Harness and Traceable have entered into a definitive merger agreement, creating an advanced AI-native DevSecOps platform.
A lot of time, resources and energy has been invested over the past few years on de-siloing development and operations. And with good reason. DevOps is enabling organizations to more aggressively increase their digital agility, while at the same time reducing digital costs and risks.
But as 2017 approaches, the hottest trends in DevOps aren’t specifically about dev or ops. They’re about testing, security, and metrics.
1. Continuous testing becomes a top topic of interest in 2017
The rapid promotion of new code into production is a noble goal, but it can also be an express ticket to digital failure. DevOps success requires not just speed, but also quality—that means the rapid promotion of really, really good code. And the only way to ensure that your code is really, really good is to test it, continuously.
We all intuitively know the value of testing. But the accelerated pace of development that comes with successful DevOps practices place increased pressure on the testing function. Leaving testing as a single phase within the software development lifecycle (SDLC) is no longer sufficient.
As the business risk associated with less-than-perfect code increases, as customer expectations regarding digital experiences continue to escalate, and competitors also become more digitally adept, good-enough testing is ceasing to be good enough. Testing has to be more rigorous, and most importantly – it needs to be pervasive across the DevOps lifecycle. Testing can longer only be the domain of QA engineers. Developers need to have the ability to test code as it’s produced—what’s known as shift left testing. Testing has to be faster and more automated. And in addition to “shift left” testing, testing and test results also have to be made available to the operations.
Testing has become the main constraint when it comes to speed with quality at scale. So expect continuous testing to be a top topic of interest in 2017.
2. The unification of development, security and operations – DevSecOps
Another great way to undermine your digital business is to rapidly promote code that perfectly fulfills all of your functional requirements, that efficiently performs at scale … and that leaves you excessively vulnerable to cyber-malice.
So success requires not just speed, but also ensuring that quality, functional requirements AND security needs are met. This means another cultural shift must happen: making sure Security is engaged early with DevOps. Given the increasing intensity and sophistication of attackers — and how rapidly digital compromises turn into bad publicity and potentially irreparable brand damage — code cannot be good without being safe and deployed within a solid security architecture.
As microservices and SDKs evolve, it will be easier for developers to build in security from the start, without taking their focus off of a great user experience. But when it comes to testing and deploying the code, security validation should be viewed as a special case of testing as the requirements of security-related code testing are highly idiosyncratic and dynamic and will likely involve experts and constituencies (e.g. governance, risk and compliance teams) not normally part of the DevOps process.
3. 2017 will bring an increasing focus on metrics
It’s no surprise that until recently, very few IT organizations have paid attention to DevOps metrics. After all, for a number or organizations, it’s been tough enough just getting basic DevOps processes, tools, and culture in place. However, you can’t improve what you can’t measure. So as agile development and DevOps processes continue to expand, expect to see some real progress on both the adoption and the standardization of DevOps success metrics.
Now that there is a critical mass of successful DevOps implementations – as well as some organizations who are starting to evolve into Continuous Delivery — organizations will look to refine practices through iterative, metrics-driven management.
Metrics can help improve digital practices in several ways. Collective metrics can help discover process bottlenecks, optimize resource allocation, and better configure DevOps toolchains. Individual metrics can help pinpoint coaching needs and replicate the behaviors of top performers.
As success measurement becomes increasingly important for DevOps, we are likely to see the industry coalesce around a common set of metrics. While 2016 has seen the industry take steps in this direction — as evidenced by the formation of the DevOps Express consortium — expect to see some real progress on both the adoption and the standardization of DevOps success metrics.
So, yes, in 2017 we will still see focus to some degree on DevOps itself. But as DevOps increases in maturity, we’ll see organizations keep pushing the envelope with more rigorous test automation, more sophisticated pre-production security controls, and great management-by-objective discipline across the DevOps lifecycle.
Industry News
Endor Labs announced a partnership with GitHub that makes it easier than ever for application security teams and developers to accurately identify and remediate the most serious security vulnerabilities—all without leaving GitHub.
Are you using OpenTelemetry? Are you planning to use it? Click here to take the OpenTelemetry survey.
GitHub announced a wave of new features and enhancements to GitHub Copilot to streamline coding tasks based on an organization’s specific ways of working.
Mirantis launched k0rdent, an open-source Distributed Container Management Environment (DCME) that provides a single control point for cloud native applications – on-premises, on public clouds, at the edge – on any infrastructure, anywhere.
Hitachi Vantara announced a new co-engineered solution with Cisco designed for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes.
Onapsis announced Onapsis Control Central for SAP application security testing and custom code security supporting RISE with SAP transformations.
Progress announced its recognition in the 2025 Gartner Magic Quadrant for Digital Experience Platforms.
Copado announced comprehensive DevOps support for Salesforce Data Cloud deployments, enabling organizations to streamline the development and deployment of Agentforce solutions.
Appfire announced its acquisition of Flow, an enterprise software product for Software Engineering Intelligence (SEI), from Pluralsight.
Check Point® Software Technologies Ltd. announced new Infinity Platform capabilities to accelerate zero trust, strengthen threat prevention, reduce complexity, and simplify security operations.
WaveMaker announced the release of WaveMaker AutoCode, an AI-powered plugin for the Figma universe that produces pixel-perfect front-end components with lightning fast accuracy.
DoiT announced the acquisition of PerfectScale, an automated Kubernetes (K8s) optimization and governance platform.
Parasoft earned a top spot as a Leader and Fast Mover in the latest GigaOm Radar Report on API Functional Automated Testing.
Linux Foundation Europe and OpenSSF announced a global joint-initiative to help prepare maintainers, manufacturers, and open source stewards for the implementation of the EU Cyber Resilience Act (CRA) and future cybersecurity legislation targeting jurisdictions around the world.