DevSecOps services are just one way that partnerships with Calavista can create long-term success for our clients.
DevSecOps is not a single technology or practice that you can simply “adopt” or “do.” Rather, it is a culture, a set of principles that affects the development process of the whole company and team. Nonetheless, we can help integrate these principles into practice by writing infrastructure as code, outlining collaborative work environments, automating code deployment, automating security checks, providing insightful metrics, and more. Ultimately, this helps us and our customers complete projects faster and better, while providing them with new best practices to move forward with after the project is over.
At the beginning of each partnership, a Solutions Director and Senior Architect from Calavista identify and onboard a custom development team to support the needs of the project. The team and resources provided by Calavista became part of Encino Energy’s team, providing them access to talented developers when resources were otherwise difficult to find across the industry. Once the teams were integrated, we started discussions about the UX/UI goals of their new EOS to get to the root of the true needs of the end users. This custom-tailored UI allowed other departments to easily fill in manual data, when necessary, while the automated workflow could handle the rest. These discussions were part of a detailed requirement gathering process led by Calavista’s industry veterans, who know what it takes to run a project successfully, including setting a strong foundation for expectations of the project.
VP of Engineering at Remedy
Not only does automation speed things up by automatically pushing things through, but it prevents bugs from entering the code in the first place by running tests before code is merged with the main codebase. This can also be done through automated dynamic environments. For another client, Remedy, we used AWS Fargate for serverless container implementation in both development and production environments. The dynamic environment allowed for new environments to be spawned on each code check-in, meaning multiple environments could run simultaneously, switching rapidly from one to another if a bug appeared or one went down. The system could automatically switch between servers, since automation allowed for minimum manual oversight or management. This allowed the developers to focus on the important thing, developing, rather than being distracted by environment maintenance or fixing bugs.
Automation can also be used to deliver more secure code – testing for security vulnerabilities with every build. Including vulnerability scanning in our build process and as a regular periodic routine allows us to identify security issues automatically and continuously as the code is written, and on an ongoing basis for production systems. This means new security issues can be identified soon after they are introduced in both the code that is under development and the code that is running in production.
For another client, we incorporated Brakeman into our build process as a Static Analysis Security Tool (SAST) to scan for vulnerabilities with each build – as code is updated and checked into the code repository it is automatically scanned and issues identified. This same customer has also incorporated Intruder.io as a monthly vulnerability scan on their production systems. Any time a new security issue is identified, they receive a report from their SAST for their production platform.
Metrics are a critical element of DevSecOps allowing you to not only understand app performance, but overall development efficiency. We can help our clients identify which metrics would be meaningful to their processes and build a dashboard that visualizes progress in a user-friendly manner.
Our client Encino Energy wanted to create a brand-new piece of software that they would eventually manage in-house. As part of this process, we created a metrics dashboard that could provide alerts through Slack about important development milestones. This not only helped in our production of the new platform but provided them with a framework with which to efficiently manage it and their future development projects.
- Deployment Frequency
- Change Volume
- Deployment Time
- Failed Deployment Rate
- Change Failure Rate
- Time to Detection
- Mean Time to Recovery
- Lead Time
- Defect Escape Rate
- Defect Volume
- Code Coverage
DevSecOps, along with our outstanding management and deep bench of talented partners helps us maintain our 95% on-time and on-budget delivery rate.
The true goal of DevSecOps is to keep developers developing, streamlining the process as much as possible and removing headaches. It is part of everything we do, because we believe strong DevSecOps processes generally underpin software engineering best practices. There simply is no better way to effectively produce high-quality software. It is a large part of how we are able to maintain our 95% On-Time On-Budget delivery rate, along with our outstanding management and deep bench of talented partners. We like to bring these practices to our clients when we can, evangelizing an efficient development process.
When we bring DevSecOps methodologies and practices to our clients, we help them save time and money and leave them with better development operations on top of the product that we built together. If you would like to learn more about how Calavista can help streamline your development or about other projects that we can tackle, email firstname.lastname@example.org or check out our other blogs and case studies.
Want a PDF of the “Doing DevSecOps” Case Study? Fill out the form below and an email with your download will be sent to the email address provided.