Posted on

Delivery Patterns for Rapid and Reliable Software Releases

This really is how boring releases should be

Imagine going to a new supermarket. You don't know where things are, so you spend extra time finding what you need. You might be down to the last item on your list — the one you really need to make dinner tonight — and it is back on the other side of the store, where you have already been three times. After a few visits, you learn where things are. The visit to the supermarket becomes routine, or even boring.

The real excitement and satisfaction comes from what you are cooking, not the routine of getting the ingredients.

Posted on

DevOps: Making Life on Earth Fantastic

photo: Engin Akyurt

DevOps is taking over business. Not because technology permeates business, but because it has broadened to include the entire business value stream. Different best practices throughout the enterprise are incorporating principles of DevOps to deliver better outcomes to customers.

Posted on

Safely and Swiftly Share Secrets Using DevOps

"To make all athletes better through passion, design, and the relentless pursuit of innovation," is Under Armour's stated mission. They have certainly delivered on the innovation promise in their products. Today, we will look at their innovation a few layers removed from your moisture-wicking socks or state-of-the-art Olympic speed skating suits.

Under Armour has several digital products, such as MyFitnessPal, under the umbrella of Under Armour Connected Fitness. It is here that Kyle Rockman (@Rocktavious) is an infrastructure engineer, coding infrastructure that supports the software engineers that develop the applications that you use to track protein shakes and Twinkie consumption. Kyle spoke at the 2017 AllDayDevOps conference about how he and his team are innovating. Specifically, their tool to compose and share hierarchical environment variable configuration to make updating hundreds of microservices easy. Yes, it is true. They were able to make it easy to share environment variables and make the updating process more transparent and easy.

Posted on

Managing Infrastructure at Scale With Terraform

Eighty percent of software outages are due to improper changes — changes that occurred at the wrong time or were not properly executed.

To reduce these outages, you need to address the core problem: human error. The reality is that repetitive tasks, such as infrastructure configurations, should be designed by humans and executed by software. Having machines tackle the repetitive tasks reduces errors and leaves us to do what we do best — solve problems. This makes our systems more reliable and better designed.

Posted on

The DevSecOps Equilibrium

Can you feel the tension in your organization between security, operations, and development? Does each side try to outmaneuver the other? Do they not talk for fear of conflict or being halted in their tracks? You know something needs to be done, but what do you do? The answer is simple — everyone needs to be more like pitcher plants. Stay with me here.

Chris Corriere is a fascinating guy to talk to, whether it's over a bowl of ramen or between sessions at a DevOps Days conference. He is one of those guys who searches for the deeper meaning of work, relationships, and behaviors. In every conversation, you'll learn something.

Posted on

Implementing DevSecOps With 1,162 Apps

Stopping builds when a vulnerability is detected should be a basic component of CI/CD and DevSecOps. It helps ensure compliance, but it is also a major shift from how things are done now. Consequently, it can be a major source of frustration to developers. After all, all of their hard work is about to be unleashed in all of its glory to the world and the new system halts it in its tracks. It can be another source of frustration "brought on by security."

This is a reality of culture change and something that must be managed to be successful in implementing DevOps in an organization. Ramping up new processes and allowing team members to see the value to them and the organization as a whole facilitates a successful culture change.

Posted on

Developers Need to Pay Attention: Attacks On Open Source Are Going to Get Worse [Video]

As vital as we know open source is to building software in today’s world, it’s a mistake to think of it as a silver bullet. The ability to expedite software development is clear — but so is the significant room for error, when not properly managed.

Two years ago, Sonatype's CTO, Brian Fox, started chronicling a disturbing turn of events that showed that a shifting landscape of attacks based on OSS consumption was emerging. Since then, he's seen a consistent increase in malicious open source and supply chain attacks that make one thing clear — it’s only going to get worse. Most recently it was the Bootstrap-sass hack and before that, the event-stream attack.

Posted on

Full Lifecycle Container Security

According to our 2019 DevSecOps Community survey of over 5,500 IT professionals, just 24 percent of companies with mature DevOps practices have integrated and automate security into their DevOps pipeline — that drops to 3 percent for those without a DevOps practice. While the change to integrating security into the development process is a big culture shift, the benefits in security compliance and eventual cost savings, far outweigh the initial friction.

But, alas, that is a case for different posts and presentations.

Posted on

Fannie Mae: Scaling the DevOps Enterprise

When you think about scaling DevOps into the enterprise, Fannie Mae is near the top of the size chart. They have over $100 billion in annual revenue and 7,200 employees. While they primarily have one DevOps model, they have 468 applications and 1,200 software assets.

Combine all of that with their unique role of being a government-sponsored, public entity, which enables them to get the benefits from both sides, but also the heavyweight governance and processes — and they have quite an interesting case study to learn from.

Posted on

Why You Need DevSecOps and Artifact Repositories

Helen Beal was once speaking at a conference about what being a DevSecOps engineer is all about. To her surprise, many of the participants in the DevSecOps track were not on board with bringing Security into DevOps. After probing the audience about this, she summed up the concerns into three categories: it could create another silo; that people in organizations have a hard time understanding DevOps, so it might create even more confusion; and, maybe there isn't room for another area.

Of course, Helen disagrees, and she knows a thing-or-two about DevOps and DevSecOps after spending nearly 20 years in the technology industry with a focus on the Software Development Lifecycle. She is a self-titled DevOpsologist at Ranger4, where she helps organizations implement DevOps. She shares her knowledge speaking around the world, and she was able to join us for our 2018 Nexus User Conference, speaking on artifact repositories and their role in the DevSecOps toolchain.

Posted on

Attacks, Vulnerabilities, and Tools: The Fate of DevSecOps

"Only with the introduction of trucks and tanks in World War I did horses finally become supplanted as the main assault vehicle and means of fast transport in war. Arabian and Bactrian camels played a similar military role within their geographic range," shared Jared Diamond, in his seminal 1997 book entitled Guns, Germs, and Steel: The Fates of Human Societies. In all these examples, people with domestic horses or camels (later with trucks and tanks), or with improved means of using them, enjoyed an enormous military advantage over those without them.

Throughout all of history, elite societies have both been formed and crushed through the advent of new technologies or the availability of better resources to them. The have's have outpaced the have nots. The better equipped prospered and those without, languished.