The purpose of CI/CD security goes beyond identifying and remediating vulnerabilities—it also emphasizes keeping pace with other CI/CD processes. A secure CI/CD pipeline allows teams to find and fix issues without disrupting the overall CI/CD flow, achieving security without delaying or rolling back software releases.
The goal of a DevOps pipeline is to create a continuous workflow that includes the entire application lifecycle. But too often, people focus only on the tools and automating everything, not stopping to think whether their processes could further improve performance and efficiency. Let's look at some common challenges to continuous delivery and then learn five tips for refining your DevOps pipeline and taking it to the next level.
Docker has revolutionized how software is packaged, distributed, and deployed, so it's easy to see why it has become the de facto containerization platform. But have you thought about how Docker actually makes software development, testing, delivery, and deployment more agile? Let's look at how Docker inherently supports several of the founding principles of agile software development.
Companies using heavyweight development processes manage change by limiting or locking down scope, but this has negative consequences for our products and our customers. Agile takes a different approach by recognizing the value of last-minute changes and making it inexpensive and straightforward to make changes to software, even late in the development cycle, using continuous integration.
Migrating an organization to continuous integration requires adoption new processes, tools, and automation. DevOps relies on dramatic culture change to encourage total transparency and collaboration among all project stakeholders.
Ryan Kenney, senior consultant at Coveros, chats with TechWell community manager Owen Gotimer about the difference between containers, container engines, and container orchestration; using containers in your CI/CD pipelines; and the cost of security.
Andy Glover, director of delivery engineering at Netflix, chats with TechWell community manager Owen Gotimer about a couple of Netflix's open source projects, the benefits of open source, and a few open source lessons his team learned along the way. Continue the conversation with Andy and Owen (@owen) on the TechWell Hub (http://hub.techwell.com/)!
In this interview, Sunil Sehgal, the managing partner of TechArcis Solutions, defines DevOps and whether or not your team has the technical savvy to properly adopt its practices. He explains what DevOps means for developers and testers and details what DevTestOps truly is—and why it's essential.
In this interview, Martin Chikilian, lead director of engineering at Toptal, digs into current DevOps trends and whether DevOps is just a fad. Martin explains why the gig economy is so big for DevOps, why there are so many unfilled positions, and what continuous concepts mean for software.
State Farm adopted an innovative approach to a common problem many organizations face with agile transformation: How do you influence, nurture, and support a whole scale culture of agility? How do you move from doing agile to being agile?
Because of its specialized nature, many aspects of application security testing are often assigned to testers from another team or another company who may be brought in to perform a point-in-time assessment prior to a release.
What do testing and quality look like in a continuous delivery world? Who does what and how? Is there still a need for testers, or do developers do all the testing? Is it really possible to achieve quality when you deploy to production many times each day?