Weitere ähnliche Inhalte Ähnlich wie How to work in devsecops (20) Mehr von Theresa Neate (11) Kürzlich hochgeladen (20) How to work in devsecops 1. Dev Sec Ops
And QA, and Product, and UX,
and other team members.
Theresa Neate
30 May 2018
3. ©2018 theresaneate.com https://twitter.com/TheresaNeate
History of devops
2001
Agile Manifesto
2009
Velocity Conference
Allspaw and Hammond
“10+ Deploys Per Day...”
Agile conference Toronto
Debois & Shafer
“Agile Infrastructure”
2008
Origins of Lean
Goldratt
Ohno
Deming
~1940s to ~1997
devopsdays
Patrick Debois
2009
3
14. ©2018 theresaneate.com https://twitter.com/TheresaNeate
The answers lie in lean & agile (cont’d)
14
http://agilemanifesto.org/principles.html
“Deliver working software frequently”
“Build projects around motivated
individuals. ...”
“The most efficient and effective
method of conveying information to
and within a development team is
face-to-face conversation.”
“Working software is the primary
measure of progress.”
“Continuous attention to technical
excellence and good design enhances
agility.”
“Simplicity--...is essential.”
18. ©2018 theresaneate.com https://twitter.com/TheresaNeate
A possible day in the life of dev-sec-ops
1. Work is broken into small pieces
2. Definition of done is defined,
including security and ops and
monitoring and testing
requirements for THAT story/task
a. Automated tests written
against these requirements
3. These “non functional”
requirements are coded in (as
much as possible) alongside the
functionality (security as code,
infrastructure as code)
18
19. ©2018 theresaneate.com https://twitter.com/TheresaNeate
A day in the life of dev-sec-ops (cont’d)
4. Local tests pass (bring on the early feedback!)
5. If tests pass, code is committed to CI and integrated to trunk
6. Wider automated (integration, etc.) tests are run where applicable, including
security tests as part of build pipeline
7. If required, manual tests are done, e.g. security scan, exploratory testing, etc.
8. Rinse, repeat.
It’s just how the team flows: no afterthoughts, quality is baked in.
19
24. ©2018 theresaneate.com https://twitter.com/TheresaNeate
Reading
The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win by Gene Kim, Kevin Behr,
George Spafford, IT Revolution Press, 2013.
http://www.devsecops.org/
http://itrevolution.com/devops-culture-part-1/
https://itrevolution.com/the-three-ways-principles-underpinning-devops/
https://devopsagenda.techtarget.com/opinion/Its-past-time-to-revisit-Agiles-definition-of-done
https://xp123.com/articles/coaching-drills-and-exercises/
https://www.agilealliance.org/the-agile-root-of-devops/
https://twitter.com/royrapoport/status/996013869230272512
https://pragdave.me/blog/2014/03/04/time-to-kill-agile.html
24