Published: Jun 19, 2020

redesigning DevSecOps

DevSecOps is supposed to introduce speed and efficiency into the application development cycle while ensuring security is embedded into every part of the process. For one government agency, the current DevSecOps pipeline designed was inefficient and not maintainable.

The organisation wanted to make several changes in its applications and was relying on DevSecOps tools to get the job done quickly and efficiently. DevSecOps was expected to create a highly-collaborative environment between the developers and product owners, allowing the applications to be developed within two to three months using Agile Sprints.

However, what it ended up with were processes that were difficult to manage, leading to high overheads. Due to limitations in the network environment, the continuous integration (CI) and continuous deployment (CD) processes were isolated from each other, which went contrary to the principles and practices of DevOps design and created issues with pipeline management. Governance and traceability were also lacking, with little visibility into the version of codes that were being deployed into the production environment.

NCS was invited to redesign the DevSecOps process and find ways to leverage the organisation’s existing investment in tools to bring application and release management teams together to participate in and review the software release process.

After reviewing the state of DevSecOps in the organisation, NCS proposed setting up a collaborative environment where developers and users could work from multiple locations to reduce cost, while being able to exchange information seamlessly. It also proposed improvements to how DevSecOps tools could be used for the development of proof-of-concepts and applications.

For example, the Jenkins CI/CD pipeline was redesigned using “Pipeline as Code” to improve maintainability, with the pipeline code maintained using the DevOps lifecycle tool GitLab to ensure proper version control. The “Multibranch Pipeline” approach was also applied to automatically discover, manage and execute pipelines for branches and provide instant feedback on the status of each source code branch.

Shift left practices, where testing is performed earlier in the project lifecycle, were also recommended to ensure quality code and deliverables.

Another step that NCS took was to re-evaluate plugins for the task management platform Jira and the collaboration software program Confluence, as well as the AWS EC2 instance types used by the DevOps tools to better manage operating costs.

The collaborative platform proposed by NCS enabled the product owner and developer to work together and document the application development process more efficiently. This helped development teams to shorten project iterations and reduce the time taken from project approval to “go-live”, while ensuring that the end-product was acceptable to the customer.

Governance was enhanced with continuous feedback and improved traceability for different revisions, versions and releases, and management overheads were reduced through the use of the CI/CD process to manage the incremental build of the product.

At the same time, elimination of unnecessary plugins and instances helped reduce operating costs while the use of the AWS Relational Database Service enhanced the availability and reliability of the databases required for the DevOps tools including GitLab, SonarQube, Jira and Confluence.