ShiftLeft released a new version of NextGen Static Analysis (NG SAST), including new workflows, purpose-built for developers that significantly improve security, while enhancing productivity.
2018 was an exciting year for those of us who believe DevOps is the way for technology teams to move forward. Last year we saw organizations make significant movements from discussing and experimenting with DevOps to making structural and process changes so teams can begin adopting and using DevOps daily. The industry is still in the early adopter phase, but the progress of usage seems to be accelerating.
At the same time, containers and Kubernetes have become the most talked about way for services and applications to be deployed and managed. Already loved by development teams, there are an increasing number of businesses using Kubernetes and containers in production.
There's a strong benefit to having DevOps and containers grow simultaneously because they have a symbiotic relationship. Containers have several qualities that make them well suited to DevOps-oriented teams:
■ Configuration-as-code provides transparency
■ Container immutability provides confidence
■ Production-in-development provides safety
Capturing the configuration of the container environment that makes up a service or application as code and storing it in the project's source code repository is a very tangible way to bring development-focused and operations-focused individuals together.
Containers make it easy to capture this configuration, whether it be in a Kubernetes deployment YAML, a compose file, or some other mix of file types. Regardless of the details, exposing production and development configuration (if they're different — they don't have to be...) enables everyone in the team to view the running configuration and the ability to see changes to that configuration over time. Although this kind of transparency doesn't guarantee there won't be faults, it enables more issues to be found in advance, and those that aren't, to be fixed more quickly.
When used as intended, containers are immutable and stateless. This means that if two containers with the same recipe are deployed to different (but identically set-up) clusters, they will work the same way. Similarly, if a container needs to be scaled horizontally all instances will work identically. This enables teams to work faster and with greater confidence as deploying multiple copies becomes a trivial task that needs only the simplest change process.
Importantly this also makes service upgrades easier and less risky. In the past, application upgrades were executed on a stateful instance of the application. This meant that a typical sequential update might result in subtly different application state than an update in which certain versions were skipped.
Upgrade Sequence A: 4.2 → 4.3 → 4.4 → 4.5 → 4.6
Upgrade Sequence B: 4.2 → 4.3 → 4.5 → 4.6
In the example, both upgrade sequences start at 4.2 and end at 4.6, but it's possible that the 4.3 → 4.4 upgrade done in Sequence A introduced a small state change that isn't there in Sequence B. Now imagine you tested only Sequence A but someone (working under pressure) used Sequence B because it got production to 4.6 faster. I've seen applications fail for just this reason.
With containers, each version is discrete. It's not “built-up” through a sequence of changes. You don't upgrade a container, you destroy it and replace it with a new one. So as long as 4.6 had passed testing, you could replace any previous version with 4.6 without concern.
This simplifies upgrades, provides production teams with more options on when to upgrade, and reduces the number of problems that can result. For teams working with a DevOps methodology that means that they are free to release more often and upgrade more aggressively as they don't need the same exhaustive (and exhausting) upgrade sequence testing they once did.
Production in development is about using technology to bring the production configuration into development. It's an area that few organizations have started really taking advantage of, however, container platforms like Kubernetes make it possible to configure development clusters that operate identically to production, bringing teams closer to the customer experience and making the responsibility for production more ingrained in the whole team.
Today, some teams are having their continuous integration (CI) tests executed in an environment that is identical to production, finding subtle configuration issues earlier and getting them fixed faster.
However, as service mesh technologies mature, expect to see more situations where application teams are able to funnel a part of the production traffic into properly instrumented containers. This will enable teams to diagnose issues earlier, optimize their customers' journeys through the application, and test innovations more aggressively.
At this point, teams could be doing a portion of their development in production — a situation that would essentially demand a DevOps discipline in the team in order to be successful.
Containers and DevOps are both growing rapidly in organizations and their successes will continue to reinforce each others' growth. In the coming year, I believe we'll see another major shift as serverless functions become more widely used and integrated with container-based applications. This, again, will likely prompt organizations who haven't yet begun to adopt DevOps principles to consider them as the barrier to production-entry for code is lowered once again.