search menu icon-carat-right cmu-wordmark

DevOps Blog

Technical Guidelines and Practical Advice for DevOps

Latest Posts

Microcosm: A Secure DevOps Pipeline as Code

Microcosm: A Secure DevOps Pipeline as Code

• DevOps Blog
Shane Ficorilli

You've heard the hype and read dozens of blog posts on DevOps, and your organization has decided to make this cultural shift in hopes of taking advantage of automation and the benefits of the Agile methodologies. Making this shift as an engineering team, however, can often be cumbersome because many tech professionals are still unfamiliar with the technologies required to implement a complete DevOps pipeline, let alone one that includes security automation as well. In...

Read More
Six Remedies to Employee Resistance to DevOps

Six Remedies to Employee Resistance to DevOps

• DevOps Blog
Hasan Yasar

Problem: When implementing DevOps, experts typically focus on process and tooling, but little emphasis is given to the psychological and social aspects of team members, which can pose encumbrances to DevOps adoption in production software houses. Training development staff on DevOps tools and processes is costly, so a significant risk occurs when training fails to produce full adoption by development teams. At the end of the day, people will adopt the tools and processes, but...

Read More
Information Visualization as a DevOps Monitoring Tool

Information Visualization as a DevOps Monitoring Tool

• DevOps Blog
Luiz Antunes

From the dawn of humanity, people have been trying to represent knowledge visually to communicate ideas to their peers. Yet we still struggle to this day whenever we need to present information in a way that is both simple and effective. In this blog post, the first in a series on Information Visualization in DevOps, I explore how visual graphics can assist in the DevOps process....

Read More
Spreading Security with Overcommit

Spreading Security with Overcommit

• DevOps Blog
Kiriakos Kontostathis

We often discuss how important it is to incorporate security into all parts of the DevOps software development lifecycle (SDLC). For example, my post Security...Security Everywhere discusses what types of security can be incorporated into the different phases of the SDLC. However, incorporating security is often hard, due to part to the fact that most automated security testing tools are only available in a couple of places in the SDLC, primarily the continuous integration (CI)...

Read More
The Secure

The Secure "Hello World"

• DevOps Blog
Aaron Volkmann

Software development project stakeholders can often be tempted to put security requirements on the back burner when developing software systems. During one particular large-scale software development project I was involved with, which was a distributed system consisting of many components communicating over the network, runtime performance was the most important quality attribute. The engineers brilliantly invented their own lightweight protocol to maximize runtime performance. Once the system was to be transitioned into production operations, it...

Read More
Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top DevOps Posts of 2016

Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top DevOps Posts of 2016

• DevOps Blog
Hasan Yasar

Awareness and adoption of DevOps continues to grow. A 2016 DevOps trends report found that DevOps adoption increased from 66 percent in 2015 to 74 percent in 2016 In 2016, visitors to the SEI DevOps Blog were drawn to posts highlighting successful DevOps implementations at Amazon and Netflix, as well as tutorials on Fabric, Ansible, and Docker. This post presents in descending order (with number one at the bottom being the most popular) the five...

Read More
An Introduction to Secure DevOps: Including Security in the Software Lifecycle

An Introduction to Secure DevOps: Including Security in the Software Lifecycle

• DevOps Blog
Hasan Yasar

The term "software security" often evokes negative feelings among software developers because it is associated with additional programming effort, uncertainty, and road blocks on fast development and release cycle. To secure software, developers must follow numerous guidelines that, while intended to satisfy some regulation or other, can be very restrictive and hard to understand. As a result, a lot of fear, uncertainty, and doubt can surround software security. This blog post, the first in a...

Read More