ShiftLeft released a new version of NextGen Static Analysis (NG SAST), including new workflows, purpose-built for developers that significantly improve security, while enhancing productivity.
Start with The DevOps Drumbeat - Part 1
Introducing the DevOps Drumbeat
The move to DevOps also introduces additional constraints to our burgeoning Iron Polygon, as individual projects become less distinct. In an environment focused on continuous automated testing as well as continuous integration and deployment, individual iterations become the project unit as organizations establish regular cadences of repeated iterations instead of the discrete, monolithic project releases that characterize traditional waterfall-oriented development.
Rethinking the Iron Triangle in terms of DevOps cadences instead of software projects changes everything, as it brings the entire discussion up a level, as shown in the diagram below. In fact, each neighboring pair of constraints on the AA Quality Star leads to a new constraint.
Applying the DevOps Context to the AA Quality Star
Scope and agility connect to drive inherent flexibility. Agility and quality lead to resilience. Quality and cost factor into continuous testing. Cost and time drive continuous integration and deployment. And finally, time and scope connect to form the fifth new constraint, technical debt – not the bad kind where time constraints lead to sloppy code, but the good kind where the team intentionally introduces shortcuts or missing functionality into the current iteration as part of the overall cadence.
Essentially, DevOps doesn't allow us to formally discard the Iron Triangle, but it does let us do an end run around it. Remember, the Iron Triangle says that for a particular project, scope, cost, and time must balance. In contrast, the DevOps way of thinking says don't think about particular projects any more. Instead, think about the cadence. If we can shift elements of scope, cost, and time forward or backward in our cadence – a concept that doesn't make sense in Iron Triangle terms – we can build better, more flexible software overall.
Let us therefore put away the Iron Triangle as well as the AA Quality Star, and introduce the DevOps Drumbeat, shown in the figure below.
The DevOps Drumbeat
Every cadence consists of drumbeats that set the overall pace of the effort within the context of the constraints in the diagram above. For each drumbeat – possibly an individual sprint or other iteration, or perhaps a finer-grained measure – the DevOps team must balance the five constraints.
The Intellyx Take: Connecting the Drumbeat to Agile Architecture
This article may be introducing the phrase DevOps Drumbeat, but obviously many of the ideas included in the figure above aren't new. What is new is calling out the five DevOps constraints as such and putting them in a set that is analogous to the Iron Triangle. We're also taking the novel step of representing the drumbeat as a circle, rather than a polygon. After all, DevOps should have no corners!
Furthermore, as DevOps practices mature, teams are likely to want to maintain resilience, continuous testing, and continuous integration and delivery. As a result, for each drumbeat, the tradeoff will be between inherent flexibility and good technical debt.
This tradeoff is at the heart of Agile software architecture, as the Agile architect (or team members contributing to the Agile architecture role) must decide how much technical debt to take on in order to build inherent flexibility into their software.
Jason Bloomberg is President of Intellyx.