DevSecOps is not only a technology, or tool, or practise or even a mindset — it’s all of these and much more. Where DevSecOps can help in vintage software projects, it is an essential component of modern, accurate and fast software development.
DevSecOps includes the following parts: DevSecOps mindset, Delivery Pipelines, Test Automation, Security and Environments, which are all covered by NorthCode.
DevSecOps mindset
Feedback loops are within the core of the DevSecOps mindset. Whenever we change things, we want to receive feedback as soon and as accurately as possible. Automation plays a core role. We rely on automation to give us feedback in order for us to understand the quality of the changes made. Fast release cycles are also an important component, as customer feedback is what really counts in the end.
Delivery Pipelines
Code in a developer’s hard drive does not create any additional value to the end user, but code in the production process can potentially do so. This is why we need fast and reliable delivery pipelines that are as highly automated as possible.
Test Automation
To ensure quality, we need to have Quality Gates in our pipelines. Test Automation plays a key role here as well. Quality Gates operate on every level of a test pyramid, starting with the lowest level (e.g. Unit Test). The further each change goes within the Delivery Pipeline, the higher level tests are executed (eg. Integration and Acceptance Test). If critical tests fail in the pipeline, delivery is halted and each specific problem is fixed.
Security
Traditionally security audits are done at the end of each project, but within the DevSecOps domain they are executed on a constant basis. The aim is to bring security in on day one, with scans and executed in delivery pipelines to ensure fast feedback with immediate, on-the-spot problem-solving.
Environments
DevSecOps relies heavily on Infrastructure as a Code paradigm: as modern software development relies more and more on Cloud Native, we need to take into account that ageing machines exist and need regular maintenance and updating. It doesn’t matter if your infrastructure is built from a hardware pc to serverless functions in the cloud, you can still automate all environmental maintenance via the infrastructure as code.
DevSecOps covers everything from developmental environments to production environments and the necessary monitoring for each one of these areas to give you a fast, more reliable and controlled outcome.
