SlideShare a Scribd company logo

White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps

Sonatype
Sonatype

This white paper highlights similarities between automobile manufacturing and software development with compelling information about how supply chain best practices could solve many common development issues, especially those relating to managing the flow of components into and though an organization.

Software
1 of 8
Download to read offline
WHITEPAPER Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps By Mike Hansen, Sonatype Senior VP of Products
Page 2 Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps Executive Summary While the term“supply chain”is not common in the lexicon of the software development discipline, it is a ubiquitous trait of modern software development life cycles. Software de- velopment has borrowed much from the learnings of Toyota. However, we still have yet to fully embrace the most fundamental element of The Toyota Way: The underlying supply chain where the extraordinary benefits of Toyota’s perennial continuous improvement programs are evident. Agile has brought the concepts of iteration, routine inspection and adaptation along with a focus on continuous improvement. Lean introduced the notion of the build-measure-learn loop. Most recently, DevOps, like the combination of agile and lean, has bridged the gap between the operational and development disciplines. However, nearly all optimization has been done around the production of software, without real consideration for the supplier dimension, primarily the open source ecosystem. This unchecked diversity of supply, where development teams typically choose whatever technology is deemed appropriate, as well as whatever version might be in vogue at the time of selection, has introduced a significant de- gree of unnecessary complexity. While empowering development teams to choose their own suppliers (i.e. software components) has enabled speed, increased throughput and unlocked innovation, there is much hidden inefficiency and risk. Software supply chain automation will unleash the next level of application development efficiency, driving extraordinary increases in innovation, productivity and cost savings while enabling far greater control of risk. about Mike Hansen As the Senior Vice President of Products, Mike brings nearly 20 years experience building and leading global product development organizations ranging from start-ups to the Fortune 100. Most recently Mike was Vice President of Devel- opment for Hanley Wood where he led development across five product lines, including the creation of advanced business analytics platforms for the residen- tial construction industry. Prior to this, Mike was Vice President of R&D for Bantu where he led product development efforts that drove one of the worlds largest private instant messaging networks with the U.S. Department of Defense. Mike Hansen Senior Vice President of Products
Page 3 Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps That is an extraordinary difference in complexity for GM, leading to significantly higher overhead costs, vari- ability in the flow of supplies and greater challenges in quality management to cite only a few of the inherent disadvantages. It is no wonder the Prius outsells the Volt better than 10 to 1. Interestingly, the software de- velopment practices of the majority of organizations today tend to have more in common with GM than you might think. Supplier complexity impacts cost and quality, two important factors for competitive differentiation. The same is true of software. supply chain optimization To produce the Prius, Toyota leverages 125 total suppliers. To produce the Chevy Volt, General Motors uses over 800 suppliers. Ironically, 73% of the Prius is sourced from Toyota’s suppliers, whereas only 46% of the Volt is outsourced. The visual comparison is somewhat striking. Number of Suppliers Impact of supply chain optimization in automobile manufacturing Sales of Prius vs. VoltCost Comparison Toyota Prius Toyota PriusToyota PriusGM Volt GM VoltGM Volt 200 2 $15,000 $5,000 400 4 $20,000 $10,000 600 6 $25,000 800 8 $30,000 10$35,000
Page 4 Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps recent progress Over the last 15 years, software development has benefited greatly from practices and tooling created as part of the agile, lean product development and DevOps movements. Agile has brought the concepts of iteration, routine inspection and adaptation along with a focus on continuous improvement. This has led to marked increases in development efficiency relative to approaches like waterfall. However, we occasionally ended up building the wrong thing. Lean emerged in response to these product man- agement challenges and has introduced the notion of the build-measure-learn loop, tightening the relationship between the product management and development disciplines along with the end users of the software. Borrowing from the routine inspec- tion and adaptations of agile, lean has enabled the notion of“failing fast”providing teams with a more direct route to building the right solutions. Most recently, DevOps, like the combination of agile and lean, has bridged the gap between the operational and development disciplines. This has shifted important operational thinking and practic- es to much earlier points in the development pro- cess and vastly reduced the time it takes to deploy new code, ultimately introducing significant gains in productivity. The inclusion of these key disciplines involved in the production of software has led to significant in- creases in development effectiveness as silos have been torn down, communications streamlined and waste removed. However, despite the revolutionary nature of the changes in supply that have occurred throughout this same 15 year period, there has been little focus on the suppliers that now feed software development—primarily the open source software ecosystem. Today’s component supply chain A Software Supplier Sea Change At the turn of the century, the vast majority of a typ- ical application was written by the organization pro- ducing it. Today, with the huge and rapidly expand- ing body of freely available open source software, the opposite is true. The largest portion of modern applications is typically open source, upwards of 80-90% in many cases. While the term“supply chain” is not common in the lexicon of the software devel- opment discipline, it is a ubiquitous trait of modern software development lifecycles. This shift happened somewhat gradually and kind of snuck up on the software development discipline. Organizations continued to witness incremental gains in productivity by leveraging more and more of the diverse specialization that the open source ecosystem offers. Nearly all opti- mization has been done around the production of software, without real consideration for the supplier dimension. This unchecked diversity of supply, where development teams typically choose what- ever technology is deemed appropriate, as well as whatever version might be in vogue at the time of selection, has introduced a significant degree of unnecessary complexity. In fact, the situation is arguably far worse than what were explicit and intentional choices made in building the Chevy Volt and other GM models. It leads to a dark matter version of technical debt creating a pernicious drag on overall development throughput. 30+ critical or severe license or security issues in an average application 43 versions of the same component are downloaded by an average organization 60% of organizations don’t know what components are used or where
Page 5 Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps If Developers Built Cars For a provocative thought experiment, let’s trans- pose modern software development practices into the production of an automobile. In this universe, BigAuto teams independently choose whatever sup- plier they want for a car’s transmission and whatever revision that might be available at the time. Word on the street is that a lot of people have looked at how the transmission was made and no one is com- plaining much, so it is presumed to be good. This transmission also has numerous other parts inside it that were chosen from even more suppliers that supposedly have good reputations and pro- duce good parts. There are ways to see what parts are being used but no one really bothers with that. Each team just wants a transmission and worrying about the internals is not part of their job descrip- tions. “Someone else tested the transmission, and we just need to test the car. If something is wrong that the supplier isn’t willing to fix, they are happy to share the designs so we can fix it ourselves,”the teams rationalize. The team that is responsible for each model car is also given complete autonomy to choose pretty much any supplier they want for any part they want and change them whenever they want. This is done without any systems for tracking the corresponding activity. BigAuto sensed this might not be opti- mal and tried to institute a tight set of controls on their supply chain several times. However, without understanding the benefits that the current level of autonomy and unobstructed flow was yielding, each ill informed attempt crushed productivity and innovation and undermined their competitive position. Forced to contend with this generally ad hoc approach to sourcing, BigAuto was left without the ability to perform any kind of orderly recall, not managing the corresponding risks. Due to a lack of software supply chain visibility, processes and automation… Developers choose whatever supplier they want for any given part. Any part can be chosen even if it is outdated or known to be unsafe. There are no systems to inventory and track the various parts that are used. Everyone realizes there are some issues, but the prevailing wisdom is that “it’s good enough.” If there is a recall on a specific part, no one would know if the part was used or where.
Page 6 Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps The process used by BigAuto seems like it is working for the most part. There isn’t too much news about people getting stranded, and there haven’t been too many catastrophic outcomes. Everyone realizes there are some issues, but the prevailing wisdom is that it’s good enough. However, a few internal champions have recently started to think investments in modern tooling here could lead to significant competitive differentiation in conjunction with risk reduction. Ripe for Optimization This is basically the way most software is written to- day. It does in fact work and teams are more effective than they ever have been despite the abridged list of shortcomings depicted in the allegory, all of which have a very real analog in software development. However, good is the enemy of great. While em- powering development teams to choose their own suppliers (i.e. software components) has enabled speed, increased throughput and unlocked inno- vation, there is much hidden inefficiency and risk. Attempts to centralize control and decision making —often instituted in reaction to some previously un- identified risk manifesting—have failed to produce positive results and have often made situations far worse. This is an intuitive and commonly attempted response, yet incorrect. Instead, solutions must allow for the appropriate constraints (rules) to be estab- lished up front, the testing for conformance auto- mated, and the information needed to remediate issues provided in the context of the existing tooling used by development and operations teams —trust but verify. Like the waste cut out by agile, lean and DevOps practices, there is substantial waste that can be removed with automated tooling and process innovation throughout the software supply chain. Additionally, significant benefits are achievable regardless of the specific methodologies in use. By providing visibility and empowering teams with the knowledge necessary to make the right choices as early as possible (data+rules+context), we can go even faster, further driving down costs and simulta- neously managing or eliminating elective risk. The current state of the art is ripe for optimization. Good is the enemy of great. While empowering development teams to choose their own suppliers (i.e. software components) has enabled speed, increased throughput and unlocked innovation, there is much hidden inefficiency and risk.
Page 7 Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps Supplier Bloat Complexity is the enemy of many things but espe- cially of efficiency and risk. It leads to symptoms like burdensome technical debt, quality issues and chal- lenges in keeping a system secure. The magnitude of unnecessary complexity in modern software supply chains serving even a small portfolio of applications can be significant. In a large portfolio it can be enor- mous, and it typically is. We worked with one organization that upon deep- er inspection was found to be using 81 out of the 85 available versions of a popular web framework, spanning years of release history. While that is somewhat of an extreme case, this anti-pattern of greater than necessary version dispersion is actually quite common. After all, the average open source project releases a new version four times each year and it is fairly common practice to update only in response to a known issue impacting a particular application. Given the average application also has hundreds of open source components, any given day can see multiple new versions across the inven- tory of components in use. Also, issues that may be known to a particular open source project are often unknown to its consumers—i.e. the“no recall”prob- lem mentioned earlier. In addition to version dispersion, there is also technology dispersion, where different components that perform the same basic functions are used somewhat indiscriminately and often due to per- sonal tastes or familiarity (e.g. logging frameworks, web frameworks). Viewed in the context of a single application, such dispersion isn’t usually much of an issue, but notable impacts can become apparent with even as few as two applications. For example, subject matter expertise must be spread more thinly across the organization concentrating expertise locally within a team and potentially limiting future flexibility in resource allocation. The effective surface area of supply is also greater correlating directly with reduced efficiency and the potential for problems. More recently, open source vulnerabilities have become exploit targets as commonly used compo- nents with known vulnerabilities are often the path of least resistance for attackers. These vulnerabilities are now getting catchy monikers like HeartBleed, ShellShock, POODLE and GHOST. Unfortunately, a larger than necessary set of suppliers with no real visibility of them leads not only to greater risk po- tential but incremental challenges and greater costs in securing the supplier dimension. There are significant opportunities for performance gains as investments optimizing these supply chains can markedly improve efficiency and control risk, unleashing the full potential of an organization’s capacity for innovation.
Page 8 Sonatype Inc. • 8161 Maple Lawn Drive, Suite 250 • Fulton, MD 20759 • 1.877.866.2836 • www.sonatype.com 2015. Sonatype Inc. All Rights Reserved. Sonatype helps organizations build better software, even faster. Like a traditional supply chain, software applications are built by assembling open source and third party components streaming in from a wide variety of public and internal sources. While re-use is far faster than custom code, the flow of components into and through an organization remains complex and inefficient. Sonatype’s Nexus platform applies proven supply chain principles to increase speed, efficiency and quality by optimizing the component supply chain. Sonatype has been on the forefront of creating tools to to improve developer efficiency and quality since the inception of the Central Repository and Apache Maven in 2001, and the company continues to serve as the steward of the Central Repository serving 17.2 Billion component download requests in 2014 alone. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures. Visit: www.sonatype.com Answer: Software Supply Chain Automation As software development evolves, we continue to create situations where complexity blocks further increases in productivity and innovation per unit of investment. These problems are often the impetus for rethinking and reshaping the status quo. For instance, the introduction of high-level lan- guages, object oriented programming, agile, lean, DevOps and dependency management are all examples of how we broke through barriers when reaching the limits of scale. Soon, the industry will begin to broadly demand solutions in response to software supply chain complexity. But there is no need to wait. As the use of automation in areas of testing, build and deployment has provided significant perfor- mance benefits, so can further automation through- out the software supply chain. This is done by providing non-intrusive guardrails that consider the need for both autonomy and acceleration. The manufacturing industry was transformed with three basic principles: Use fewer and better parts, limit the variety and quantity, and track where they are used. Software supply chain solutions address these principles using repository management, automated open source policy enforcement and up- to-date component data feeds. At a high level these solutions facilitate: • Quality - Easily avoid known open source license issues and security vulnerabilities. Use better, up-to-date open source component types and versions. • Visibility - Integrate component insight and policy automation into popular development tools. • Traceability - Instantly identify out-of-date and defective components across the SDLC. • Remediation - Effectively prioritize responses to new issues using a combination of visibility and context to rank risk. Solutions that facilitate comprehensive software supply chain automation are poised to usher in the next wave of development productivity, on par with the gains possible with agile, lean and DevOps. In fact, the gains are likely to be even greater.

Recommended

SI Accelerators for delivering IVI systems
SI Accelerators for delivering IVI systemsSI Accelerators for delivering IVI systems
SI Accelerators for delivering IVI systemsNepolian Rajarathinam
 
Gain new visibility in your DevOps team
Gain new visibility in your DevOps team Gain new visibility in your DevOps team
Gain new visibility in your DevOps teamAbhishek Sood
 
Virtualization: Improve Speed and Increase Quality
Virtualization: Improve Speed and Increase QualityVirtualization: Improve Speed and Increase Quality
Virtualization: Improve Speed and Increase QualityTechWell
 
Adaptive Automotive Development: Faster and more targeted innovations through...
Adaptive Automotive Development: Faster and more targeted innovations through...Adaptive Automotive Development: Faster and more targeted innovations through...
Adaptive Automotive Development: Faster and more targeted innovations through...Christian Mies
 
Article
ArticleArticle
ArticleMichael White
 
Connecting Applications from Mobile to Mainframe in the Application Economy
Connecting Applications from Mobile to Mainframe in the Application EconomyConnecting Applications from Mobile to Mainframe in the Application Economy
Connecting Applications from Mobile to Mainframe in the Application EconomyCA Technologies
 
Global Test & Defect Management for the Future of Mobility - Gunther Fabian (...
Global Test & Defect Management for the Future of Mobility - Gunther Fabian (...Global Test & Defect Management for the Future of Mobility - Gunther Fabian (...
Global Test & Defect Management for the Future of Mobility - Gunther Fabian (...Intland Software GmbH
 
Reinventing Application Performance Testing with Service Virtualization
Reinventing Application Performance Testing with Service VirtualizationReinventing Application Performance Testing with Service Virtualization
Reinventing Application Performance Testing with Service VirtualizationCA Technologies
 

Recommended

SI Accelerators for delivering IVI systems
SI Accelerators for delivering IVI systemsSI Accelerators for delivering IVI systems
SI Accelerators for delivering IVI systemsNepolian Rajarathinam
 
Gain new visibility in your DevOps team
Gain new visibility in your DevOps team Gain new visibility in your DevOps team
Gain new visibility in your DevOps teamAbhishek Sood
 
Virtualization: Improve Speed and Increase Quality
Virtualization: Improve Speed and Increase QualityVirtualization: Improve Speed and Increase Quality
Virtualization: Improve Speed and Increase QualityTechWell
 
Adaptive Automotive Development: Faster and more targeted innovations through...
Adaptive Automotive Development: Faster and more targeted innovations through...Adaptive Automotive Development: Faster and more targeted innovations through...
Adaptive Automotive Development: Faster and more targeted innovations through...Christian Mies
 
Article
ArticleArticle
ArticleMichael White
 
Connecting Applications from Mobile to Mainframe in the Application Economy
Connecting Applications from Mobile to Mainframe in the Application EconomyConnecting Applications from Mobile to Mainframe in the Application Economy
Connecting Applications from Mobile to Mainframe in the Application EconomyCA Technologies
 
Global Test & Defect Management for the Future of Mobility - Gunther Fabian (...
Global Test & Defect Management for the Future of Mobility - Gunther Fabian (...Global Test & Defect Management for the Future of Mobility - Gunther Fabian (...
Global Test & Defect Management for the Future of Mobility - Gunther Fabian (...Intland Software GmbH
 
Reinventing Application Performance Testing with Service Virtualization
Reinventing Application Performance Testing with Service VirtualizationReinventing Application Performance Testing with Service Virtualization
Reinventing Application Performance Testing with Service VirtualizationCA Technologies
 
Roadmap Session: Achieve DevOps on the Mainframe for Faster Time to Market
Roadmap Session: Achieve DevOps on the Mainframe for Faster Time to MarketRoadmap Session: Achieve DevOps on the Mainframe for Faster Time to Market
Roadmap Session: Achieve DevOps on the Mainframe for Faster Time to MarketCA Technologies
 
OPEN SOURCE BPM vs. Programación (RED HAT)
OPEN SOURCE BPM vs. Programación (RED HAT)OPEN SOURCE BPM vs. Programación (RED HAT)
OPEN SOURCE BPM vs. Programación (RED HAT)Kay Winkler
 
Implementing Software Metrics at a Telecommunications Company -- A Case Study
Implementing Software Metrics at a Telecommunications Company -- A Case StudyImplementing Software Metrics at a Telecommunications Company -- A Case Study
Implementing Software Metrics at a Telecommunications Company -- A Case Studydheimann5
 
Beyond DevOps: Finding Value through Requirements
Beyond DevOps: Finding Value through RequirementsBeyond DevOps: Finding Value through Requirements
Beyond DevOps: Finding Value through RequirementsGail Murphy
 
The (Un) Expected Impact of Tools in Software Evolution
The (Un) Expected Impact of Tools in Software EvolutionThe (Un) Expected Impact of Tools in Software Evolution
The (Un) Expected Impact of Tools in Software EvolutionGail Murphy
 
Standards @ Microsoft
Standards @ MicrosoftStandards @ Microsoft
Standards @ Microsoftukdpe
 
IT Executive Survey: Strategies for Monitoring IT Infrastructure & Services
IT Executive Survey: Strategies for Monitoring IT Infrastructure & ServicesIT Executive Survey: Strategies for Monitoring IT Infrastructure & Services
IT Executive Survey: Strategies for Monitoring IT Infrastructure & ServicesCA Technologies
 
Insights success the 10 best performing software solution providers 11th dec ...
Insights success the 10 best performing software solution providers 11th dec ...Insights success the 10 best performing software solution providers 11th dec ...
Insights success the 10 best performing software solution providers 11th dec ...Insights success media and technology pvt ltd
 
#STC13: The Future of Tech Comm is Here. Are you ready for it?
#STC13: The Future of Tech Comm is Here. Are you ready for it?#STC13: The Future of Tech Comm is Here. Are you ready for it?
#STC13: The Future of Tech Comm is Here. Are you ready for it?Maxwell Hoffmann
 
Developing Effective Software Productively
Developing Effective Software ProductivelyDeveloping Effective Software Productively
Developing Effective Software ProductivelyGail Murphy
 
Developer economics 2013 top 10+1 insights
Developer economics 2013 top 10+1 insightsDeveloper economics 2013 top 10+1 insights
Developer economics 2013 top 10+1 insightsSlashData
 
Online Video Collaboration for Manufacturing Industry - Summary Report
Online Video Collaboration for Manufacturing Industry - Summary ReportOnline Video Collaboration for Manufacturing Industry - Summary Report
Online Video Collaboration for Manufacturing Industry - Summary ReportAbhizar Bootwala
 
Automate and Accelerate Software Development Time and Deliver Superior Busine...
Automate and Accelerate Software Development Time and Deliver Superior Busine...Automate and Accelerate Software Development Time and Deliver Superior Busine...
Automate and Accelerate Software Development Time and Deliver Superior Busine...CA Technologies
 
Good Practices Government Resource Planning, Developing and Developed Countries
Good Practices Government Resource Planning, Developing and Developed CountriesGood Practices Government Resource Planning, Developing and Developed Countries
Good Practices Government Resource Planning, Developing and Developed CountriesFreeBalance
 
Marketing product strategy_pp
Marketing product strategy_ppMarketing product strategy_pp
Marketing product strategy_ppmahuayepp
 
Clique API Whitepaper
Clique API WhitepaperClique API Whitepaper
Clique API WhitepaperCliqueAPI
 
Linux & Open Source Panel: Driving New Innovation and Value on Your Mainframe
Linux & Open Source Panel: Driving New Innovation and Value on Your MainframeLinux & Open Source Panel: Driving New Innovation and Value on Your Mainframe
Linux & Open Source Panel: Driving New Innovation and Value on Your MainframeCA Technologies
 
Is software engineering research addressing software engineering problems?
Is software engineering research addressing software engineering problems?Is software engineering research addressing software engineering problems?
Is software engineering research addressing software engineering problems?Gail Murphy
 
Pragmatic Devops
Pragmatic DevopsPragmatic Devops
Pragmatic DevopsNic Cheneweth
 
The Ultimate DevOps Playbook
The Ultimate DevOps PlaybookThe Ultimate DevOps Playbook
The Ultimate DevOps PlaybookEggplant
 
The Ultimate DevOps Playbook
The Ultimate DevOps PlaybookThe Ultimate DevOps Playbook
The Ultimate DevOps PlaybookJalpesh Patel
 
Software modernization
Software modernizationSoftware modernization
Software modernizationJean-Christophe HUC (Jay C)
 

More Related Content

What's hot

Roadmap Session: Achieve DevOps on the Mainframe for Faster Time to Market
Roadmap Session: Achieve DevOps on the Mainframe for Faster Time to MarketRoadmap Session: Achieve DevOps on the Mainframe for Faster Time to Market
Roadmap Session: Achieve DevOps on the Mainframe for Faster Time to MarketCA Technologies
 
OPEN SOURCE BPM vs. Programación (RED HAT)
OPEN SOURCE BPM vs. Programación (RED HAT)OPEN SOURCE BPM vs. Programación (RED HAT)
OPEN SOURCE BPM vs. Programación (RED HAT)Kay Winkler
 
Implementing Software Metrics at a Telecommunications Company -- A Case Study
Implementing Software Metrics at a Telecommunications Company -- A Case StudyImplementing Software Metrics at a Telecommunications Company -- A Case Study
Implementing Software Metrics at a Telecommunications Company -- A Case Studydheimann5
 
Beyond DevOps: Finding Value through Requirements
Beyond DevOps: Finding Value through RequirementsBeyond DevOps: Finding Value through Requirements
Beyond DevOps: Finding Value through RequirementsGail Murphy
 
The (Un) Expected Impact of Tools in Software Evolution
The (Un) Expected Impact of Tools in Software EvolutionThe (Un) Expected Impact of Tools in Software Evolution
The (Un) Expected Impact of Tools in Software EvolutionGail Murphy
 
Standards @ Microsoft
Standards @ MicrosoftStandards @ Microsoft
Standards @ Microsoftukdpe
 
IT Executive Survey: Strategies for Monitoring IT Infrastructure & Services
IT Executive Survey: Strategies for Monitoring IT Infrastructure & ServicesIT Executive Survey: Strategies for Monitoring IT Infrastructure & Services
IT Executive Survey: Strategies for Monitoring IT Infrastructure & ServicesCA Technologies
 
#STC13: The Future of Tech Comm is Here. Are you ready for it?
#STC13: The Future of Tech Comm is Here. Are you ready for it?#STC13: The Future of Tech Comm is Here. Are you ready for it?
#STC13: The Future of Tech Comm is Here. Are you ready for it?Maxwell Hoffmann
 
Developing Effective Software Productively
Developing Effective Software ProductivelyDeveloping Effective Software Productively
Developing Effective Software ProductivelyGail Murphy
 
Developer economics 2013 top 10+1 insights
Developer economics 2013 top 10+1 insightsDeveloper economics 2013 top 10+1 insights
Developer economics 2013 top 10+1 insightsSlashData
 
Online Video Collaboration for Manufacturing Industry - Summary Report
Online Video Collaboration for Manufacturing Industry - Summary ReportOnline Video Collaboration for Manufacturing Industry - Summary Report
Online Video Collaboration for Manufacturing Industry - Summary ReportAbhizar Bootwala
 
Automate and Accelerate Software Development Time and Deliver Superior Busine...
Automate and Accelerate Software Development Time and Deliver Superior Busine...Automate and Accelerate Software Development Time and Deliver Superior Busine...
Automate and Accelerate Software Development Time and Deliver Superior Busine...CA Technologies
 
Good Practices Government Resource Planning, Developing and Developed Countries
Good Practices Government Resource Planning, Developing and Developed CountriesGood Practices Government Resource Planning, Developing and Developed Countries
Good Practices Government Resource Planning, Developing and Developed CountriesFreeBalance
 
Marketing product strategy_pp
Marketing product strategy_ppMarketing product strategy_pp
Marketing product strategy_ppmahuayepp
 
Clique API Whitepaper
Clique API WhitepaperClique API Whitepaper
Clique API WhitepaperCliqueAPI
 
Linux & Open Source Panel: Driving New Innovation and Value on Your Mainframe
Linux & Open Source Panel: Driving New Innovation and Value on Your MainframeLinux & Open Source Panel: Driving New Innovation and Value on Your Mainframe
Linux & Open Source Panel: Driving New Innovation and Value on Your MainframeCA Technologies
 
Is software engineering research addressing software engineering problems?
Is software engineering research addressing software engineering problems?Is software engineering research addressing software engineering problems?
Is software engineering research addressing software engineering problems?Gail Murphy
 

What's hot (18)

Roadmap Session: Achieve DevOps on the Mainframe for Faster Time to Market
Roadmap Session: Achieve DevOps on the Mainframe for Faster Time to MarketRoadmap Session: Achieve DevOps on the Mainframe for Faster Time to Market
Roadmap Session: Achieve DevOps on the Mainframe for Faster Time to Market
 
OPEN SOURCE BPM vs. Programación (RED HAT)
OPEN SOURCE BPM vs. Programación (RED HAT)OPEN SOURCE BPM vs. Programación (RED HAT)
OPEN SOURCE BPM vs. Programación (RED HAT)
 
Implementing Software Metrics at a Telecommunications Company -- A Case Study
Implementing Software Metrics at a Telecommunications Company -- A Case StudyImplementing Software Metrics at a Telecommunications Company -- A Case Study
Implementing Software Metrics at a Telecommunications Company -- A Case Study
 
Beyond DevOps: Finding Value through Requirements
Beyond DevOps: Finding Value through RequirementsBeyond DevOps: Finding Value through Requirements
Beyond DevOps: Finding Value through Requirements
 
The (Un) Expected Impact of Tools in Software Evolution
The (Un) Expected Impact of Tools in Software EvolutionThe (Un) Expected Impact of Tools in Software Evolution
The (Un) Expected Impact of Tools in Software Evolution
 
Standards @ Microsoft
Standards @ MicrosoftStandards @ Microsoft
Standards @ Microsoft
 
IT Executive Survey: Strategies for Monitoring IT Infrastructure & Services
IT Executive Survey: Strategies for Monitoring IT Infrastructure & ServicesIT Executive Survey: Strategies for Monitoring IT Infrastructure & Services
IT Executive Survey: Strategies for Monitoring IT Infrastructure & Services
 
Insights success the 10 best performing software solution providers 11th dec ...
Insights success the 10 best performing software solution providers 11th dec ...Insights success the 10 best performing software solution providers 11th dec ...
Insights success the 10 best performing software solution providers 11th dec ...
 
#STC13: The Future of Tech Comm is Here. Are you ready for it?
#STC13: The Future of Tech Comm is Here. Are you ready for it?#STC13: The Future of Tech Comm is Here. Are you ready for it?
#STC13: The Future of Tech Comm is Here. Are you ready for it?
 
Developing Effective Software Productively
Developing Effective Software ProductivelyDeveloping Effective Software Productively
Developing Effective Software Productively
 
Developer economics 2013 top 10+1 insights
Developer economics 2013 top 10+1 insightsDeveloper economics 2013 top 10+1 insights
Developer economics 2013 top 10+1 insights
 
Online Video Collaboration for Manufacturing Industry - Summary Report
Online Video Collaboration for Manufacturing Industry - Summary ReportOnline Video Collaboration for Manufacturing Industry - Summary Report
Online Video Collaboration for Manufacturing Industry - Summary Report
 
Automate and Accelerate Software Development Time and Deliver Superior Busine...
Automate and Accelerate Software Development Time and Deliver Superior Busine...Automate and Accelerate Software Development Time and Deliver Superior Busine...
Automate and Accelerate Software Development Time and Deliver Superior Busine...
 
Good Practices Government Resource Planning, Developing and Developed Countries
Good Practices Government Resource Planning, Developing and Developed CountriesGood Practices Government Resource Planning, Developing and Developed Countries
Good Practices Government Resource Planning, Developing and Developed Countries
 
Marketing product strategy_pp
Marketing product strategy_ppMarketing product strategy_pp
Marketing product strategy_pp
 
Clique API Whitepaper
Clique API WhitepaperClique API Whitepaper
Clique API Whitepaper
 
Linux & Open Source Panel: Driving New Innovation and Value on Your Mainframe
Linux & Open Source Panel: Driving New Innovation and Value on Your MainframeLinux & Open Source Panel: Driving New Innovation and Value on Your Mainframe
Linux & Open Source Panel: Driving New Innovation and Value on Your Mainframe
 
Is software engineering research addressing software engineering problems?
Is software engineering research addressing software engineering problems?Is software engineering research addressing software engineering problems?
Is software engineering research addressing software engineering problems?
 

Similar to White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps

The Ultimate DevOps Playbook
The Ultimate DevOps PlaybookThe Ultimate DevOps Playbook
The Ultimate DevOps PlaybookEggplant
 
The Ultimate DevOps Playbook
The Ultimate DevOps PlaybookThe Ultimate DevOps Playbook
The Ultimate DevOps PlaybookJalpesh Patel
 
HPE ALM Octane | DevOps | Agile
HPE ALM Octane | DevOps | AgileHPE ALM Octane | DevOps | Agile
HPE ALM Octane | DevOps | AgileJeffrey Nunn
 
How to add security in dataops and devops
How to add security in dataops and devopsHow to add security in dataops and devops
How to add security in dataops and devopsUlf Mattsson
 
Software supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlSoftware supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlmatthewabq
 
Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management matthewabq
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
Rational collaborative-lifecycle-management-2012
Rational collaborative-lifecycle-management-2012Rational collaborative-lifecycle-management-2012
Rational collaborative-lifecycle-management-2012Strongback Consulting
 
White-Paper-Continuous-Delivery
White-Paper-Continuous-DeliveryWhite-Paper-Continuous-Delivery
White-Paper-Continuous-Deliveryalkhan50
 
Scaling & Managing Production Deployments with H2O ModelOps
Scaling & Managing Production Deployments with H2O ModelOpsScaling & Managing Production Deployments with H2O ModelOps
Scaling & Managing Production Deployments with H2O ModelOpsSri Ambati
 
DevOps - The Future of Application Lifecycle Automation
DevOps - The Future of Application Lifecycle Automation DevOps - The Future of Application Lifecycle Automation
DevOps - The Future of Application Lifecycle Automation Gunnar Menzel
 
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...Intland Software GmbH
 
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...Amazon Web Services
 
Build_Buy_StreamAnalytix_WhitePaper
Build_Buy_StreamAnalytix_WhitePaperBuild_Buy_StreamAnalytix_WhitePaper
Build_Buy_StreamAnalytix_WhitePaperJane Roberts
 
Applying DevOps for more reliable Public Sector Software Delivery
Applying DevOps for more reliable Public Sector Software DeliveryApplying DevOps for more reliable Public Sector Software Delivery
Applying DevOps for more reliable Public Sector Software DeliverySanjeev Sharma
 
Automation Testing Best Practices.pdf
Automation Testing Best Practices.pdfAutomation Testing Best Practices.pdf
Automation Testing Best Practices.pdfKMSSolutionsMarketin
 

Similar to White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps (20)

Pragmatic Devops
Pragmatic DevopsPragmatic Devops
Pragmatic Devops
 
The Ultimate DevOps Playbook
The Ultimate DevOps PlaybookThe Ultimate DevOps Playbook
The Ultimate DevOps Playbook
 
The Ultimate DevOps Playbook
The Ultimate DevOps PlaybookThe Ultimate DevOps Playbook
The Ultimate DevOps Playbook
 
Software modernization
Software modernizationSoftware modernization
Software modernization
 
HPE ALM Octane | DevOps | Agile
HPE ALM Octane | DevOps | AgileHPE ALM Octane | DevOps | Agile
HPE ALM Octane | DevOps | Agile
 
How to add security in dataops and devops
How to add security in dataops and devopsHow to add security in dataops and devops
How to add security in dataops and devops
 
Software supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlSoftware supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing control
 
Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain Management
 
Rational collaborative-lifecycle-management-2012
Rational collaborative-lifecycle-management-2012Rational collaborative-lifecycle-management-2012
Rational collaborative-lifecycle-management-2012
 
BUDDY White Paper
BUDDY White PaperBUDDY White Paper
BUDDY White Paper
 
White-Paper-Continuous-Delivery
White-Paper-Continuous-DeliveryWhite-Paper-Continuous-Delivery
White-Paper-Continuous-Delivery
 
Scaling & Managing Production Deployments with H2O ModelOps
Scaling & Managing Production Deployments with H2O ModelOpsScaling & Managing Production Deployments with H2O ModelOps
Scaling & Managing Production Deployments with H2O ModelOps
 
DevOps - The Future of Application Lifecycle Automation
DevOps - The Future of Application Lifecycle Automation DevOps - The Future of Application Lifecycle Automation
DevOps - The Future of Application Lifecycle Automation
 
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...
 
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
Four Strategies to Create a DevOps Culture & System that Favors Innovation & ...
 
Build_Buy_StreamAnalytix_WhitePaper
Build_Buy_StreamAnalytix_WhitePaperBuild_Buy_StreamAnalytix_WhitePaper
Build_Buy_StreamAnalytix_WhitePaper
 
Applying DevOps for more reliable Public Sector Software Delivery
Applying DevOps for more reliable Public Sector Software DeliveryApplying DevOps for more reliable Public Sector Software Delivery
Applying DevOps for more reliable Public Sector Software Delivery
 
Open Source
Open Source Open Source
Open Source
 
Automation Testing Best Practices.pdf
Automation Testing Best Practices.pdfAutomation Testing Best Practices.pdf
Automation Testing Best Practices.pdf
 

More from Sonatype

DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019Sonatype
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxSonatype
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOps30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOpsSonatype
 
2017 DevSecOps Survey
2017 DevSecOps Survey2017 DevSecOps Survey
2017 DevSecOps SurveySonatype
 
Starting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the EnterpriseStarting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the EnterpriseSonatype
 
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesDevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesSonatype
 
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason HandThe Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason HandSonatype
 
DevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen BealDevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen BealSonatype
 
Serverless and the Way Forward
Serverless and the Way ForwardServerless and the Way Forward
Serverless and the Way ForwardSonatype
 
A Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward RuizA Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward RuizSonatype
 
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris SwanWhat's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris SwanSonatype
 
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-orsCharacterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-orsSonatype
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsStatic Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsSonatype
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSSonatype
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using AnsibleSonatype
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureSonatype
 
Getting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with JenkinsGetting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with JenkinsSonatype
 
Modern Infrastructure Automation
Modern Infrastructure AutomationModern Infrastructure Automation
Modern Infrastructure AutomationSonatype
 

More from Sonatype (20)

DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all Equifax
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
 
30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOps30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOps
 
2017 DevSecOps Survey
2017 DevSecOps Survey2017 DevSecOps Survey
2017 DevSecOps Survey
 
Starting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the EnterpriseStarting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the Enterprise
 
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesDevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & Microservices
 
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason HandThe Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
 
DevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen BealDevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen Beal
 
Serverless and the Way Forward
Serverless and the Way ForwardServerless and the Way Forward
Serverless and the Way Forward
 
A Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward RuizA Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward Ruiz
 
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris SwanWhat's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris Swan
 
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-orsCharacterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsStatic Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin Collins
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSS
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless Architecture
 
Getting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with JenkinsGetting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with Jenkins
 
Modern Infrastructure Automation
Modern Infrastructure AutomationModern Infrastructure Automation
Modern Infrastructure Automation
 

Recently uploaded

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentVictorSzoltysek
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 

Recently uploaded (20)

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 

White Paper: Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps

  • 1. WHITEPAPER Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps By Mike Hansen, Sonatype Senior VP of Products
  • 2. Page 2 Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps Executive Summary While the term“supply chain”is not common in the lexicon of the software development discipline, it is a ubiquitous trait of modern software development life cycles. Software de- velopment has borrowed much from the learnings of Toyota. However, we still have yet to fully embrace the most fundamental element of The Toyota Way: The underlying supply chain where the extraordinary benefits of Toyota’s perennial continuous improvement programs are evident. Agile has brought the concepts of iteration, routine inspection and adaptation along with a focus on continuous improvement. Lean introduced the notion of the build-measure-learn loop. Most recently, DevOps, like the combination of agile and lean, has bridged the gap between the operational and development disciplines. However, nearly all optimization has been done around the production of software, without real consideration for the supplier dimension, primarily the open source ecosystem. This unchecked diversity of supply, where development teams typically choose whatever technology is deemed appropriate, as well as whatever version might be in vogue at the time of selection, has introduced a significant de- gree of unnecessary complexity. While empowering development teams to choose their own suppliers (i.e. software components) has enabled speed, increased throughput and unlocked innovation, there is much hidden inefficiency and risk. Software supply chain automation will unleash the next level of application development efficiency, driving extraordinary increases in innovation, productivity and cost savings while enabling far greater control of risk. about Mike Hansen As the Senior Vice President of Products, Mike brings nearly 20 years experience building and leading global product development organizations ranging from start-ups to the Fortune 100. Most recently Mike was Vice President of Devel- opment for Hanley Wood where he led development across five product lines, including the creation of advanced business analytics platforms for the residen- tial construction industry. Prior to this, Mike was Vice President of R&D for Bantu where he led product development efforts that drove one of the worlds largest private instant messaging networks with the U.S. Department of Defense. Mike Hansen Senior Vice President of Products
  • 3. Page 3 Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps That is an extraordinary difference in complexity for GM, leading to significantly higher overhead costs, vari- ability in the flow of supplies and greater challenges in quality management to cite only a few of the inherent disadvantages. It is no wonder the Prius outsells the Volt better than 10 to 1. Interestingly, the software de- velopment practices of the majority of organizations today tend to have more in common with GM than you might think. Supplier complexity impacts cost and quality, two important factors for competitive differentiation. The same is true of software. supply chain optimization To produce the Prius, Toyota leverages 125 total suppliers. To produce the Chevy Volt, General Motors uses over 800 suppliers. Ironically, 73% of the Prius is sourced from Toyota’s suppliers, whereas only 46% of the Volt is outsourced. The visual comparison is somewhat striking. Number of Suppliers Impact of supply chain optimization in automobile manufacturing Sales of Prius vs. VoltCost Comparison Toyota Prius Toyota PriusToyota PriusGM Volt GM VoltGM Volt 200 2 $15,000 $5,000 400 4 $20,000 $10,000 600 6 $25,000 800 8 $30,000 10$35,000
  • 4. Page 4 Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps recent progress Over the last 15 years, software development has benefited greatly from practices and tooling created as part of the agile, lean product development and DevOps movements. Agile has brought the concepts of iteration, routine inspection and adaptation along with a focus on continuous improvement. This has led to marked increases in development efficiency relative to approaches like waterfall. However, we occasionally ended up building the wrong thing. Lean emerged in response to these product man- agement challenges and has introduced the notion of the build-measure-learn loop, tightening the relationship between the product management and development disciplines along with the end users of the software. Borrowing from the routine inspec- tion and adaptations of agile, lean has enabled the notion of“failing fast”providing teams with a more direct route to building the right solutions. Most recently, DevOps, like the combination of agile and lean, has bridged the gap between the operational and development disciplines. This has shifted important operational thinking and practic- es to much earlier points in the development pro- cess and vastly reduced the time it takes to deploy new code, ultimately introducing significant gains in productivity. The inclusion of these key disciplines involved in the production of software has led to significant in- creases in development effectiveness as silos have been torn down, communications streamlined and waste removed. However, despite the revolutionary nature of the changes in supply that have occurred throughout this same 15 year period, there has been little focus on the suppliers that now feed software development—primarily the open source software ecosystem. Today’s component supply chain A Software Supplier Sea Change At the turn of the century, the vast majority of a typ- ical application was written by the organization pro- ducing it. Today, with the huge and rapidly expand- ing body of freely available open source software, the opposite is true. The largest portion of modern applications is typically open source, upwards of 80-90% in many cases. While the term“supply chain” is not common in the lexicon of the software devel- opment discipline, it is a ubiquitous trait of modern software development lifecycles. This shift happened somewhat gradually and kind of snuck up on the software development discipline. Organizations continued to witness incremental gains in productivity by leveraging more and more of the diverse specialization that the open source ecosystem offers. Nearly all opti- mization has been done around the production of software, without real consideration for the supplier dimension. This unchecked diversity of supply, where development teams typically choose what- ever technology is deemed appropriate, as well as whatever version might be in vogue at the time of selection, has introduced a significant degree of unnecessary complexity. In fact, the situation is arguably far worse than what were explicit and intentional choices made in building the Chevy Volt and other GM models. It leads to a dark matter version of technical debt creating a pernicious drag on overall development throughput. 30+ critical or severe license or security issues in an average application 43 versions of the same component are downloaded by an average organization 60% of organizations don’t know what components are used or where
  • 5. Page 5 Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps If Developers Built Cars For a provocative thought experiment, let’s trans- pose modern software development practices into the production of an automobile. In this universe, BigAuto teams independently choose whatever sup- plier they want for a car’s transmission and whatever revision that might be available at the time. Word on the street is that a lot of people have looked at how the transmission was made and no one is com- plaining much, so it is presumed to be good. This transmission also has numerous other parts inside it that were chosen from even more suppliers that supposedly have good reputations and pro- duce good parts. There are ways to see what parts are being used but no one really bothers with that. Each team just wants a transmission and worrying about the internals is not part of their job descrip- tions. “Someone else tested the transmission, and we just need to test the car. If something is wrong that the supplier isn’t willing to fix, they are happy to share the designs so we can fix it ourselves,”the teams rationalize. The team that is responsible for each model car is also given complete autonomy to choose pretty much any supplier they want for any part they want and change them whenever they want. This is done without any systems for tracking the corresponding activity. BigAuto sensed this might not be opti- mal and tried to institute a tight set of controls on their supply chain several times. However, without understanding the benefits that the current level of autonomy and unobstructed flow was yielding, each ill informed attempt crushed productivity and innovation and undermined their competitive position. Forced to contend with this generally ad hoc approach to sourcing, BigAuto was left without the ability to perform any kind of orderly recall, not managing the corresponding risks. Due to a lack of software supply chain visibility, processes and automation… Developers choose whatever supplier they want for any given part. Any part can be chosen even if it is outdated or known to be unsafe. There are no systems to inventory and track the various parts that are used. Everyone realizes there are some issues, but the prevailing wisdom is that “it’s good enough.” If there is a recall on a specific part, no one would know if the part was used or where.
  • 6. Page 6 Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps The process used by BigAuto seems like it is working for the most part. There isn’t too much news about people getting stranded, and there haven’t been too many catastrophic outcomes. Everyone realizes there are some issues, but the prevailing wisdom is that it’s good enough. However, a few internal champions have recently started to think investments in modern tooling here could lead to significant competitive differentiation in conjunction with risk reduction. Ripe for Optimization This is basically the way most software is written to- day. It does in fact work and teams are more effective than they ever have been despite the abridged list of shortcomings depicted in the allegory, all of which have a very real analog in software development. However, good is the enemy of great. While em- powering development teams to choose their own suppliers (i.e. software components) has enabled speed, increased throughput and unlocked inno- vation, there is much hidden inefficiency and risk. Attempts to centralize control and decision making —often instituted in reaction to some previously un- identified risk manifesting—have failed to produce positive results and have often made situations far worse. This is an intuitive and commonly attempted response, yet incorrect. Instead, solutions must allow for the appropriate constraints (rules) to be estab- lished up front, the testing for conformance auto- mated, and the information needed to remediate issues provided in the context of the existing tooling used by development and operations teams —trust but verify. Like the waste cut out by agile, lean and DevOps practices, there is substantial waste that can be removed with automated tooling and process innovation throughout the software supply chain. Additionally, significant benefits are achievable regardless of the specific methodologies in use. By providing visibility and empowering teams with the knowledge necessary to make the right choices as early as possible (data+rules+context), we can go even faster, further driving down costs and simulta- neously managing or eliminating elective risk. The current state of the art is ripe for optimization. Good is the enemy of great. While empowering development teams to choose their own suppliers (i.e. software components) has enabled speed, increased throughput and unlocked innovation, there is much hidden inefficiency and risk.
  • 7. Page 7 Software Supply Chain Automation: Going Beyond Agile, Lean and DevOps Supplier Bloat Complexity is the enemy of many things but espe- cially of efficiency and risk. It leads to symptoms like burdensome technical debt, quality issues and chal- lenges in keeping a system secure. The magnitude of unnecessary complexity in modern software supply chains serving even a small portfolio of applications can be significant. In a large portfolio it can be enor- mous, and it typically is. We worked with one organization that upon deep- er inspection was found to be using 81 out of the 85 available versions of a popular web framework, spanning years of release history. While that is somewhat of an extreme case, this anti-pattern of greater than necessary version dispersion is actually quite common. After all, the average open source project releases a new version four times each year and it is fairly common practice to update only in response to a known issue impacting a particular application. Given the average application also has hundreds of open source components, any given day can see multiple new versions across the inven- tory of components in use. Also, issues that may be known to a particular open source project are often unknown to its consumers—i.e. the“no recall”prob- lem mentioned earlier. In addition to version dispersion, there is also technology dispersion, where different components that perform the same basic functions are used somewhat indiscriminately and often due to per- sonal tastes or familiarity (e.g. logging frameworks, web frameworks). Viewed in the context of a single application, such dispersion isn’t usually much of an issue, but notable impacts can become apparent with even as few as two applications. For example, subject matter expertise must be spread more thinly across the organization concentrating expertise locally within a team and potentially limiting future flexibility in resource allocation. The effective surface area of supply is also greater correlating directly with reduced efficiency and the potential for problems. More recently, open source vulnerabilities have become exploit targets as commonly used compo- nents with known vulnerabilities are often the path of least resistance for attackers. These vulnerabilities are now getting catchy monikers like HeartBleed, ShellShock, POODLE and GHOST. Unfortunately, a larger than necessary set of suppliers with no real visibility of them leads not only to greater risk po- tential but incremental challenges and greater costs in securing the supplier dimension. There are significant opportunities for performance gains as investments optimizing these supply chains can markedly improve efficiency and control risk, unleashing the full potential of an organization’s capacity for innovation.
  • 8. Page 8 Sonatype Inc. • 8161 Maple Lawn Drive, Suite 250 • Fulton, MD 20759 • 1.877.866.2836 • www.sonatype.com 2015. Sonatype Inc. All Rights Reserved. Sonatype helps organizations build better software, even faster. Like a traditional supply chain, software applications are built by assembling open source and third party components streaming in from a wide variety of public and internal sources. While re-use is far faster than custom code, the flow of components into and through an organization remains complex and inefficient. Sonatype’s Nexus platform applies proven supply chain principles to increase speed, efficiency and quality by optimizing the component supply chain. Sonatype has been on the forefront of creating tools to to improve developer efficiency and quality since the inception of the Central Repository and Apache Maven in 2001, and the company continues to serve as the steward of the Central Repository serving 17.2 Billion component download requests in 2014 alone. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures. Visit: www.sonatype.com Answer: Software Supply Chain Automation As software development evolves, we continue to create situations where complexity blocks further increases in productivity and innovation per unit of investment. These problems are often the impetus for rethinking and reshaping the status quo. For instance, the introduction of high-level lan- guages, object oriented programming, agile, lean, DevOps and dependency management are all examples of how we broke through barriers when reaching the limits of scale. Soon, the industry will begin to broadly demand solutions in response to software supply chain complexity. But there is no need to wait. As the use of automation in areas of testing, build and deployment has provided significant perfor- mance benefits, so can further automation through- out the software supply chain. This is done by providing non-intrusive guardrails that consider the need for both autonomy and acceleration. The manufacturing industry was transformed with three basic principles: Use fewer and better parts, limit the variety and quantity, and track where they are used. Software supply chain solutions address these principles using repository management, automated open source policy enforcement and up- to-date component data feeds. At a high level these solutions facilitate: • Quality - Easily avoid known open source license issues and security vulnerabilities. Use better, up-to-date open source component types and versions. • Visibility - Integrate component insight and policy automation into popular development tools. • Traceability - Instantly identify out-of-date and defective components across the SDLC. • Remediation - Effectively prioritize responses to new issues using a combination of visibility and context to rank risk. Solutions that facilitate comprehensive software supply chain automation are poised to usher in the next wave of development productivity, on par with the gains possible with agile, lean and DevOps. In fact, the gains are likely to be even greater.