This is a 5 articles series on how to design and implement more scalable, agile-aligned, and futuristic “Devsecops”.
This is the 4th article in the series.
As discussed in previous article Application devsecops should be agile aligned and should facilitate development teams, QA teams and Release Manager.
Importants points to consider during Application devsecops are following –
Code management should be handled entirely by development team.
Code should be released in packages for feature testing and for release testing, and same package should move from QA, Staging to Production. This puts the requirement that any code developed be it UI dashboards or workflows or anything, it should be portable across environments.
Continuous development should be facilitated by relevant CI pipeline and stages for code review, unit testing, code coverage, vulnerability scanning, pen testing and put CI gates to make sure only relevant code will go for QA.
Continuous integration of the code should be facilitated by automatically generating nightly builds and running automated regression suits to ensure anytime merge code is deployable.
Continuous deployment should be facilitated by deployment pipelines that can deploy various releases and feature releases one touch on various environments seamlessly with built-in approval process with different approvers per environment.
Most important base for application devsecops is the branching strategy of your code repo. Code repo should facilitate parallel development, testing and releases.
It should consist of three branches mainly –
Feature branches– For parallel development of features. Owned by Development
Continuous Integration branch – For continuous integration with ready to deploy code. Owned by QA.
Release branch – For releasing package to production. Owned by Release Manager
Production branch – For production release. Owned by SRE.
Presented below is a devsecops strategy for application development and deployment. Indicating various branches, roles and pipelines facilitating the development, validation, release and deployment of your software projects.
Generative AI to enhance Continuous Integration
With generative AI, CI pipelines can be extended by doing chat-gpt reviews for code other than manual reviews.