search menu icon-carat-right cmu-wordmark

Archive: 2016

Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top DevOps Posts of 2016

Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top DevOps Posts of 2016

• DevOps Blog
Hasan Yasar

Awareness and adoption of DevOps continues to grow. A 2016 DevOps trends report found that DevOps adoption increased from 66 percent in 2015 to 74 percent in 2016 In 2016, visitors to the SEI DevOps Blog were drawn to posts highlighting successful DevOps implementations at Amazon and Netflix, as well as tutorials on Fabric, Ansible, and Docker. This post presents in descending order (with number one at the bottom being the most popular) the five...

Read More
An Introduction to Secure DevOps: Including Security in the Software Lifecycle

An Introduction to Secure DevOps: Including Security in the Software Lifecycle

• DevOps Blog
Hasan Yasar

The term "software security" often evokes negative feelings among software developers because it is associated with additional programming effort, uncertainty, and road blocks on fast development and release cycle. To secure software, developers must follow numerous guidelines that, while intended to satisfy some regulation or other, can be very restrictive and hard to understand. As a result, a lot of fear, uncertainty, and doubt can surround software security. This blog post, the first in a...

Read More
Vagrant Box Wrangling

Vagrant Box Wrangling

• DevOps Blog
Tim Palko

So, you're using Vagrant, and maybe you've even read my earlier post on it, but your Vagrant box doesn't have everything you need. Or maybe it has too much, and you need something simpler. For instance, do you find yourself installing or removing packages or fixing packages to specific versions to get parity with your production platform? Or maybe you need more extensive auditing over your environment, such as when you (or your customer) can't...

Read More
Three Strategies to Minimize the Implementation Dip in DevOps

Three Strategies to Minimize the Implementation Dip in DevOps

• DevOps Blog
Todd Waits

Change is hard. When we help teams adopt DevOps processes or more general Agile methodologies, we often encounter initial resistance. When people learn a new tool or process, productivity and enthusiasm consistently dip, which is known as the "implementation dip." This dip should not be feared, however, but embraced. In his book Leading in a Culture of Change, Michael Fullan defines the implementation dip as "a dip in performance and confidence as one encounters an...

Read More
Whitebox Monitoring with Prometheus

Whitebox Monitoring with Prometheus

• DevOps Blog
Joe Yankel

In the ever-changing world of DevOps, where micro-services and distributed architectures are becoming the norm, the need to understand application internal state is growing rapidly. Whitebox monitoring gives you details about the internal state of your application, such as the total number of HTTP requests on your web server or the number of errors logged. In contrast, blackbox testing (e.g., Nagios) allows you to check a system or application (e.g., checking disk space, or pinging...

Read More
Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top 10 DevOps Posts of (The First Six Months) of 2016

Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top 10 DevOps Posts of (The First Six Months) of 2016

• DevOps Blog
Hasan Yasar

It has been nearly a year since the DevOps blog launched its own platform. In the nearly 12 months since our launch, we have offered guidelines, practical advice, and tutorials to the ever-increasing number of organizations adopting DevOps (up 26 percent since 2011). In the first six months of 2016, an increasing number of blog visitors were drawn to posts highlighting successful DevOps implementations at Amazon and Netflix as well as tutorials on new technologies...

Read More
Security...Security Everywhere

Security...Security Everywhere

• DevOps Blog
Kiriakos Kontostathis

In this DevOps revolution, we are trying to make everything continuous: continuous integration, continuous deployment, continuous monitoring--the list goes on. One term you rarely hear, however, is continuous security, because it is often seen as an afterthought when building and implementing a delivery pipeline. The pipeline I will be discussing has six components: plan, code, build, test, release, and operate. There is also a seventh, less-formal component, which is the iterative nature of the delivery...

Read More
Backing From the Cliff's Edge: Minimizing Risk With DevOps

Backing From the Cliff's Edge: Minimizing Risk With DevOps

• DevOps Blog
Aaron Volkmann

DevOps practices can increase the validity of software tests and decrease risk in deploying software changes to production environments. Anytime a software change is deployed to production, there is a risk that the change will break and lead to a service outage. This risk is minimized through rigorous testing of the software in a separate test environment where the change can be safely vetted without affecting normal business operations. Problems can arise, however, when these...

Read More
From Vagrant to Victory

From Vagrant to Victory

• DevOps Blog
Tim Palko

A few years ago, my team took the task of designing and writing a new (and fairly large) web application project that required us to work collaboratively on features, deploy to unfamiliar environments, and work with other teams to complete those deployments. Does this sound like DevOps yet? Our task was to make these deployments happen with limited resources; however, we didn't want to sacrifice environment parity or automation, knowing that these would help our...

Read More
Will continuous integration improve the security of my application?

Will continuous integration improve the security of my application?

• DevOps Blog
Joe Yankel

I am often asked how to help DevOps organizations improve their software and system security by integrating security testing into their new and expanding continuous integration (CI) environment. The first thing I say is, "It is great that you are treating security testing as important a task as other software tests." Security testing is often overlooked or simply manually done at the end of a software release cycle, if at all. When I ask them,...

Read More
Malicious User Stories, Rejection Criteria, and the New Business Value

Malicious User Stories, Rejection Criteria, and the New Business Value

• DevOps Blog
Todd Waits

Traditionally, DevOps practitioners think of business value as simply measuring the difference between money earned and money spent. In that line of thinking, security is often relegated to a secondary goal because it fails to directly drive revenue. The misguided goal is to deliver functionality at all costs, even if it compromises the integrity of the system or data. As Rob Joyce, head of the National Security Agency's Tailored Access Operations group, mentions in his...

Read More
Adding Security to Your DevOps Pipeline

Adding Security to Your DevOps Pipeline

• DevOps Blog
Kiriakos Kontostathis

DevOps practitioners often omit security testing when building their DevOps pipelines because security is often linked with slow-moving business units and outdated policies. These characteristics conflict with the overall goal of DevOps, which is to improve the software delivery process. However, security plays an important role in the software development lifecycle and must be addressed in all applications. Incorporating security into different stages of the DevOps pipeline will not only start to automate security, but...

Read More
Fabric, Ansible, Docker, and Chaos Monkey: The Top 10 DevOps Posts of 2015

Fabric, Ansible, Docker, and Chaos Monkey: The Top 10 DevOps Posts of 2015

• DevOps Blog
Hasan Yasar

By Hasan Yasar Technical Manager Cyber Engineering Solutions Group In August 2015, the DevOps blog launched its own platform. The blog offers guidelines, practical advice, and tutorials to the ever-increasing number of organizations adopting DevOps (up 26 percent since 2011). According to recent research, those organizations ship code 30 times faster. Despite the obvious benefits of DevOps, many organizations hesitate to embrace it, which requires a shifting mindset--and cultural and technical requirements--that prove challenging in...

Read More