SEI Insights

Category: DevOps

 Three Strategies to Minimize the Implementation Dip in DevOps

By on in

Change is hard. When we help teams adopt DevOps processes or more general Agile methodologies, we often encounter initial resistance. When people learn a new tool or process, productivity and enthusiasm consistently dip, which is known as the "implementation dip."...

 Whitebox Monitoring with Prometheus

By on in

In the ever-changing world of DevOps, where micro-services and distributed architectures are becoming the norm, the need to understand application internal state is growing rapidly. Whitebox monitoring gives you details about the internal state of your application, such as the...

 Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top 10 DevOps Posts of (The First Six Months) of 2016

By on in

It has been nearly a year since the DevOps blog launched its own platform. In the nearly 12 months since our launch, we have offered guidelines, practical advice, and tutorials to the ever-increasing number of organizations adopting DevOps (up 26...

 Security...Security Everywhere

By on in

In this DevOps revolution, we are trying to make everything continuous: continuous integration, continuous deployment, continuous monitoring--the list goes on. One term you rarely hear, however, is continuous security, because it is often seen as an afterthought when building and...

 Backing From the Cliff's Edge: Minimizing Risk With DevOps

By on in

DevOps practices can increase the validity of software tests and decrease risk in deploying software changes to production environments. Anytime a software change is deployed to production, there is a risk that the change will break and lead to a...

 From Vagrant to Victory

By on in

A few years ago, my team took the task of designing and writing a new (and fairly large) web application project that required us to work collaboratively on features, deploy to unfamiliar environments, and work with other teams to complete...

 Will continuous integration improve the security of my application?

By on in

I am often asked how to help DevOps organizations improve their software and system security by integrating security testing into their new and expanding continuous integration (CI) environment. The first thing I say is, "It is great that you are...

 Malicious User Stories, Rejection Criteria, and the New Business Value

By on in

Traditionally, DevOps practitioners think of business value as simply measuring the difference between money earned and money spent. In that line of thinking, security is often relegated to a secondary goal because it fails to directly drive revenue. The misguided...

 Adding Security to Your DevOps Pipeline

By on in

DevOps practitioners often omit security testing when building their DevOps pipelines because security is often linked with slow-moving business units and outdated policies. These characteristics conflict with the overall goal of DevOps, which is to improve the software delivery process....

 Fabric, Ansible, Docker, and Chaos Monkey: The Top 10 DevOps Posts of 2015

By on in

By Hasan Yasar Technical Manager Cyber Engineering Solutions Group In August 2015, the DevOps blog launched its own platform. The blog offers guidelines, practical advice, and tutorials to the ever-increasing number of organizations adopting DevOps (up 26 percent since 2011)....

 The Top 10 Blog Posts of 2015: Technical Debt, DevOps, Graph Analytics, Secure Coding, and Testing

By on in

In 2015, the SEI blog launched a redesigned platform to make browsing easier, and our content areas more accessible and easier to navigate. The SEI Blog audience also continued to grow with an ever-increasing number of visitors learning more about...

 Monitoring in the DevOps Pipeline

By on in

By Tim PalkoSenior Member of the Technical StaffCERT Cyber Security Solutions Directorate In the realm of DevOps, automation often takes the spotlight, but nothing is more ubiquitous than the monitoring. There is value to increased awareness during each stage of...

 Integrating Your Development and Application Security Pipelines Through DevOps

By on in

By Aaron Volkmann Senior Research Engineer CERT Division The DevOps philosophy prescribes an increase in communication and collaboration between software development and operations teams to realize better outcomes in software development and delivery endeavors. In addition to bringing development and...

 Developing with Otto: A First Look

By on in

By Aaron Volkmann Senior Research Engineer CERT Division You will be hard pressed to find a DevOps software development shop that doesn't employ Vagrant to provision their local software development environments during their development phase. In this blog post, I...

 Applying DevOps Principles in Incident Response

By on in

By Todd WaitsProject Lead CERT Division DevOps principles focus on helping teams and organizations deliver business value as quickly and consistently as possible. While the principles advocate for improving the coordination between development and operational teams, they can be adapted...

  A DevOps a Day Keeps the Auditors Away (and Helps Organizations Stay in Compliance with Federal Regulations such as Sarbanes-Oxley)

By on in

Aaron VolkmannSenior Research EngineerCERT DivisionIn response to several corporate scandals, such as Enron, Worldcom, and Tyco, in the early 2000s congress enacted the Sarbanes-Oxley (SOX) act. The SOX act requires publicly traded companies to maintain a series of internal controls...

 DevOps for Contractors

By on in

The challenges of DevOps--a cultural change, learning new technologies, and making a big-picture impact for a software project team--are possibly even more challenging in contract work. In this blog post, I'll expand on some of my past experiences as a...

 Three Challenges to Documentation for DevOps Teams

By on in

Formal documentation (such as source code documentation, system requirements and design documentation, or documentation for various user types) is often completely ignored by development teams; applying DevOps processes and philosophies to documentation can help alleviate this problem. Software documentation tends...

 Devops Q&A: Frequently Asked Questions

By on in

Since beginning our DevOps blog in November, and participating in webinars and conferences, we have received many questions that span the various facets of DevOps, including change management, security, and methodologies. This post will address some of the most frequently...

 Fabric, Ansible, Docker, and Chaos Monkey: The DevOps Mid-Year Review

By on in

In late 2014, the SEI blog introduced a biweekly series of blog posts offering guidelines, practical advice, and tutorials for organizations seeking to adopt DevOps. These posts are aimed at the ever-increasing number of organizations adopting DevOps (up 26 percent...