Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

Share

Juni_Mukherjee_The_DevSecOps_Journey_AntiPatterns_Analytics_and_Insights

Download to read offline

The DevSecOps Journey - (Anti)Patterns, Analytics and Insights. Presentation slides by Juni Mukherjee, Owner/Speaker/Author, CONTINUITY at the Canadian Executive Cloud & DevSecOps Summit. Toronto May 4, 2018 hosted by TriNimbus.

Related Books

Free with a 30 day trial from Scribd

See all

Juni_Mukherjee_The_DevSecOps_Journey_AntiPatterns_Analytics_and_Insights

  1. 1. Juni Mukherjee @JuniTweets
  2. 2. Life. And work. Separate, and yet… Juni Mukherjee | @JuniTweets | https://continuity.world
  3. 3. Juni Mukherjee (Author | Speaker) https://continuity.world/gallery https://continuity.world/2015-book https://continuity.world/2017-book
  4. 4. Continuous delivery pipeline assembly# Class/category Solution 1 Orchestrator Jenkins, GitLab, GoCD, TeamCity, TravisCI, CodePipeline .. 2 Source code repo GitHub, Bitbucket, CodeCommit, SVN, .. 3 Artifact repo Artifactory, Nexus, S3, HockeyApp, .. 4 Dashboard SumoLogic, .. 5 IaaS EC2, .. 6 PaaS CloudFoundry, .. 7 Measurements DevOptics, CloudWatch, New Relic, Dynatrace, Crashlytics, .. 8 Container ecosystem Docker, CoreOS, Rocket, Swarm, Kubernetes, Mesos, ECS, .. 9 Audit trail CloudTrail, .. 10 SAST Coverity, … 11 DAST OWASP ZAP, .. 12 Code coverage Cobertura, JaCoCo, .. Juni Mukherjee | @JuniTweets | https://continuity.world
  5. 5. # Class/category Solution 13 Static code analysis Sonar, ESLint, Taylor, Lint, .. 14 Functional test TestNG, Webdriver/Selenium, SauceLabs (Selenium on the cloud), Protractor (Node.js), Appium (Mobile), .. 15 Performance test JMeter, BlazeMeter (JMeter on the cloud), .. 16 Unit test JUnit (Java), Jasmine (Node.js), .. 17 Feature Flagging LaunchDarkly, .. 18 A/B tests Optimizely, .. 19 Build Npm (Node.js), Maven(Java), Gradle(Java, Android), .. 20 Database Liquibase/Datical, Flyway, .. ::: ::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::: ::: ::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::: ::: ::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::: Juni Mukherjee | @JuniTweets | https://continuity.world Continuous delivery pipeline assembly
  6. 6. On our plate today  Anti patterns  Patterns  DevSecOps (and DevOps)  Analytics (and insights) Juni Mukherjee | @JuniTweets | https://continuity.world
  7. 7. Hand-off anti-pattern, VSM, Flow, Drag Do I seek or give sign- offs? Juni Mukherjee | @JuniTweets | https://continuity.world Automated waste > manual waste, but is still waste.
  8. 8. Composition anti-pattern, Arch Coupling Am I stuffing everything into a container? Do my applications lend themselves to 12- factor? Do I have monoliths vs. SOA vs. microservices ? Do I have RoI to strangulate my whole monolith? Juni Mukherjee | @JuniTweets | https://continuity.world How can I avoid a big ball of mud and a big ball of tests?
  9. 9. Firmware, embedded systems, IoT, Network Do I have hardware whose supply chain doesn’t align to continuity? Does my medical device need CD or CD? Does IoT need CD? OTA… Juni Mukherjee | @JuniTweets | https://continuity.world
  10. 10. On our plate today  Anti patterns  Patterns  DevSecOps (and DevOps)  Analytics (and insights) Juni Mukherjee | @JuniTweets | https://continuity.world
  11. 11. Pipeline assets, (S|I|P|*)aaS Can I do Pipeline-as- conf? Are my vendors’ network topologies aligned? Is my network topology optimized for CD? Juni Mukherjee | @JuniTweets | https://continuity.world
  12. 12. Circuit-breaker(s) pattern How many assets are mandatory vs. nice-to- have vs. ? Juni Mukherjee | @JuniTweets | https://continuity.world
  13. 13. Anti-corruption layer (ACL) pattern Are my assets on- prem vs. cloudy? Do I have RBAC ? SoD. Juni Mukherjee | @JuniTweets | https://continuity.world
  14. 14. On our plate today  Anti patterns  Patterns  DevSecOps (and DevOps)  Analytics (and insights) Juni Mukherjee | @JuniTweets | https://continuity.world
  15. 15. Continuous delivery pipeline What happened to DevOps? Why did we leave out QA/Releas e/Biz? Juni Mukherjee | @JuniTweets | https://continuity.world <<Shift Left
  16. 16. OSS, Unit Test, SAST, DAST, Container For starters, are security specialists embedded in scrum teams? How do I assess my security posture? Juni Mukherjee | @JuniTweets | https://continuity.world DevSecOps
  17. 17. On our plate today  Anti patterns  Patterns  DevSecOps (and DevOps)  Analytics (and insights) Juni Mukherjee | @JuniTweets | https://continuity.world
  18. 18. Big picture KPI - Concept2Cash Where am I? Where should I be? Juni Mukherjee | @JuniTweets | https://continuity.world
  19. 19. Biggest bang for the buck Do I know how many environments I have vs. how many I need? Do I provision Dev(1..M), DevInt(1..N) , Perf(1..X), …? Juni Mukherjee | @JuniTweets | https://continuity.world
  20. 20. Show me the money! Do I trend speed and quality on the same canvas? Do teams have conflicting goals? Are my KPIs departmental vs. organizational ? Juni Mukherjee | @JuniTweets | https://continuity.world
  21. 21. Juni Mukherjee @JuniTweets Thank you! https://continuity.world
  • powerirs

    May. 13, 2020

The DevSecOps Journey - (Anti)Patterns, Analytics and Insights. Presentation slides by Juni Mukherjee, Owner/Speaker/Author, CONTINUITY at the Canadian Executive Cloud & DevSecOps Summit. Toronto May 4, 2018 hosted by TriNimbus.

Views

Total views

382

On Slideshare

0

From embeds

0

Number of embeds

3

Actions

Downloads

6

Shares

0

Comments

0

Likes

1

×