dev ops finishes what agile started - manfred moser

#devopsdays

DevOps Finishes What Agile Started

Agile  

DevOps  

Plan Code Build Test Release Deploy Operate

VALUE  

#devopsdays

-

1,000

2,000

3,000

4,000

5,000

6,000

7,000

8,000

2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012

Req

uest

s in

Mill

ions

8 Billion Requests in 2012

#devopsdays

The Component Revolution

Applying Supply Chain Concepts to Software Development

#devopsdays

Business Risk

Security

Licensing

Quality Issues

Poorly Managed Components Puts Organizations At Risk

#devopsdays

Struts Widespread Compromise: CVE-2013-2251

Global  Bank  

So+ware  Provider  

So+ware  Provider’s  Customer  

State  University  

Three-­‐Le?er  Agency  

Large  Financial  Exchange  

Hundreds  of  Other  Sites  

#devopsdays

Complexity Diversity Volume Change

One component may rely on 00s of others

40,000 Projects 200MM Classes

400K Components

Typical Enterprise Consumes

000s of Components Monthly

Typical Component is Updated 4X

per Year

Organizations Can’t Keep Pace

#devopsdays

What’s this got to do with

DevOps?

Components are used to build applications. Agile Development is factored into how DevOps works. DevOps Success is dependent on supporting how applications are built today.

#devopsdays

DevOps Must Support Component-based Development!

Release Management is Key to DevOps Success

#devopsdays

#devopsdays

Flaws That Filter Through to Production Can Cripple You

Policies

#devopsdays

Automated Policies are Necessary to Keep Up

#devopsdays

Guide Developers With Component Intelligence in Their IDE

#devopsdays

Support the Build/CI/CD Process With Integrated Intelligence

#devopsdays

Shifting Activity Left Eliminates Downstream Impact

#devopsdays

Prevent Problems from the beginning to eliminates downstream effort. Identify Vulnerabilities early to speed development & decrease cost. Incorporate Security into the design process vs. security as an afterthought. Remediate Flaws vs. solely focusing on problem identification.

It’s More Than Shifting the Testing Effort

“Prevention is the Ultimate Form

of Shifting Left”

Curtis Yanko Architecture Manager – Application Development & Delivery Services

#devopsdays

CULTURE

Respect & Trust

Problem Solving Shared Information

#devopsdays

DevOps : A Natural Way to Assimilate Other Disciplines

QUALITY

DEV

OPS SECURITY

#devopsdays

Add “Sec” to DevOps

Overwhelmed? Consider these Questions

#devopsdays

Can we build an accurate inventory of our open source application components?

What applications are placing our business at risk?

If you want advice on how to get started, please talk to me during DevOpsDays, or contact me

anytime…

Manfred Moser

manfred@sonatype.com

@simpligility

Let Me Know if You Need Help!

#devopsdays