search menu icon-carat-right cmu-wordmark

Archive: 2017

Collecting Data, The DevOps Way

Collecting Data, The DevOps Way

• DevOps Blog
Kiriakos Kontostathis

Data collection and storage are a large component of almost all software projects. Even though most software projects include a data component, this topic is rarely discussed in the DevOps community. The adoption rate of database continuous delivery (CD) is about half the rate of application CD. There are several reasons for this, but the primary one is that databases rarely change as often as applications do. There may be a few model changes, but...

Read More
Incremental Security Hardening the DevOps Way

Incremental Security Hardening the DevOps Way

• DevOps Blog
Aaron Volkmann

The art of security hardening is growing in demand. Modern system architectures and orchestration techniques that leverage virtualization, cloud providers, containers, and microservices enable an explosion of the number of hosts that comprise a system and in turn yield an increase of the attack surface area. This post provides insights on how to execute a security hardening strategy with a DevOps mindset....

Read More
Microcosm: A Secure DevOps Pipeline as Code

Microcosm: A Secure DevOps Pipeline as Code

• DevOps Blog
Shane Ficorilli

You've heard the hype and read dozens of blog posts on DevOps, and your organization has decided to make this cultural shift in hopes of taking advantage of automation and the benefits of the Agile methodologies. Making this shift as an engineering team, however, can often be cumbersome because many tech professionals are still unfamiliar with the technologies required to implement a complete DevOps pipeline, let alone one that includes security automation as well. In...

Read More
Six Remedies to Employee Resistance to DevOps

Six Remedies to Employee Resistance to DevOps

• DevOps Blog
Hasan Yasar

Problem: When implementing DevOps, experts typically focus on process and tooling, but little emphasis is given to the psychological and social aspects of team members, which can pose encumbrances to DevOps adoption in production software houses. Training development staff on DevOps tools and processes is costly, so a significant risk occurs when training fails to produce full adoption by development teams. At the end of the day, people will adopt the tools and processes, but...

Read More
Information Visualization as a DevOps Monitoring Tool

Information Visualization as a DevOps Monitoring Tool

• DevOps Blog
Luiz Antunes

From the dawn of humanity, people have been trying to represent knowledge visually to communicate ideas to their peers. Yet we still struggle to this day whenever we need to present information in a way that is both simple and effective. In this blog post, the first in a series on Information Visualization in DevOps, I explore how visual graphics can assist in the DevOps process....

Read More
Spreading Security with Overcommit

Spreading Security with Overcommit

• DevOps Blog
Kiriakos Kontostathis

We often discuss how important it is to incorporate security into all parts of the DevOps software development lifecycle (SDLC). For example, my post Security...Security Everywhere discusses what types of security can be incorporated into the different phases of the SDLC. However, incorporating security is often hard, due to part to the fact that most automated security testing tools are only available in a couple of places in the SDLC, primarily the continuous integration (CI)...

Read More
The Secure

The Secure "Hello World"

• DevOps Blog
Aaron Volkmann

Software development project stakeholders can often be tempted to put security requirements on the back burner when developing software systems. During one particular large-scale software development project I was involved with, which was a distributed system consisting of many components communicating over the network, runtime performance was the most important quality attribute. The engineers brilliantly invented their own lightweight protocol to maximize runtime performance. Once the system was to be transitioned into production operations, it...

Read More