SEI Insights

Category: DevOps

 Agile/DevOps, Best Practices in Insider Threat, and Dynamic Design Analysis: The Latest Work from the SEI

By on in

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, and presentations highlighting our work in cyber risk and resilience management, Agile/DevOps and risk management, best...

 Why You Should Apply Agile-DevOps Earlier in the Lifecycle

By on in

DevOps is a set of development practices that emphasizes collaboration, communication, and automation throughout the application lifecycle. In DevOps, all stakeholders--including IT operations staff, testers, developers, customers, and security personnel--are embedded from the inception of the project to its end....

 Collecting Data, The DevOps Way

By on in

Data collection and storage are a large component of almost all software projects. Even though most software projects include a data component, this topic is rarely discussed in the DevOps community. The adoption rate of database continuous delivery (CD) is...

 Incremental Security Hardening the DevOps Way

By on in

The art of security hardening is growing in demand. Modern system architectures and orchestration techniques that leverage virtualization, cloud providers, containers, and microservices enable an explosion of the number of hosts that comprise a system and in turn yield an...

 Fabric, Ansible, Amazon AWS, and Netflix: The Top 10 DevOps Posts of 2017 (So Far)

By on in

In the first six months of 2017, an increasing number of blog visitors were drawn to posts highlighting topics such as secure Devops, successful DevOps implementations at Amazon and Netflix as well as tutorials on using DevOps technologies such as...

 Microcosm: A Secure DevOps Pipeline as Code

By on in

You've heard the hype and read dozens of blog posts on DevOps, and your organization has decided to make this cultural shift in hopes of taking advantage of automation and the benefits of the Agile methodologies. Making this shift as...

 Six Remedies to Employee Resistance to DevOps

By on in

Problem: When implementing DevOps, experts typically focus on process and tooling, but little emphasis is given to the psychological and social aspects of team members, which can pose encumbrances to DevOps adoption in production software houses. Training development staff on...

 Information Visualization as a DevOps Monitoring Tool

By on in

From the dawn of humanity, people have been trying to represent knowledge visually to communicate ideas to their peers. Yet we still struggle to this day whenever we need to present information in a way that is both simple and...

 Spreading Security with Overcommit

By on in

We often discuss how important it is to incorporate security into all parts of the DevOps software development lifecycle (SDLC). For example, my post Security...Security Everywhere discusses what types of security can be incorporated into the different phases of the...

 The Secure "Hello World"

By on in

Software development project stakeholders can often be tempted to put security requirements on the back burner when developing software systems. During one particular large-scale software development project I was involved with, which was a distributed system consisting of many components...

 Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top DevOps Posts of 2016

By on in

Awareness and adoption of DevOps continues to grow. A 2016 DevOps trends report found that DevOps adoption increased from 66 percent in 2015 to 74 percent in 2016 In 2016, visitors to the SEI DevOps Blog were drawn to posts...

 An Introduction to Secure DevOps: Including Security in the Software Lifecycle

By on in

The term "software security" often evokes negative feelings among software developers because it is associated with additional programming effort, uncertainty, and road blocks on fast development and release cycle. To secure software, developers must follow numerous guidelines that, while intended...

 Vagrant Box Wrangling

By on in

So, you're using Vagrant, and maybe you've even read my earlier post on it, but your Vagrant box doesn't have everything you need. Or maybe it has too much, and you need something simpler. For instance, do you find yourself...

 Three Strategies to Minimize the Implementation Dip in DevOps

By on in

Change is hard. When we help teams adopt DevOps processes or more general Agile methodologies, we often encounter initial resistance. When people learn a new tool or process, productivity and enthusiasm consistently dip, which is known as the "implementation dip."...

 Whitebox Monitoring with Prometheus

By on in

In the ever-changing world of DevOps, where micro-services and distributed architectures are becoming the norm, the need to understand application internal state is growing rapidly. Whitebox monitoring gives you details about the internal state of your application, such as the...

 Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top 10 DevOps Posts of (The First Six Months) of 2016

By on in

It has been nearly a year since the DevOps blog launched its own platform. In the nearly 12 months since our launch, we have offered guidelines, practical advice, and tutorials to the ever-increasing number of organizations adopting DevOps (up 26...

 Security...Security Everywhere

By on in

In this DevOps revolution, we are trying to make everything continuous: continuous integration, continuous deployment, continuous monitoring--the list goes on. One term you rarely hear, however, is continuous security, because it is often seen as an afterthought when building and...

 Backing From the Cliff's Edge: Minimizing Risk With DevOps

By on in

DevOps practices can increase the validity of software tests and decrease risk in deploying software changes to production environments. Anytime a software change is deployed to production, there is a risk that the change will break and lead to a...

 From Vagrant to Victory

By on in

A few years ago, my team took the task of designing and writing a new (and fairly large) web application project that required us to work collaboratively on features, deploy to unfamiliar environments, and work with other teams to complete...

 Will continuous integration improve the security of my application?

By on in

I am often asked how to help DevOps organizations improve their software and system security by integrating security testing into their new and expanding continuous integration (CI) environment. The first thing I say is, "It is great that you are...