DevOps Pipeline Quality Gates – A Double Edged Sword
How to Get Security Groups to Join Your DevSecOps Journey
There has been much discussion about the many benefits of “moving testing left,” and our experts will tell you that doing so by having automated testing (Quality Gates) integrated into your build pipelines is a critical success factor for the rapid build and deploy process automation necessary to truly reap the benefits of Agile. That […]
DevOps and Security: 5 Principles for DevSecOps
DevSecOps shifts security practices left and assures earlier that your application isn’t vulnerable to breaches. But convincing a security group to get on board with your DevSecOps journey may not be an easy task. These four points can help you prove to your security group that DevSecOps is in everyone’s best interest.
Jenkins Scripted Pipeline: A Groovy Primer
With the trend toward a more continuous delivery and deployment process, late-lifecycle activities like security assurance present a significant hurdle to continuously delivering value to customers. DevSecOps addresses this by shifting security assurance activities, personnel, and automation closer to development.
Implementing Continuous Delivery in the Federal Government
The Jenkins pipeline documentation does a serviceable job describing a Jenkinsfile. There are a number of examples for common tasks, giving code snippets that can be copied and pasted for your own use. When needing to do simple or commonly performed tasks, this method can be sufficient. There is also a helpful pipeline syntax generator […]
Agile and DevOps Bring the Focus Back on Quality
Federal agencies generally have more regulation, slower processes, and a command-and-control style of bureaucracy. How does it work when trying to foster agility and implement a continuous delivery model? Gene Gotimer relates his experiences and challenges with encouraging a culture change in federal government.
Leveraging Kubernetes as a Tester
I’ve had the privilege (and the many challenges) of working in IT for more than three decades. Early in my career I tended to accept things as they were presented, following the techniques, processes, guidelines, and approaches I was taught by my peers and managers. As I gained experience and wisdom, I became a better independent thinker and started to connect the dots and ask questions.
Installing MicroK8s 1.14 for Local Development
With the advent of agile and DevOps, organizations are moving from specialized roles to cross-functional teams—and that means cross-functional sharing of the specialized tools used in each silo. So it’s not unreasonable for a tester to need access to the tools used in those other silos, such as Kubernetes. Kubernetes is a scalable, production-grade container […]
The Pros and Cons of a Serverless DevOps Solution
In a recent development, MicroK8s replaced its dockerd installation with containerd. Many pre-existing sources mention “microk8s.docker”, but this command is no longer available. I will walk you through the full initial installation and basic usage on Ubuntu 18.04. Practically speaking, this means you now need to install Docker on your Ubuntu machine. In previous versions, […]
Making Security a First Class Citizen in DevOps
The dream of any product owner is fully customizable production software without the expense of paying for the hardware it rests upon. While the cloud and infrastructure as a service (IaaS) partially deliver on this promise, a completely serverless infrastructure would be much closer to this dream. From a product owner’s perspective, the possibility of […]
I recently had the opportunity to do a web seminar with Jeff Payne about using open source tools for DevSecOps. In our discussion, I made the point that the goal of DevSecOps is to make application security a first-class citizen in the DevOps process. Making application security a first-class citizen improves the quality of your […]