Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Juni_Mukherjee_The_DevSecOps_Journey_AntiPatterns_Analytics_and_Insights

152 views

Published on

The DevSecOps Journey - (Anti)Patterns, Analytics and Insights. Presentation slides by Juni Mukherjee, Owner/Speaker/Author, CONTINUITY at the Canadian Executive Cloud & DevSecOps Summit. Toronto May 4, 2018 hosted by TriNimbus.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Juni_Mukherjee_The_DevSecOps_Journey_AntiPatterns_Analytics_and_Insights

  1. 1. Juni Mukherjee @JuniTweets
  2. 2. Life. And work. Separate, and yet… Juni Mukherjee | @JuniTweets | https://continuity.world
  3. 3. Juni Mukherjee (Author | Speaker) https://continuity.world/gallery https://continuity.world/2015-book https://continuity.world/2017-book
  4. 4. Continuous delivery pipeline assembly# Class/category Solution 1 Orchestrator Jenkins, GitLab, GoCD, TeamCity, TravisCI, CodePipeline .. 2 Source code repo GitHub, Bitbucket, CodeCommit, SVN, .. 3 Artifact repo Artifactory, Nexus, S3, HockeyApp, .. 4 Dashboard SumoLogic, .. 5 IaaS EC2, .. 6 PaaS CloudFoundry, .. 7 Measurements DevOptics, CloudWatch, New Relic, Dynatrace, Crashlytics, .. 8 Container ecosystem Docker, CoreOS, Rocket, Swarm, Kubernetes, Mesos, ECS, .. 9 Audit trail CloudTrail, .. 10 SAST Coverity, … 11 DAST OWASP ZAP, .. 12 Code coverage Cobertura, JaCoCo, .. Juni Mukherjee | @JuniTweets | https://continuity.world
  5. 5. # Class/category Solution 13 Static code analysis Sonar, ESLint, Taylor, Lint, .. 14 Functional test TestNG, Webdriver/Selenium, SauceLabs (Selenium on the cloud), Protractor (Node.js), Appium (Mobile), .. 15 Performance test JMeter, BlazeMeter (JMeter on the cloud), .. 16 Unit test JUnit (Java), Jasmine (Node.js), .. 17 Feature Flagging LaunchDarkly, .. 18 A/B tests Optimizely, .. 19 Build Npm (Node.js), Maven(Java), Gradle(Java, Android), .. 20 Database Liquibase/Datical, Flyway, .. ::: ::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::: ::: ::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::: ::: ::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::: Juni Mukherjee | @JuniTweets | https://continuity.world Continuous delivery pipeline assembly
  6. 6. On our plate today  Anti patterns  Patterns  DevSecOps (and DevOps)  Analytics (and insights) Juni Mukherjee | @JuniTweets | https://continuity.world
  7. 7. Hand-off anti-pattern, VSM, Flow, Drag Do I seek or give sign- offs? Juni Mukherjee | @JuniTweets | https://continuity.world Automated waste > manual waste, but is still waste.
  8. 8. Composition anti-pattern, Arch Coupling Am I stuffing everything into a container? Do my applications lend themselves to 12- factor? Do I have monoliths vs. SOA vs. microservices ? Do I have RoI to strangulate my whole monolith? Juni Mukherjee | @JuniTweets | https://continuity.world How can I avoid a big ball of mud and a big ball of tests?
  9. 9. Firmware, embedded systems, IoT, Network Do I have hardware whose supply chain doesn’t align to continuity? Does my medical device need CD or CD? Does IoT need CD? OTA… Juni Mukherjee | @JuniTweets | https://continuity.world
  10. 10. On our plate today  Anti patterns  Patterns  DevSecOps (and DevOps)  Analytics (and insights) Juni Mukherjee | @JuniTweets | https://continuity.world
  11. 11. Pipeline assets, (S|I|P|*)aaS Can I do Pipeline-as- conf? Are my vendors’ network topologies aligned? Is my network topology optimized for CD? Juni Mukherjee | @JuniTweets | https://continuity.world
  12. 12. Circuit-breaker(s) pattern How many assets are mandatory vs. nice-to- have vs. ? Juni Mukherjee | @JuniTweets | https://continuity.world
  13. 13. Anti-corruption layer (ACL) pattern Are my assets on- prem vs. cloudy? Do I have RBAC ? SoD. Juni Mukherjee | @JuniTweets | https://continuity.world
  14. 14. On our plate today  Anti patterns  Patterns  DevSecOps (and DevOps)  Analytics (and insights) Juni Mukherjee | @JuniTweets | https://continuity.world
  15. 15. Continuous delivery pipeline What happened to DevOps? Why did we leave out QA/Releas e/Biz? Juni Mukherjee | @JuniTweets | https://continuity.world <<Shift Left
  16. 16. OSS, Unit Test, SAST, DAST, Container For starters, are security specialists embedded in scrum teams? How do I assess my security posture? Juni Mukherjee | @JuniTweets | https://continuity.world DevSecOps
  17. 17. On our plate today  Anti patterns  Patterns  DevSecOps (and DevOps)  Analytics (and insights) Juni Mukherjee | @JuniTweets | https://continuity.world
  18. 18. Big picture KPI - Concept2Cash Where am I? Where should I be? Juni Mukherjee | @JuniTweets | https://continuity.world
  19. 19. Biggest bang for the buck Do I know how many environments I have vs. how many I need? Do I provision Dev(1..M), DevInt(1..N) , Perf(1..X), …? Juni Mukherjee | @JuniTweets | https://continuity.world
  20. 20. Show me the money! Do I trend speed and quality on the same canvas? Do teams have conflicting goals? Are my KPIs departmental vs. organizational ? Juni Mukherjee | @JuniTweets | https://continuity.world
  21. 21. Juni Mukherjee @JuniTweets Thank you! https://continuity.world

×