New SEI Tool Brings Visibility to DevSecOps Pipelines
• Press Release
Pittsburgh, Pa., May 6, 2024—While DevSecOps practices can help solve difficult service problems related to resilience, security, scale, and agility, they may lead to complex deployment pipelines that are built from many different solutions and tools, each of which comes with its own inherent complexity and cost to adopt. To help DevSecOps teams deal with this complexity, the Software Engineering Institute at Carnegie Mellon University today announced the release of a tool to give a comprehensive visualization of the complete DevSecOps pipeline.
The tool, called Polar, is an observability framework that provides a comprehensive picture of a software system’s deployment platform. Polar unlocks data that is captured by disparate tools within an organization, helping to answer complex questions about performance and security that are crucial for real-time decision-making and agility in the face of threats.
“Today’s DevSecOps pipelines are complex, and every environment is different,” said Morgan Farrah, assistant technical engagement lead in the SEI Software Solutions Division. “A common problem many DevSecOps users face is figuring out the relationships and integrations among all the disparate and changing components of their systems. Polar brings visibility into these systems by communicating with and building a graph model of any networked data source that is useful for decision making. This means users can make decisions using real-time information from the components of their entire DevSecOps organization.”
The number and types of stakeholders that require information about the DevSecOps pipeline can be broad. On a technology level, visibility into the pipeline is difficult because the data needed by different stakeholders is often held in many different systems, with many different means for accessing it, and no obvious way to use the information in one system to help answer questions and solve problems.
The Polar tool dynamically maps the relationships in this complex infrastructure and provides visibility into components that previously seemed unrelated. This kind of visibility can help users diagnose and track down problems when they arise.
“Polar adapts to changing data sources and represents the interconnected data in a central knowledge graph that closely models the way the organization thinks about its own data, unlike many representations created by product vendors,” said Joseph Yankel, senior engineer at the SEI. “This means queries return information about the real-time state of the organization’s data. The information graphs Polar provides can be used to build automation, monitoring, and alerting; to discover cost centers, reduce duplication, visualize end-to-end tool integration, and manage licensing; and to provide many more insights.”
SEI staff will be on hand at the RSA Conference 2024 to demonstrate Polar in booth No. 1743 (Moscone South). See the schedule for booth talks on the SEI’s RSA Conference participation website. For more information about how Polar works and how it was developed, see the SEI Blog post Polar: Improving DevSecOps Observability.
To download Polar visit the Carnegie Mellon Software Engineering Institute’s Github site.