September 30th, 2021
Focusing Beyond CI/CD
Over the years, DevOps teams largely adopt continuous integration (CI) and continuous delivery (CD) pipelines because they can deliver code changes reliably and frequently. The focus is totally on code quality and security.
Advantages of CI/CD Pipelines
Adopting CI/CD pipelines to your development environment means that as a business, you can deliver your software products to the market faster. McKinsey alludes that, with CI/CD, businesses can move from just an idea to live production in 15 days instead of the traditional average of 89 days. That works.
Additional benefits to the CI/CD pipeline are flexibility and responsiveness. Specifically, CI/CD allows for daily software releases, which would not have been possible with traditional manual development. Besides, you can undertake critical fixes using the tool, thus reducing the risk of systemic application failure.
Overall, CI/CD allows development teams to stay productive because it eliminates unnecessary wait time and reworks. Adoption of CI/CD delivers greater automation of routine processes, allowing developers to focus on other tasks that contribute to the overall code quality and security.
Pitfalls of Focusing On Just CI/CD
While CI/CD is helpful, it has critical pitfalls that require businesses and developers to consider the bigger picture.
One of the main goals of utilizing CI/CD practices is to improve overall speed of development, but sometimes the improvements are much lower than expected. Many organizations go about making changes without first benchmarking their existing performance, which can leave them questioning any impact from improvement efforts.
Customers want to work with innovative firms that offer significant improvements through new functionality, but not by sacrificing quality. If end users become the major source of finding bugs, or experience frequent system outages – the value from innovations is nil.
Security scans and policy tasks are important to prevent vulnerabilities and document for audits, but many times are “outside” the process. Security scans may be performed separately by InfoSec, or sidestepped by development in order to push a critical release quickly. Then, policy tasks may remain manual, keeping the process moving at a slow pace.
In response to the challenges that come with finding suitable alternatives to CI/CD, DevOps teams will often use creative or skilled developers to manage toolchains in attempts to automate these areas. These teams end up spending some time gathering requirements, but then the bulk of their effort is a continuous maintenance loop to keep the existing fragile toolchains working. For many, the guiding thought is often that the new platform would be built and evolve into something better, which in hindsight is counterintuitive because it would mean that the businesses focus their money on the developers instead of the clients. That’s backwards.
Focusing on the Software Development Life Cycle (SDLC)
The SDLC or Software Development Life Cycle is the end-to-end process that produces high quality, low-cost software quicker by focusing efforts on the entire process. That way, you can constantly improve your process quality and speed of development with high-quality, innovative solutions.
The entire SDLC process is divided into the following seven SDLC steps:
Requirement Collection and Analysis
As the first step of the SDLC process, it’s conducted by the senior dev team members with inputs from the different stakeholders, including the customer. This stage provides a clearer picture of the project, including the scope, and when it’s done right, shows the necessary timelines for the entire project.
After requirement analysis, the next SDLC step is defining and documenting what the software will likely need. This feasibility study points out what needs to be designed and developed throughout the entire project life cycle. The dev team will be checking whether the project is economically feasible. Next, this examination looks into whether the team can handle regulatory frameworks and compliance. Finally, it checks whether the current computer system can support the software and the schedule for the entire project. All good so far?
The software design documents are prepared at this step, where complete architecture diagrams are presented. It should include a brief description of each of the modules and outlines for each functionality.
Once the design phase is over, developers start writing the code with the chosen programming language. This is, in fact, the most prolonged phase of the SDLC process.
Once the build is over, it is deployed into the testing environment. Here, the QA will be looking to verify if the entire product works. There will be a lot of testing and re-testing at this point to ensure that any bugs are addressed.
Once testing is done and no bugs are left within the system, deployment is commenced. Deployment also takes into account any feedback from the project manager.
Bug fixing, upgrading, and enhancement are critical to successful development. As such, this completes the last step within the SDLC process.
Enterprise needs for improving the SDLC
There are several functional capabilities that a firm needs when considering the entire SDLC, which includes CI/CD, and much more. A variety of tools help with the different SDLC steps previously outlined, and additional areas well. Using technology to optimize these individual steps and the end-to-end process should be the next goal.
Few understand the entire process and the different tools used across different SDLC steps, so helping these skilled individuals is important. And really, developers shouldn’t be burdened with complex and/or routine administrative tasks. There are several areas that provide a good starting point for SDLC improvements:
Many would consider the CI/CD tools to be the heart of the overall SDLC, and it’s easy to understand why. Getting this part of the process right is critical, because it automates the iterative feedback loop developers so need.
Integrate tools across the process
Everything, from the planning stage through to deployments and monitoring, needs to be considered because the variety of tools used across the process all provide high value. The goal of optimizing your end-to-end process while also integrating these tools makes this step challenging. Any degree of tool standardization would be a great first step.
Incorporate security and policy
Any software that is developed in-house and runs on production systems must meet the standards on security. In addition, routine manual policy tasks that can be automated should be addressed. By automating these areas, the SDLC can become overall more secure and reduce time spent by developers on non-value add activities.
Areas to consider include user access, secrets management, segregation of duties, ensuring open-source tools are kept up to date (which also prevents vulnerabilities), and more. Managing these different areas across multiple teams can become a challenge, but if they can become standardized and automated the overall process will be much more scalable.
Make data available and useable
Bringing all the data from across the different steps and tools is a must. You can’t improve what you don’t measure, and the first step is getting the data. With the data residing in so many locations, this can be a challenge but it needs to be done. Then equally important is making the data actionable by delivering it in an easy and relevant format to all individuals who need it, which is no small task as well.
Make it easy
“Everything should be made as simple as possible, but no simpler.” Wise words from Albert Einstein, and they relate to software development as well. Developers need to focus on the product they are creating and the needs of clients. Skilled DevOps engineers shouldn’t be burdened with constant maintenance of toolchains and new requirements. All other stakeholders need their own requirements met, plus need access to the data and metrics for their jobs.
Automate a Three-Month Process into 30 Minutes
CI/CD has evolved to become a modern standard for software delivery. While CI/CD pipelines offer faster market delivery times, flexibility and responsiveness, and increased productivity, focusing on just CI/CD can be detrimental.
The Software Development Life Cycles (SDLC) provides a framework for a standard set of activities and deliverables, including tasks around CI/CD. Focusing on the end-to-end process to optimize and automate wherever possible expands the opportunity for improvement. Undertaking this effort may not be easy, but the payoff of improved competitiveness by meeting customer needs makes it worthwhile.
Check us out: Guide Rails is a Value Stream Delivery Platform, built for the end-to-end Software Delivery Lifecycle. Critical capabilities that all software development teams need to reach DevOps maturity come as standard functionality. Instead of building and maintaining toolchains that re-create these capabilities, developers and engineers can set up Guide Rails quickly and focus on activities that provide higher value.