If your development projects are lagging or not completing their cycle, it's time to address and automate some of your development processes. So where should you start?
What drives the current DevSecOps market? Gitlab’s 2019 Global Developer Report cites the top ambitions as secure code, increased visibility, reduced cycle times, and continuous deployment. There is also a desire to 'shift left', said Dugson Consulting, CEO Dumisani Mukansi, which is to spot and fix software bugs early in the development process. But organisations aren't getting there:
"Many of our customers want to accelerate project delivery within their development operations. Every organisation wants such project acceleration, but they don't know where to start. They can see some of the symptoms and how it affects strategy, but the problem can seem unresponsive to fixes."
The signs of slow and incomplete DevSecOps project delivery include poor product quality, long release times, numerous defects, and constant knock-on changes to other systems. Their causes often relate to a central issue: a weak correlation between quality assurance and the DevSecOps operations.
"Teams know that QA is important. But when you have a lot to do and a deadline coming at you, QA can end up taking a backseat. Corners are cut around testing to get to the outcomes more quickly. But they'll just pay for those cuts later. Security problems and disharmony with business systems are typical errors that emerge when you neglect QA and testing."
Responses to the Global Developer Report reflect these concerns. Only a third of the respondents rated their companies' DevSecOps as good. Even though 69% of developers are expected to write secure code, 49% of security pros struggle to get developers to prioritise vulnerabilities. That's because developers don't have the time to do so.
Bugs in code are creeping in at the wrong places. Half of the respondents said that most bugs are only discovered after the code had been merged. In the world of continuous delivery into live business environments, this is a very worrying statistic.
Streamlining DevSecOps testing
Testing is a very consuming part of any significant development and can't be avoided. But parts of it can be automated. The idea of test automation is finding incredible relevance in DevSecOps operations.
Yet it's not delivering on expectations because the automation isn't applied correctly, Mukansi explained: "Testing automation is complicated. With that, I mean that if you automate certain processes, they will affect other processes. If you want the real value of testing automation, you can't expect to keep all your old ways of doing things."
The automation implementation partner must bring several services to the table:
● The capacity to study the business and its processes;
● The capability to develop and modify processes to complement the business;
● Strong project management consultancy skills and experience;
● Access to best practice and practical case studies; and
● The backing of a strong vendor and distribution partner network.
Companies must select a provider that can understand its software development lifecycle and processes. They can then apply the automation testing solutions at the appropriate places, work with stakeholders, develop new processes, and help lead change management, including training.
DevSecOps are potent contributors to the agility of companies that want to respond faster to customer requirements. But the pressure and complexity of testing are choking the processes.