The document outlines a presentation by Richard Clark on how startups can implement enterprise-grade DevOps solutions on a budget. It emphasizes the importance of DevOps for faster product iterations, market responsiveness, and efficient resource management while providing a checklist of necessary tools like source code management and security scanning. The document also discusses funding strategies and the significance of investing in a solid DevOps infrastructure to support growth and innovation.

1. Enterprise Grade DevOps
Solutions for a Startup Budget

2. Who am I..
Richard Clark
Senior Solutions Engineer @JFrog
Twitter: @richs2k

3. Agenda
❖ What is DevOps and why is it so
important for startups?
❖ DevOps Playbook for success
❖ Why Binary Management Matters
❖ DevSecOps
❖ Cloud options
❖ Getting started
❖
❖

4. Taking the Startup Journey

5. Coming up with a killer product idea is key
Product components required:
❏ Hardware IoT device that can
be built using OEM components
❏ Software developed by tech
founder before bringing on
other team members
❏ Cloud provider to host the
back-end logic for the product

6. Use all tools & resources at your disposal
Hardware
- Arduino dev kit for 1st MVP
Software
- C/C++, Python, Node.js, Docker, IDE
Team members - Yes
Money - Bootstrapped, Seed/Series A/B

7. Next scale your startup to production
Hardware
- Now build 100 prototypes for friends/family,
potential investors
Software
- Cloud Fees, Licensing fees
- Pay for development of new code
- UI/UX Design
Hiring Plan
- S/W Developers, H/W Engineers
- BizDev, Marketing, IT
But where do I get the
CA$$H to scale this?

8. TechCrunch and VC funding to the rescue!
Now how to spend it wisely?

9. You could throw a big party on Alcatraz

10. Invest in a swanky new office..

11. … with glass walls

12. Buy a sweet new car..

13. … with doors that open like this

14. This nets just enough cash to cut corners on
Infrastructure, what could possibly go wrong?

15. Instead let’s invest that money in building an
Enterprise-grade DevOps solution!

16. Why invest in DevOps?
● Release new features to market more frequently -
learn and iterate quickly & often
● Respond to market conditions - stay ahead of the
competition
● Focus more on Innovation and less on Infrastructure
● Life is saner for everyone:
○ IT operations
○ Software development & QA
○ Product owners
○ Business line owners

17. 17
Survey says.. Faster is better!

18. Ok so what do I need?
DevOps Playbook checklist:
❏ VCS-Source Code Management
❏ Binary Repository Manager
❏ Continuous Integration (CI) Server
❏ Security Scanning Solution
❏ Continuous Delivery (CD) for secure
delivery

19. <Poll Placeholder>
What type of DevOps solutions are you
using today? (select all that apply)
A. CI/CD Server
B. Binary Repository Manager
C. Software Composition Analysis
D. Containers (Docker, Kubernetes...)
E. None

20. THE DEVOPS ECOSYSTEM

21. Understanding the CI/CD process

22. Understanding the CI/CD process

23. Understanding the CI/CD process

24. Understanding the CI/CD process

25. Understanding the CI/CD process

26. Understanding the CI/CD process

27. Understanding the CI/CD process

28. Understanding the CI/CD process

29. Understanding the CI/CD process

30. Understanding the CI/CD process

31. Understanding the CI/CD process

32. Understanding the CI/CD process

33. DevOps

34. VCS - Source Code Management
• Record of all source code being
used in development
• Timestamped, version controlled
• Versioning history / track release
notes
• Accountability / check-ins

35. The wall between Dev and Ops kills the speed
Plan Code Build Test
Release Deploy Operate Monitor
Ops
Dev
Ax
A0
B0
B1
B
y
B
z

36. Single source of truth creates faster flow
Plan Code Build Test Release Deploy Operate Monitor
OpsDev
A0
B0 B1

37. Binary Repository Managers
• E.g. JFrog Artifactory
• Proxy Cache
• System of Record
• Smart storage
– Much more than a passive space
• Critical for CI/CD and SDLC (S/W dev lifecycle)
• System of Record for:
- 3rd Party Libraries
- Your own artifacts
- Build information / results
- In-house plug-ins

38. 38
Binary Repository Managers
• Make sure the Binary Repository Manager you select
supports your desired package types
• Some vendors support more packages than others

39. Continuous Integration (CI) Server
• Build, test, deliver software projects continuously
• Automation platform that manages your SDLC:
– Source code repo ie: Github
– Binary Repository Manager ie: Artifactory
– Static and Dynamic security scanning
– CD (Continuous Delivery) for distribution

40. Development builds
Dev Integration tests
Integr. tests
Staging
Pre-Prod
Prod
Amount of builds
Build/Deploytime
Amount of
binaries
The Promotion Pyramid

41. Now what about Security?

42. Most software is composed of
90% open source components
Code base
Java, C, NPM, etc.
Operating System
VM, Docker, Iron, etc
API
Libraries
Base
OS
Your Code
Open Source & Compliance

43. Static code analysis
(Source code)
identifies defects before you run a
program (e.g, between coding
and unit testing).
Security Scanning Solutions
Component analysis
(Binaries - npm, debian,
dockers, RPMs, maven)
identifies defects within 3rd party
dependencies and OSS
components

44. Sounds great, how do I get there?
❖ How do you retain velocity
without sacrificing
security?
❖ What platforms can help
secure our code?
❖ How do we integrate with
what we have?
❖ There are many questions
but also many solutions

45. CONTINUOUS
SECURITY
END-TO-END
PLATFORM
SCALES TO
INFINITY
RADICALLY
UNIVERSAL
HYBRID AND
MULTI-CLOUD
INTEGRATED
ECOSYSTEM
JFROG’S UNIFIED APPROACH

46. 130%
Net Expansion
5,000+
Customers
5 years
FCF Positive
$13B+
Market
FY'16 FY'17 FY'18
($M)
67%
YoY ARR
growth
65%
Significant Growth Momentum
Technology Leadership
Deloitte 2018
Technology
Fast 500
Winners
Forbes
CLOUD 100
LIST
2008
Founded
500+
Employees
Clients include
>70%
$230M
Raised to date The 2018
SD Times 100
Award
JFROG IN A NUTSHELL

47. Cloud
Demo

48. JFrog Cloud Pro
Universal repository provides consistency for
your business
Simplicity/Ease of use for onboarding your
developers
Cache 3rd party software/libraries + speed
up development
Adopt agile devOps practices in your SDLC
Grow with your organization to our other
offerings (Pro X, Enterprise)

49. +JFrog Cloud Pro X
Includes all JFrog Cloud Pro features plus:
Security & Compliance
Full XRay security vulnerability scanning
VulnDB data included - daily updates
Open-source license compliance

50. Getting
Started

51. Getting Started..
Start a free trial today to
kickstart your DevOps journey!
JFrog Cloud versions are the
fastest way to get up and
running and we manage the
instances for you.

52. Available Cloud Providers
We provide you a choice of
different cloud providers
Multi-Cloud and Hybrid
options are also available

53. Available Cloud Providers
We provide you a choice of
different cloud providers
Multi-Cloud and Hybrid
options are also available

54. Trial Options
JFrog offers different cloud
plans that scale as you grow
Cloud Pro includes Artifactory
to start building your POC
Cloud Pro X also includes Xray
for vulnerability scanning and
24/7 SLA support

55. JFrog Training
Artifactory - Binary
Repository Manager
Xray - Security &
Vulnerability Scanning
Education:
❏ Developers
❏ Administrators
❏ DevOps Engineers
❏ DevSecOps Engineers
http://academy.jfrog.com

56. JFrog Training
Artifactory - Binary
Repository Manager
Xray - Security &
Vulnerability Scanning
Education:
❏ Developers
❏ Administrators
❏ DevOps Engineers
❏ DevSecOps Engineers

57. So who’s tired of managing DevOps like this..
And ready to start your
journey like the pros..

58. Thank You