DEVSECOPS: An Intro to DevOps


Before DevOps came into existence, Developers and IT/Ops professionals had separate objectives, separate department leadership, separate key performance indicators by which they were judged and often worked on separate floors or even separate buildings. In short two teams worked in completely isolated departments.

The community even though they were following Agile software development model, the software that came into the market had several issues like bad UI, botched releases. The released software’s had very less reliability.

This type of workflow made the customers and the community who were working day-night on these releases unhappy.

What is DevOps

DevOps is a set of practices that works to automate and integrate the processes between software development and IT teams, so they can build, test, and release software faster and more reliably.

Its initial goal was to develop a handshake between development and operations that mainly focused on a shift in mindset, better collaboration, and tighter integration.

Lifecycle of DevOps

DevOps consists of mainly Plan, Code, Build, Test, Release, Deploy, Operate and Monitor phases which are further divided into sub phases which complete the lifecycle of DevOps are the following:

  • Continuous Development
  • Continuous Testing
  • Continuous Integration
  • Continuous Deployment
  • Continuous Monitoring
Continuous Development
  • This phase involves ‘planning ‘and ‘coding ‘of the software.
  • The vision of the project is decided during the planning phase and the developers begin developing the code for the application.
  • The code can be written in any language, but it is maintained by using Version Control tools.
  • Maintaining the code is referred to as Source Code Management. The most popular tools used are Git, SVN, Mercurial, CVS, and JIRA.
  • Tools like Ant, Maven, Gradle can be used in this phase for building/ packaging the code into an executable file that can be forwarded to any of the next phases.

DevOps Lifecycle

Continuous Testing
  • The developed software is continuously tested for bugs.
  • Selenium, TestNG, JUnit, etc. tools allow QAs to test multiple code-bases thoroughly in parallel to ensure that there are no flaws in the functionality.
  • Suppose when we write a java code by using selenium to test the application, we can use ant or maven to build the code. This built code is used to test the application for User acceptance testing.
  • This whole process can be done using ‘Jenkins’
Continuous Integration
  • The developers are required to commit changes to the source code more frequently.
  • Every commit is then built to detect early problems if they are present.
  • Building code involves Compilation, Code Review, Unit Testing, Integration Testing, And Packaging.
  • Whenever there is a change in the Git repository, tools such as Jenkins are used to fetch the updated code and to prepare a build of that code which is an executable file in the form of a war or a jar.
  • This build is then forwarded to the test server or the production server
Continuous Deployment

In this phase, the code is deployed to the production servers.

This phase involves 2 sub sections:

  • Configuration management
  • Using Containerization tools

Configuration Management

  • This is to done to establish and maintain consistency in an application’s functional requirements and performance.
  • Firstly, the deployments are released to the prod servers, then updates are scheduled for all the servers and ensuring that the configurations consistent across all the servers.

Using Containerization tools

  • Docker and Vagrant are the popular tools used in this phase.
  • These tools are used to produce consistency across development, testing, staging and Production environments.
  • These tools are also used to scaling instances.

Continuous Monitoring

  • Vital information about the use of the software is recorded. This processed information helps to recognize the proper functionality of the application
  • The root cause of any issue is determined which helps to maintain the security and availability of the services.
  • Operations team need to monitor the user activity for bugs or any improper behaviour of the system.
  • This phase helps to improve productivity and increase the reliability of the systems

DevOps is a continuous process whose main goals are to deliver reliable and scalable software’s and applications. But the security measures were never taken into account when these software’s came into market.

Due to this, DevSecOps process was developed by security researchers whose goal is to develop software’s having security in mind by training the developers to follow the latest security standards such as OWASP Secure Coding practices and implementing SAST tools.