The proven techniques of Agile planning and DevSecOps delivery have demonstrated robust, reliable, and scalable solutions to accelerate application delivery. New tools enable automated integration, and testing, manage digital assets, scan for vulnerabilities, and repeatedly deploy and configure applications. These tools have given development teams the ability to build, test, and deliver a working application faster.
While DIY-integrated toolchains help accelerate application delivery, they also introduce new costs and overhead in the form of complexity, islands of data, inconsistent security settings, reporting challenges, and compliance issues. Each new tool adds a new integration and complicates the entire application delivery team’s work, from project managers, developers, testers, operations, and security teams—visibility and governance become limited with this approach.
This is a complex, fragile, expensive Frankenstein toolchain, where development teams are forced to waste cycle time tinkering on the assembly line tools rather than delivering value. What development teams need is a clean and modern software factory with a fully functional assembly line that is efficient, easy to manage, and able to quickly build, test, and deliver their application without the waste and overhead of managing dozens of disparate tools and bespoke integrations.
The Software Factory
Automate And Streamline Software Delivery
Issues and planning
Delivery teams must be able to capture, discuss, prioritize, and define new requirements and use cases. New issues serve as the use cases and requirements from end users about the specific capabilities they need.
Code reviews and approvals
Automated testing and consistent approval methods are essential in ensuring that new code changes address user needs and do not introduce logic errors, defects, or security vulnerabilities. Typically, approvals for code changes must be clearly documented and tracked to demonstrate compliance. This critical oversight and review process should be a core capability in the software factory to ensure quality, accountability,
Distributed source code management
Designing and developing applications is an intensive activity that requires managing branches in the source code, tracking frequent changes of multiple files, securing those changes from vulnerabilities, and merging and integrating changes together into the code repository. A distributed source code management enables coordination, sharing, and collaboration across the entire software development team.
Repository to manage binary assets
The output of the CI pipeline is the binary code and libraries which comprise the application. These assets must be managed and tracked throughout the testing, validation, and deployment of an application.
Dynamic Test environments / infrastructure
In order to streamline development work, the software factory should support dynamic test environments (ephemeral) that can be deployed on demand to support the testing needs of individual developers and teams. Traditionally, new code changes queue up to wait for limited testing environments and resources. The factory should take advantage of containerization and cloud technology to reduce and eliminate delays that occur while waiting for test environments.
Continuous delivery (CD)
The CD pipeline is a natural extension of the CI pipeline and simplifies the deployment of cloud-native applications, like those that use Kubernetes environments. It can simplify the use of multi-cloud environments.
Continuous integration for every commit
The backbone of the software factory is the continuous integration (CI) pipeline which automates development tasks to be completed for every code change. The CI pipeline ensures the right sequence of automated tests, scans, and compliance checks is completed.
a. Software quality testing
The CI pipeline manages automated testing for every commit, ranging from unit, API, functional, and non-functional tests. The goal is to accelerate testing and help ensure new code changes do not introduce new defects or issues.
b. Security testing
Application security scans should be consistently incorporated into the CI pipeline to provide immediate feedback about any software changes that introduce new vulnerabilities or security flaws. Security feedback at the point when the code is changed provides clear, actionable insight for the developer to address flaws that they have just created. This speeds up velocity by avoiding later rework.
Feedback from the application in production is an essential part of the modern software factory. Rapid and actionable insight from application monitoring empowers product developers to detect issues, take action, and continuously improve the application.
A modern software factory enables collaboration, visibility, and governance needed to address the challenges of rapidly building and delivering applications.
Deploying software from the factory needs to allow teams to minimize risk by supporting incremental deployments. Techniques such as canary deployments or feature flags give software development teams the flexibility to ship code quickly while actively managing and mitigating risks.
GitLab has a unique value for DevOps teams who need simplicity, visibility, and control:
- A single, common user experience for the entire software factory
- A common security and access model
- Single source of truth for reporting and managing the development work
- Simplified compliance and auditing
- A single conversation where everyone — from contracting and management to end-users and developers — participates and contributes.
- A unified governance and compliance model