When it comes to software delivery, customer experience tops the priority list. Organizations need to be efficient and fast while preserving the quality and security of their software offerings. However, it can easily fall off course without a well-established CI/CD pipeline. Automation technology is extremely important to accelerating and simplifying CI/CD pipelines – and so is a human investment. Without understanding best practices around CI/CD, the DevOps journey can encounter many challenges.
At DevOps Institute, we have the pleasure of regularly connecting with our ambassadors to gain access to their knowledge on important IT topics – like CI/CD. As we reflect on some of these important insights, we gathered some of the great CI/CD advice that our ambassadors have recently shared:
-
- Anders Wallgren, VP of Technology Strategy, CloudBees tackled ‘why’ we need CI/CD.
“Today it’s not just banks that need to worry about auditing and controls on software delivery processes. Any company that delivers software needs to be aware of their processes and how they build, test, qualify, secure, deploy and release their software. The proliferation of bad actors and ransomware in the world means that none of us are immune, even if we’re not in a traditionally regulated industry. ‘Automation is auditing’ by automating and orchestrating the end-to-end delivery of our software we (1) are forced to have system-level comprehension of what our processes are and (2) then have automation that allows us to prove (to ourselves, if not to auditors) that all necessary tasks were completed before the software went out the door.” - Tiffany Jachja, engineering manager at Vox Media, suggested hardening deployments and delivery teams to reduce deployment risk.
“Contributors to deployment risk can involve inadequate testing, inadequate solutions for configuration management, non-reproducible environments, and environments that are not well defined, controlled, or maintained. Successful CI/CD depends on the hardened practices of developers and engineers, so it’s worth looking into how your delivery team is reviewing unit test or integration test results, broken builds, vulnerabilities, and incidents.” - Savinder Puri, DevOps Evangelist, Zensar Technologies, explored security challenges and the importance of shifting left.
“Infuse as many aspects of security as possible into your CI pipeline. CD is already too late for security—you’ve already deployed the application into an environment. Start from the basic static code analysis, security scanners, etc., and then keep maturing. Whatever tools you integrate into CI Server, ensure the corresponding integrated development environment (IDE) plugins are made available to developers. That way, devs can do the first-level validation within their IDE itself and do it as they code, even before compiling. That’s the practical implementation of the often overused term ‘shift left.” - Dheeraj Nayal, Global Community Ambassador, DevOps Institute, looked toward the future of CI/CD with Artificial Intelligence and Machine Learning.
“AI and ML are helping, shaping, and impacting CI/CD, enabling organizations to move away from siloed operations management, provide intelligent insights, and drive automation and collaboration. This is happening in four major areas: AI-Driven Development, Cloud Native Distributed Data Frameworks, AI-Driven Operationalization, and Next level insights into Delivery Health.” - Mark Peters, Product Manager, BrainGu and Parveen Kr. Arora, Co-Founder & Director, VVnT SeQuor shared their insights into how DevOps should approach technical debt in line with the recent SKILup hour on Rearchitecting for Distributed Computing (CI/CD).
“Technical debt is completing an action based on expedited delivery which creates additional work later to create stability. This should be handled by the flow, feedback and continuous improvement aspect of the DevOps cycle. Once technical debt has been introduced, feedback should be received showing the levels of technical debt, and continuous improvement processes address reducing that technical debt. One aspect frequently forgotten is that technical debt is only part of existing debt. Teams need to consider the process and cultural debt as well. Sometimes elements are labeled as technical debt when they more appropriately belong in another category. For example, if security tools can only scan for a certain language, and teams write in another language to avoid the scanner, you may have a process or cultural debt rather than technical.” – Peters.“Overcoming technical debt has always been vital in any successful DevOps transformation. This is one of the pillars in adopting a true DevOps mindset. The organization should take the time to remove both small and large technical debt for the greater good of the team. By taking a different approach to technical debt, running toward it rather than away from it, organizations can lead towards success in the DevOps journey and change their culture at the same time.Automation is the heart and soul of any DevOps approach. Organizations can leverage DevOps automation to offset current technical debt while avoiding future debt. Orchestration tools, like Kubernetes, automate the container lifecycle, are enablers of and an excellent fit for microservices, which are small and independent. This makes it easy for DevOps teams to identify and trim technical debt.” – Arora
- Anders Wallgren, VP of Technology Strategy, CloudBees tackled ‘why’ we need CI/CD.
These ambassador insights are extremely valuable and help better understand why CI/CD is important, why teams should harden engineer and developer practices, how to view security, the future of CI/CD and how to approach technical debt.