How to Harness the Power of Inner Source to Create Better Delivery Pipelines
June 22, 2023

Glenn Turner Jr. and Andy Smith

To keep up with modern banking and credit card demands, software delivery teams need to release software in a continuous, reliable fashion. As Discover began adopting an open, hybrid, fit-for-purpose, multicloud approach, we also faced a new challenge: How could we enable teams to release necessary software updates and features while maintaining a secure, reliable infrastructure that customers can trust?

We used the power of open-source principles within our internal community of developers to create a company-wide CI/CD pipeline that enables teams to deliver high quality software iteratively in a reliable, secure manner.

Securing Deployments Across an Enterprise

As we set out toward modernizing our platforms, teams naturally used containerization and the underlying open-source tools that enabled containerization at scale, including React, SpringBoot, Jenkins and Kubernetes. Application teams quickly began working on their own build and deployment processes, resulting in hundreds of solutions for the same problem.

With reliability and security at the forefront of how Discover delivers software, there was a growing need to standardize the way that software was built and deployed.

The architecture team initially created a grassroots CI/CD pipeline known as Trident and planned to improve it with help from the community of engineers at Discover. Even though the pipeline had the right bones and structure in place, it lacked the broad engineering support for company-wide adoption. The Trident team established an inner source model to not only improve the pipeline but also to increase adoption by the engineers who now felt invested in its success.

Standardization Through Inner Source

Collaboration through an inner source model was the key to improving the Trident pipeline at Discover and increasing adoption.

The key onboarding mechanism for educating the company’s engineers was through an online community called the Discover Technology Academy. Here, the core Trident team was able to communicate via a centralized hub for training, documentation, and answering engineer’s ongoing questions around how to use and improve Trident.

The core Trident team is comprised of developers and engineers whose job is to build and maintain the Trident pipeline. All Trident contributors, whether from the Core team or from the inner source community, work from respective feature branches which are created off the currently staged version of the pipeline. Once features are tested, approved, and completed, that feature branch is then merged to the staging branch, where the inner-source teams are configured to use for their own deployment activities.

Weekly, features staged at a given point are merged into the main pipeline branch, releasing new functionalities to the development community.

There are also weekly meetings where the core Trident team and the inner source community meet to discuss current and future implementations and the overall direction of the pipeline. This meeting ensures that the Trident team and the application development community of contributors are aligned.

This inner source model borrows heavily from open-source principles to ensure that as various teams make changes and improvements to the code base, there are mechanisms in place to contribute those changes back to the overall project and community, improving the product for everyone at Discover.

A Refreshed Pipeline Ready for Modern Workloads

With Trident, teams can use automated onboarding processes, configure their applications using our well-documented GitOps approach to CI/CD, and take advantage of standardized processes for building, deploying, and releasing software. The core principles of Trident include:

Consistency and standardization

Trident offers separate pipelines for build, code promotions, and releases that are templatized within release environments to ensure consistency. Teams can simply use these templates and adapt them within the parameters to meet their deployment needs. All subsystems in the CI/CD ecosystem adhere to standardized roles and responsibilities so there is consistency across teams and solutions.

Developer choice and simplicity

Consumable pipelines enable teams to use the test suites and scripts that fit their continuous delivery needs. The Trident solution is agnostic – teams can choose the programming language, platform, and development stacks that suit their needs best.

All changes are submitted via pull requests, with orchestrator and deployment complexity abstracted away to create a simple developer experience.

Quality, governance, and compliance assurance

Built-in traceability, logging, and API-driven interactions create evidence across the various stages of the CD pipeline. If any issues arise, they can be easily addressed and fixed. With Trident, the CD pipeline is stopped to address quality issues instead of finding issues and addressing them later.

Trident uses various quality gates to enforce standards and controls relating to quality, governance, and compliance. This quality gate ensures changes are eligible for automated deployment based on an automated review of gathered evidence, and after ensuring the release pipeline is repeatable and low risk.

The question of how to deliver software in a continuous, secure, reliable nature is one that most large companies have top of mind. By adopting an open-source approach to CI/CD, Discover was able to onboard all its developers and engineers to a model that secures deployments and ensures the ongoing success of the Trident pipeline. Not only does using inner source make a program stronger, it gives engineers a stake in the software and the power to apply their knowledge to help the entire company

Visit the Discover Technology site to learn more about how Discover engineers are shaping the future of fintech through its people, processes, and technology.

Glenn Turner Jr. is a Principal Product Owner and Andy Smith is a Distinguished Engineer at Discover
Share this

Industry News

December 06, 2023

ngrok unveiled its JavaScript and Python SDKs, enabling developers to programmatically serve their applications and manage traffic by embedding ingress with a single line of code.

December 06, 2023

Data Theorem introduced API Attack Path Visualization capabilities for the protection of APIs and the software supply chain.

December 05, 2023

Security Journey announced support for WCAG, SCIM and continued compliance with SOC2 Type 2, which are leading industry standards.

December 05, 2023

Vercel announced a new suite of features for its Developer Experience (DX) Platform, made for enterprise teams with large codebases.

December 04, 2023

Atlassian Corporation has completed the acquisition of Loom, a video messaging platform that helps users communicate through instantly shareable videos.

December 04, 2023

Orca Security announced that the Orca Cloud Security Platform has achieved the Amazon Web Services (AWS) Built-in Competency.

November 30, 2023

Parasoft, a global leader in automated software testing solutions, today announced complete support for MISRA C++ 2023 with the upcoming release of Parasoft C/C++test 2023.2.

November 30, 2023 achieved the Amazon Elastic Kubernetes Service (Amazon EKS) Ready designation from Amazon Web Services (AWS).

November 29, 2023

CircleCI implemented a gen2 GPU resource class, leveraging Amazon Elastic Compute Cloud (Amazon EC2) G5 instances, offering the latest generation of NVIDIA GPUs and new images tailored for artificial intelligence/machine learning (AI/ML) workflows.

November 29, 2023

XM Cyber announced new capabilities that provide complete and continuous visibility into risks and vulnerabilities in Kubernetes environments.

November 29, 2023

PerfectScale has achieved the Amazon Elastic Kubernetes Service (Amazon EKS) Ready designation from Amazon Web Services (AWS).

November 28, 2023

BMC announced two new product innovations, BMC AMI DevX Code Insights and BMC AMI zAdviser Enterprise.

November 28, 2023

Rafay Systems announced the availability of the Rafay Cloud Automation Platform — the evolution of its Kubernetes Operations Platform — to enable platform teams to deliver automation and self-service capabilities to developers, data scientists and other cloud users.

November 28, 2023

Bitrise is integrating with Amazon Web Services (AWS) to provide compliance-conscious companies with greater access to CI/CD capabilities for mobile app development.

November 28, 2023

Armory announced a new unified declarative deployment capability for AWS Lambda.