DevSecOps Explained in 5 Minutes
DevSecOps evolved from DevOps, which evolved from Agile, which replaced Waterfall. Let us explain.
Join the DZone community and get the full member experience.Join For Free
Where Did DevSecOps Come From?
Traditionally, software development involved two separate siloed departments: development and operations. The developers were responsible for writing the code and the operatives were responsible for implementing and managing it.
Back then, this software development process, which essentially followed the waterfall process, was simple and straightforward. Consumer demands were manageable, and if any changes or improvements were needed to be made, the operators could ping back to the developers to make the necessary amendments.
You may also enjoy: What is DevOps? The Beginner's Guide
All was well and good until we entered the era of IoT, where we saw an explosion of connected devices from smart refrigerators, smart speakers to smartphones. And with that, we saw disruption in consumer behavior. With more people connected, their expectations rose, and they wanted their desired end-result in an instant.
From a software development perspective, this also led to an increase in consumer demands for improvements and more feedback. Operators were receiving an influx of requests and issues, and developers were getting swamped with all the pingbacks coming from operators who didn’t know how to update the code. This led to a bottleneck in new code development and resolution.
And this led to slower releases, sluggish software delivery, and poorly received software performance.
To address this growing crisis, along came DevOps which combined both Development (Dev) and Operations (Ops) together, breaking the traditional siloed approach.
As result of adopting an agile working culture, implementing best practices, and through the use of tools to automate certain software development processes, DevOps provides the fundamentals to enable a company to develop, deliver, and improve applications much faster than their previous waterfall-based approach.
DevOps allows organizations to adopt a customer-centric approach in order to quickly adapt to fluctuating consumer demands and maintain a competitive advantage in their sector.
7 Wonders of the DevSecOps World…
As mentioned, most of the best practices can be applied via effective tooling. Here, we list some of the most popular DevOps tools.
- Ansible: Ansible is an open-source software that provides automated software provisioning, application deployment, intra-service orchestration, continuous delivery, and configuration management. It has been designed for multi-tier deployment and can model your IT infrastructure by defining how your systems inter-relate. Ansible comes with hundreds of modules to support a multitude of integrations, including Arista, Google Cloud Platform, and Windows.
- CRI-O: CRI-O is an implementation of the Kubernetes CRI (Container Runtime Interface) to enable using OCI (Open Container Initiative) compatible runtimes. It is a lightweight alternative to using Docker as the runtime for Kubernetes. It allows Kubernetes to use any OCI-compliant runtime as the container runtime for running pods.
- Jenkins: Jenkins is a well-known CI platform that enables you to continuously merge development work with the main source code. Jenkins can work on any major public cloud.
- Helm: Helm helps you manage Kubernetes applications — Helm Charts help you define, install, and upgrade even the most complex Kubernetes application. Charts are easy to create, version, share, and publish. The latest version of Helm is maintained by the CNCF – in collaboration with Microsoft, Google, Bitnami and the Helm contributor community.
- Kubernetes: Kubernetes is an open source container orchestration platform that is designed for scaling, deploying and running large clusters of application containers. It can work with Docker containers.
- Istio is a service mesh that helps reduce the complexity of deployments and eases the strain on your development teams.
- Twistlock A framework that enables security testing by devs, ops, and security.
How to Measure DevSecOps Success
Organizations embrace DevOps in order to achieve five key objectives:
- Make software development faster and more efficient
- Cut costs
- Enhance and protect the brand’s reputation with both consumers and employees
- Reduce risk
- Ultimately grow the company
Generally speaking, a DevOps environment should help boost code deployments, decrease change lead times, reduce security issues, and improve the overall end user experience (which is measurable through feedback, tickets, and complaints).
To understand whether your DevOps implementation is producing the desired result, you need to measure “vanity metrics.” Coined by Eric Rie, author of The Lean Startup, vanity metrics help organizations to focus on one of the above objectives.
For example, if your DevOps process is increasing the number of builds it makes per day but does not speed up the release’s time-to-market, then your DevOps process is not making an impact. Similarly, if you increase code coverage but your product release is brimmed with bugs, then again, your DevOps process is not making an impact.
But measuring those KPIs can be tough without the right tools, which is why AlphaBravo leverages the leading DevOps-facilitating tools on the market (including the tools we listed above) to help clients achieve DevSecOps, CI/CD, and containerization goals.
Opinions expressed by DZone contributors are their own.