search menu icon-carat-right cmu-wordmark

DevOps Blog

Technical Guidelines and Practical Advice for DevOps

Latest Posts

Establishing the Pre-assessment DevOps Posture of an SDLC in a Highly Regulated Environment: Third in a Series

Establishing the Pre-assessment DevOps Posture of an SDLC in a Highly Regulated Environment: Third in a Series

• DevOps Blog
Jose Morales

This third installment in our blog series on implementing DevOps in highly regulated environments (HREs), which is based upon a recently published paper, discusses the second step in a DevOps assessment: establishing the pre-assessment DevOps posture of an HRE. (Read the first and second post in the series.) The posture is the current DevOps implementation, if any, in an HRE's software development lifecycle (SDLC). Recall that the ultimate goal of the DevOps assessment is to...

Read More
Expectations for Implementing DevOps in a Highly Regulated Environment: Second in a Series

Expectations for Implementing DevOps in a Highly Regulated Environment: Second in a Series

• DevOps Blog
Jose Morales

This second installment in the blog post series on implementing DevOps in highly regulated environments (HREs), which is excerpted from a recently published paper, discusses the first step in a DevOps assessment: setting expectations with the organization. This step is a critical task in an assessment because it sets the boundaries of what will be performed and delivered....

Read More
Challenges to Implementing DevOps in Highly Regulated Environments: First in a Series

Challenges to Implementing DevOps in Highly Regulated Environments: First in a Series

• DevOps Blog
Jose Morales

In academia, government, and industry, DevOps has become a standard, straightforward option for streamlining efforts and increasing comprehensive participation by all stakeholders in the software development lifecycle (SDLC). In highly regulated environments (HREs) within these three sectors, however, applying DevOps can prove challenging. HREs are mandated by policies for various reasons, the most often being general security and protection of intellectual property thus making the sharing and open access principles of DevOps that much harder...

Read More
Deploying the CERT Microcosm DevSecOps Pipeline using Docker-Compose and Kubernetes

Deploying the CERT Microcosm DevSecOps Pipeline using Docker-Compose and Kubernetes

• DevOps Blog
Shane Ficorilli

According to DevSecOps: Early, Everywhere, at Scale, a survey published by Sonatype, "Mature DevOps organizations are able to perform automated security analysis on each phase (design, develop, test) more often than non-DevOps organizations." Since DevOps enables strong collaboration and automation of the process and enforces traceability, mature DevOps organizations are more likely to perform automated security analysis than non DevOps organizations. My previous blog post, Microcosm: A Secure DevOps Pipeline as Code, helped address the...

Read More
Improving Data Analysis with DevOps

Improving Data Analysis with DevOps

• DevOps Blog
Kiriakos Kontostathis

Data analysis is complex and, at times, overwhelming. Automation increases an analysis team's ability to continuously improve their process. Specifically, the automation of software is the best way to manage all of the iteration and repetition that proper data analysis requires. DevOps is the perfect fit when planning a project that requires software, automation, and collaboration. In particular, DevOps improves all aspects of the data analysis process and allows teams to automate all software-based aspects...

Read More
Improving Security and Stability by Using DevOps Strategies

Improving Security and Stability by Using DevOps Strategies

• DevOps Blog
Douglas Reynolds

When it comes to information technology services that are customer facing, traditional enterprise organizations tend to favor stability over change. According to a Netcraft survey from March of last year, there were 185 million web sites hosted by Windows 2003, an operating system that has been out of support since July 2015 . Many of these servers are still running because of the "if it isn't broken, don't fix it" motto. While reducing software and...

Read More
Collecting Data, The DevOps Way

Collecting Data, The DevOps Way

• DevOps Blog
Kiriakos Kontostathis

Data collection and storage are a large component of almost all software projects. Even though most software projects include a data component, this topic is rarely discussed in the DevOps community. The adoption rate of database continuous delivery (CD) is about half the rate of application CD. There are several reasons for this, but the primary one is that databases rarely change as often as applications do. There may be a few model changes, but...

Read More
Incremental Security Hardening the DevOps Way

Incremental Security Hardening the DevOps Way

• DevOps Blog
Aaron Volkmann

The art of security hardening is growing in demand. Modern system architectures and orchestration techniques that leverage virtualization, cloud providers, containers, and microservices enable an explosion of the number of hosts that comprise a system and in turn yield an increase of the attack surface area. This post provides insights on how to execute a security hardening strategy with a DevOps mindset....

Read More