Even though you’re a small startup or medium-sized business and just beginning your product journey, it doesn’t mean you can’t have a robust and scalable DevOps environment like the enterprise experts. It is always a good practice when building a startup or a new company to have a solid foundation and start implementing efficient and scalable solutions early. Join and learn how having a limited budget doesn’t mean you can’t have enterprise quality tools.
2. Who am I..
Richard Clark
Senior Solutions Engineer @JFrog
Twitter: @richs2k
3. Agenda
❖ What is DevOps and why is it so
important for startups?
❖ DevOps Playbook for success
❖ Why Binary Management Matters
❖ DevSecOps
❖ Cloud options
❖ Getting started
❖
❖
5. Coming up with a killer product idea is key
Product components required:
❏ Hardware IoT device that can
be built using OEM components
❏ Software developed by tech
founder before bringing on
other team members
❏ Cloud provider to host the
back-end logic for the product
6. Use all tools & resources at your disposal
Hardware
- Arduino dev kit for 1st MVP
Software
- C/C++, Python, Node.js, Docker, IDE
Team members - Yes
Money - Bootstrapped, Seed/Series A/B
7. Next scale your startup to production
Hardware
- Now build 100 prototypes for friends/family,
potential investors
Software
- Cloud Fees, Licensing fees
- Pay for development of new code
- UI/UX Design
Hiring Plan
- S/W Developers, H/W Engineers
- BizDev, Marketing, IT
But where do I get the
CA$$H to scale this?
14. This nets just enough cash to cut corners on
Infrastructure, what could possibly go wrong?
15. Instead let’s invest that money in building an
Enterprise-grade DevOps solution!
16. Why invest in DevOps?
● Release new features to market more frequently -
learn and iterate quickly & often
● Respond to market conditions - stay ahead of the
competition
● Focus more on Innovation and less on Infrastructure
● Life is saner for everyone:
○ IT operations
○ Software development & QA
○ Product owners
○ Business line owners
18. Ok so what do I need?
DevOps Playbook checklist:
❏ VCS-Source Code Management
❏ Binary Repository Manager
❏ Continuous Integration (CI) Server
❏ Security Scanning Solution
❏ Continuous Delivery (CD) for secure
delivery
19. <Poll Placeholder>
What type of DevOps solutions are you
using today? (select all that apply)
A. CI/CD Server
B. Binary Repository Manager
C. Software Composition Analysis
D. Containers (Docker, Kubernetes...)
E. None
34. VCS - Source Code Management
• Record of all source code being
used in development
• Timestamped, version controlled
• Versioning history / track release
notes
• Accountability / check-ins
35. The wall between Dev and Ops kills the speed
Plan Code Build Test
Release Deploy Operate Monitor
Ops
Dev
Ax
A0
B0
B1
B
y
B
z
36. Single source of truth creates faster flow
Plan Code Build Test Release Deploy Operate Monitor
OpsDev
A0
B0 B1
37. Binary Repository Managers
• E.g. JFrog Artifactory
• Proxy Cache
• System of Record
• Smart storage
– Much more than a passive space
• Critical for CI/CD and SDLC (S/W dev lifecycle)
• System of Record for:
- 3rd Party Libraries
- Your own artifacts
- Build information / results
- In-house plug-ins
38. 38
Binary Repository Managers
• Make sure the Binary Repository Manager you select
supports your desired package types
• Some vendors support more packages than others
39. Continuous Integration (CI) Server
• Build, test, deliver software projects continuously
• Automation platform that manages your SDLC:
– Source code repo ie: Github
– Binary Repository Manager ie: Artifactory
– Static and Dynamic security scanning
– CD (Continuous Delivery) for distribution
40. Development builds
Dev Integration tests
Integr. tests
Staging
Pre-Prod
Prod
Amount of builds
Build/Deploytime
Amount of
binaries
The Promotion Pyramid
42. Most software is composed of
90% open source components
Code base
Java, C, NPM, etc.
Operating System
VM, Docker, Iron, etc
API
Libraries
Base
OS
Your Code
Open Source & Compliance
43. Static code analysis
(Source code)
identifies defects before you run a
program (e.g, between coding
and unit testing).
Security Scanning Solutions
Component analysis
(Binaries - npm, debian,
dockers, RPMs, maven)
identifies defects within 3rd party
dependencies and OSS
components
44. Sounds great, how do I get there?
❖ How do you retain velocity
without sacrificing
security?
❖ What platforms can help
secure our code?
❖ How do we integrate with
what we have?
❖ There are many questions
but also many solutions
46. 130%
Net Expansion
5,000+
Customers
5 years
FCF Positive
$13B+
Market
FY'16 FY'17 FY'18
($M)
67%
YoY ARR
growth
65%
Significant Growth Momentum
Technology Leadership
Deloitte 2018
Technology
Fast 500
Winners
Forbes
CLOUD 100
LIST
2008
Founded
500+
Employees
Clients include
>70%
$230M
Raised to date The 2018
SD Times 100
Award
JFROG IN A NUTSHELL
48. JFrog Cloud Pro
Universal repository provides consistency for
your business
Simplicity/Ease of use for onboarding your
developers
Cache 3rd party software/libraries + speed
up development
Adopt agile devOps practices in your SDLC
Grow with your organization to our other
offerings (Pro X, Enterprise)
49. +JFrog Cloud Pro X
Includes all JFrog Cloud Pro features plus:
Security & Compliance
Full XRay security vulnerability scanning
VulnDB data included - daily updates
Open-source license compliance
51. Getting Started..
Start a free trial today to
kickstart your DevOps journey!
JFrog Cloud versions are the
fastest way to get up and
running and we manage the
instances for you.
52. Available Cloud Providers
We provide you a choice of
different cloud providers
Multi-Cloud and Hybrid
options are also available
53. Available Cloud Providers
We provide you a choice of
different cloud providers
Multi-Cloud and Hybrid
options are also available
54. Trial Options
JFrog offers different cloud
plans that scale as you grow
Cloud Pro includes Artifactory
to start building your POC
Cloud Pro X also includes Xray
for vulnerability scanning and
24/7 SLA support