One of the major reasons organizations adopt DevOps practices is to accelerate delivery of software to production. This includes deploying more frequently and reducing lead time.
However, many organizations fail to include quality components in their practices. This leads to organizations delivering code faster, but unfortunately, that code is just poor. Continuous deployment without quality is just delivering continuous bugs to your customers.
If this sounds like your organization, software testing may be the missing component to your DevOps program. Top performing DevOps organizations, like Netflix, Amazon, and Etsy, utilize automated regression, performance, load, and security testing to ensure software quality is built into their DevOps pipelines and ensured by being forced to be run on every build. For Netflix, this allows software to be committed, tested, and fully deployed to production within sixteen minutes!
If your organization isn’t as large or doesn’t require as rapid deployments as those companies, automated testing in your DevOps pipelines still provides significant benefits. Even a small amount of automated regression testing can ensure basic tests are always run on a build. Typically, organizations start by building an automated smoke test. This smoke test provides a sanity check on a developer’s code. This can not only reduce some of the overall manual testing effort by the testing team, but also ensure effort isn’t being expended on builds that don’t meet minimal quality standards.
More robust automated testing suites can result in even less manual testing, in addition to better-focused exploratory testing efforts into high-risk areas of the application, including interfaces, misuse cases, and the most important assets to your system. While not every test can (or should) be automated, spend your critical resources wisely by only focusing manual efforts on the things that really require their attention.
Most organizations today use some level of automation when looking at performance, load, and security. Leveraging those existing capabilities into your DevOps pipelines ensures that your deployments are not held back by independent groups late in the software lifecycle and they aren’t an afterthought when the application is already in production. This has immediate benefits, such as reducing cyber security impacts on your applications and their data by ensuring critical vulnerabilities are identified earlier in your software development lifecycle and aren’t deployed to production in error.
Pulling software testing into your DevOps practices doesn’t have to be difficult. You can start by bringing your existing testers and security engineers into your planning sessions. Next, ensure each phase of your pipeline has a quality gate and software quality criteria that should be met in order to move to the next phase of your pipeline. Last, identify gaps between your quality goals and reality, and ensure you prioritize efforts into the activities that provide the greatest return on investment—those that are either run with the highest frequency, reduce the greatest software quality risk, or reduce the biggest bottlenecks.
These simple steps will lead to not just delivering code faster, but delivering better code faster.
