The DevSecOps Journey - (Anti)Patterns, Analytics and Insights. Presentation slides by Juni Mukherjee, Owner/Speaker/Author, CONTINUITY at the Canadian Executive Cloud & DevSecOps Summit. Toronto May 4, 2018 hosted by TriNimbus.
5. # Class/category Solution
13 Static code analysis Sonar, ESLint, Taylor, Lint, ..
14 Functional test TestNG, Webdriver/Selenium, SauceLabs (Selenium on the cloud), Protractor (Node.js),
Appium (Mobile), ..
15 Performance test JMeter, BlazeMeter (JMeter on the cloud), ..
16 Unit test JUnit (Java), Jasmine (Node.js), ..
17 Feature Flagging LaunchDarkly, ..
18 A/B tests Optimizely, ..
19 Build Npm (Node.js), Maven(Java), Gradle(Java, Android), ..
20 Database Liquibase/Datical, Flyway, ..
::: ::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::
::: ::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::
::: ::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::
Juni Mukherjee | @JuniTweets | https://continuity.world
Continuous delivery pipeline
assembly
6. On our plate today
Anti patterns
Patterns
DevSecOps (and DevOps)
Analytics (and insights)
Juni Mukherjee | @JuniTweets | https://continuity.world
7. Hand-off anti-pattern, VSM, Flow,
Drag
Do I
seek or
give
sign-
offs?
Juni Mukherjee | @JuniTweets | https://continuity.world
Automated
waste >
manual
waste, but
is still
waste.
8. Composition anti-pattern, Arch Coupling
Am I stuffing
everything
into a
container?
Do my
applications
lend
themselves
to 12-
factor?
Do I have
monoliths vs.
SOA vs.
microservices
?
Do I have RoI
to strangulate
my whole
monolith?
Juni Mukherjee | @JuniTweets | https://continuity.world
How can I
avoid a big
ball of mud
and a big
ball of
tests?
9. Firmware, embedded systems, IoT,
Network
Do I have
hardware
whose supply
chain doesn’t
align to
continuity?
Does my
medical
device
need CD
or CD?
Does IoT
need
CD?
OTA…
Juni Mukherjee | @JuniTweets | https://continuity.world
10. On our plate today
Anti patterns
Patterns
DevSecOps (and DevOps)
Analytics (and insights)
Juni Mukherjee | @JuniTweets | https://continuity.world
11. Pipeline assets, (S|I|P|*)aaS
Can I do
Pipeline-as-
conf?
Are my
vendors’
network
topologies
aligned?
Is my
network
topology
optimized for
CD?
Juni Mukherjee | @JuniTweets | https://continuity.world
16. OSS, Unit Test, SAST, DAST,
Container
For starters,
are security
specialists
embedded in
scrum teams?
How do I
assess my
security
posture?
Juni Mukherjee | @JuniTweets | https://continuity.world
DevSecOps
17. On our plate today
Anti patterns
Patterns
DevSecOps (and DevOps)
Analytics (and insights)
Juni Mukherjee | @JuniTweets | https://continuity.world
18. Big picture KPI - Concept2Cash
Where
am I?
Where
should
I be?
Juni Mukherjee | @JuniTweets | https://continuity.world
19. Biggest bang for the buck
Do I know
how many
environments
I have vs.
how many I
need?
Do I
provision
Dev(1..M),
DevInt(1..N)
, Perf(1..X),
…?
Juni Mukherjee | @JuniTweets | https://continuity.world
20. Show me the money!
Do I trend
speed and
quality on the
same
canvas?
Do teams
have
conflicting
goals?
Are my KPIs
departmental
vs.
organizational
?
Juni Mukherjee | @JuniTweets | https://continuity.world