppet(link is external)
OPS
Many organizations talk about DevOps, but actually only a very limited number of them focus on the Ops part. When doing DevOps, organizations should strive to fully automate Ops. They can start by automating the creation of change requests — removing manual approvals — and end with connecting and automatically trigggering their application monitoring tools when a new release is in the pipeline.
Andreas Prins
VP of Product Development, XebiaLabs(link is external)
EVENT MANAGEMENT
With the rise of cloud-native environments that include serverless computing, microservices and container-based development, it makes sense to automate event management for IT teams. Artificial intelligence has advanced alert correlation and escalation in such a way that it's now possible to reduce the number of alerts for a given IT ecosystem and automate their escalation to the right teams regardless of complexity. This reduces "firefighting," and keeps DevOps teams focused on what they do best.
Prasad Dronamraju
Product Marketing Manager, OpsRamp(link is external)
A process not often considered in these discussions may be event management. Since event management's purpose is to detect events, make sense of the events and determine the appropriate control action, this could potentially benefit every stage of the SDLC regardless of which development model was in use. The ability to quickly detect changes in state that impact a component or a service, whether that be a line of code or memory utilization in a server, is needed at multiple points in the SDLC. So, too, is the ability to automatically isolate and make sense of these events – the most important and challenging part of this process. Once we've detected and made sense of events, we can usually create the appropriate control actions that provide autonomous operations. Since monitoring is so closely related to event management, monitoring automation is critical to both accelerating flow and reducing defects.
John Worthington
Director, Product Marketing, eG Innovations(link is external)
REPORTING
Consider automating and standardizing reporting for adherence with performance metrics for leaders in business and IT. Leaders that measure not only IT but Business metrics have less rework, surprises or discourse.
Jeanne Morain
Author and Strategist, iSpeak Cloud(link is external)
TURNOVER
DevOps teams typically focus on one problem at a time, iterating until improvements slow down and moving on to another project. When you're automating the development process, keep project turnover in mind. Ensure that monitoring that is consistent with your corporate operations team is deployed at every step of the way. That doesn't have to be hard — expect to use open course components to push data directly into the IT tool chain. You'll be able to iterate at your speed and handle the turnover step with ease!
Kent Erickson
Alliance Strategist, Zenoss(link is external)
Industry News
April 16, 2025
Bauplan, a Python-first serverless data platform that transforms complex infrastructure processes into a few lines of code over data lakes, announced its launch with $7.5 million in seed funding.
April 15, 2025
Perforce Software announced the launch of the Kafka Service Bundle, a new offering that provides enterprises with managed open source Apache Kafka at a fraction of the cost of traditional managed providers.
April 14, 2025
LambdaTest announced the launch of the HyperExecute MCP Server, an enhancement to its AI-native test orchestration platform, HyperExecute.
April 14, 2025
Cloudflare announced Workers VPC and Workers VPC Private Link, new solutions that enable developers to build secure, global cross-cloud applications on Cloudflare Workers.
April 14, 2025
Nutrient announced a significant expansion of its cloud-based services, as well as a series of updates to its SDK products, aimed at enhancing the developer experience by allowing developers to build, scale, and innovate with less friction.
April 10, 2025
Check Point® Software Technologies Ltd.(link is external) announced that its Infinity Platform has been named the top-ranked AI-powered cyber security platform in the 2025 Miercom Assessment.
April 10, 2025
Orca Security announced the Orca Bitbucket App, a cloud-native seamless integration for scanning Bitbucket Repositories.
April 10, 2025
The Live API for Gemini models is now in Preview, enabling developers to start building and testing more robust, scalable applications with significantly higher rate limits.
April 09, 2025
Backslash Security(link is external) announced significant adoption of the Backslash App Graph, the industry’s first dynamic digital twin for application code.
April 09, 2025
SmartBear launched API Hub for Test, a new capability within the company’s API Hub, powered by Swagger.
April 09, 2025
Akamai Technologies introduced App & API Protector Hybrid.
April 09, 2025
Veracode has been granted a United States patent for its generative artificial intelligence security tool, Veracode Fix.
April 09, 2025
Zesty announced that its automated Kubernetes optimization platform, Kompass, now includes full pod scaling capabilities, with the addition of Vertical Pod Autoscaler (VPA) alongside the existing Horizontal Pod Autoscaler (HPA).
April 08, 2025
Check Point® Software Technologies Ltd.(link is external) has emerged as a leading player in Attack Surface Management (ASM) with its acquisition of Cyberint, as highlighted in the recent GigaOm Radar report.
