Recently you would have heard DevSecOps words is thrown around a lot. Before we arrive to this term let us step back & try to understand history. We have seen that there are significant changes to software development life cycle over a period of time & similar changes happened in the area of release cycles also. There was a time, when releases were done quarterly, half yearly & yearly. From recent architectural, process & infrastructure types of changes, it is possible to have delivery within weekly, monthly & even sometimes daily. When you are running a SaaS model , you definitely need to have quicker deliveries also. Arriving to such a quicker delivery was possible through certain technology as well as process changes & some of them requires cultural changes at the organization level.
Let us start with changes at technology level in terms of regular build process. It started with Continuous Integration (CI) & Continuous Delivery & Deployment(CD).
What is Continuous Integration ?
Continuous integration is a practice where application developers keep integrating code as and when a logical unit of work is complete by pushing their code in repository. This could be several times of the day or once in a day. This is infinite process where developers keep checking in code which will trigger integrated build as and when application code is pushed. This process repeats multiple times in a day. The code needs to be integrated with your unit tests & every time a build is complete you should have unit test suite run against new code with results.
Benefits of CI
- Faster feedback on developers individual code for any integration failures with existing code. They get notified as soon as build fails or integration issues detected.
- Lesser defects gets shipped as this phase is equipped with automation tests.
- QA team can concentrate on increasing quality check in other areas,since most of the code is already tested by automation.
What is Continuous Delivery?
It is a extension to Continuous Integration and an approach in which team make sure that every change is releasable and on click/push of a button this can be released in a production environment.
Benefits of Continuous Delivery
- Faster feedback from customer on releases.
- Complexity of release management goes away.
What is Continuous Deployment?
It is one step further to Continuous Delivery where application deployment happens in production environment as soon as it passes all the gate review. There is no manual intervention in this process. This process needs regress build of static code analysis & some of the gated review need to be done before code gets deployed in production. As there is no manual intervention in between lower environment promotion to higher environment all the check points need to be automated to the fullest level.
Benefits of Continuous Deployment
- Faster feedback from customer on releases & less risky as it is done in smaller releases.
What is Pipeline ?
As you can see from earlier discussion each step is followed one after another from Continuous Integration till Continuous Deployment. There has to be a sequence of events which needs to be executed. Pipeline gives you a way to manage Continuous delivery. It also lets you control & define your own release model. You can define steps needs to be followed during build process,deployment, promotion of code, test case execution & if needed manual approval for promotion in higher environment.
A typical Jenkins Pipeline looks like below
Benefits of Pipeline
- You can control & manage Continuous delivery & steps involved in it.
What is DevOps ?
Yes, these are literally two words connected with each other Development & Operations. In most of the organization & in waterfall development methodology development team & operation team works in silos. Appadmins group is mostly a shared group within the organization for multiple projects that’s where your agility gets lost & there was strong voice from development community about bottleneck in agile methodology as it needs to be extended beyond development team & that’s where DevOps model gave birth.As shown in below figure
Benefits of DevOps
- Since you have early integration of QA team, so you will receive faster feedback on your code.
- Operations are no longer a Siloed team in the organization they do understand the sprint cycles & CI/CD pipelines.
To make this model work it needs a lot of mind set change & it also need organizational level changes to make it successful.
What is DevSecOps ?
You could have noticed that one piece is missing in above picture is Security, which comes last in the pipeline or right before the product deployment in production. In current world security became a primary focus & it need not be responsibility of one & only one siloed group in the organization. It needs to taken care from early phases of development cycle & responsibility needs to be shared across the teams, so typical DevSecOps looks like below where security is involved across all the phases.
Benefits of DevSecOps:-
Security is no longer one person or team responsibility & it is spread across multiple phases & lot of things are taken care as a part of development lifecycle.
As you have seen across multiple evolution steps in the world of application delivery & deployment to gain the agility. New tools and technology is already available from long time but is it sufficient to get to the end goal, answer is ‘No’ , in order to have successful DevSecOps model do demand a mindset change & cultural change across the organization has to happen. No matter what DevSecOps is the initial step towards agile development. I am saying DevSecOps is initial step because there is more to it for that stay tuned for next article.