Changes

109 bytes added ,  01:56, 3 June 2023
no edit summary
Line 3: Line 3:  
'''What is DevSecOps''' (ref https://www.devsecops.org/ ) DevOps is an approach to software development that enables teams to build, test, and release software faster. In a DevOps environment, developers and operations teams work side by side throughout the entire process of developing, deploying, and managing applications. Build small, fix fast, fail fast and learn well continuously.  
 
'''What is DevSecOps''' (ref https://www.devsecops.org/ ) DevOps is an approach to software development that enables teams to build, test, and release software faster. In a DevOps environment, developers and operations teams work side by side throughout the entire process of developing, deploying, and managing applications. Build small, fix fast, fail fast and learn well continuously.  
 
DevSecOps stands for development, security, and operations. It's an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle.  
 
DevSecOps stands for development, security, and operations. It's an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle.  
[[File:Agile cycle.png|thumb]]
+
[[File:Agile cycle.png|thumb|Agile-Devopscycle]]
    
'''DevSecOps CI/CD''' (ref https://public.cyber.mil/devsecops/) CI/CD is a DevOps tactic, which makes use of the right automated testing tools to implement agile development. Continuous Integration is an engineering practice in which members of a development team integrate their code at a very high frequency, detection of errors in code in the early stages. Continuous Delivery is the practice of ensuring that code is always in a deployable state. All code changes – new features, bug fixes, experiments, configuration changes – are always ready for deployment to a production environment with the right CI/CD tools in place.  Scale accordingly (to the size, complexity, and criticality of your project/product development cycle) The right fit automating as much as possible.  See software factory.  
 
'''DevSecOps CI/CD''' (ref https://public.cyber.mil/devsecops/) CI/CD is a DevOps tactic, which makes use of the right automated testing tools to implement agile development. Continuous Integration is an engineering practice in which members of a development team integrate their code at a very high frequency, detection of errors in code in the early stages. Continuous Delivery is the practice of ensuring that code is always in a deployable state. All code changes – new features, bug fixes, experiments, configuration changes – are always ready for deployment to a production environment with the right CI/CD tools in place.  Scale accordingly (to the size, complexity, and criticality of your project/product development cycle) The right fit automating as much as possible.  See software factory.  
 
[[File:Devsecops.png|thumb|devsecops]]
 
[[File:Devsecops.png|thumb|devsecops]]
[[File:CICD1.png|thumb]]
+
[[File:CICD1.png|thumb|CICDpipeline]]
    
DORA https://www.devops-research.com/research.html  are we there yet? where are we now and what are we aiming for? thus, '''Agile maturity models are important'''.  Minimize chasing chaos, fighting fires, with massive silos (knowledge sharing/growth limited), and a heroes welcome  https://www.performancemagazine.org/five-levels-of-organizational-maturity-performance-management-perspective  https://kulkarniprasadp.medium.com/advancing-the-agile-maturity-assessment-model-fed2e8d9cb63  https://info.thoughtworks.com/rs/thoughtworks2/images/agile_maturity_model.pdf   
 
DORA https://www.devops-research.com/research.html  are we there yet? where are we now and what are we aiming for? thus, '''Agile maturity models are important'''.  Minimize chasing chaos, fighting fires, with massive silos (knowledge sharing/growth limited), and a heroes welcome  https://www.performancemagazine.org/five-levels-of-organizational-maturity-performance-management-perspective  https://kulkarniprasadp.medium.com/advancing-the-agile-maturity-assessment-model-fed2e8d9cb63  https://info.thoughtworks.com/rs/thoughtworks2/images/agile_maturity_model.pdf   
[[File:Agile maturity model.png|thumb]]
+
[[File:Agile maturity model.png|thumb|AgileMaturityModel]]
 
How do you know where to go if you don't even know where you are now... need a sense of direction and strategy/map.  Thus, a maturity model helps one aim towards some goal.
 
How do you know where to go if you don't even know where you are now... need a sense of direction and strategy/map.  Thus, a maturity model helps one aim towards some goal.
[[File:Agile mat2.png|thumb]]
+
[[File:Agile mat2.png|thumb|AgileMaturityModel]]
    
And, lets talk about '''requirements'''.  Everyone thinks that - we're Agile! we don't need requirements cause the client/SME/stakeholder is right beside us every step of the way.  But, we all know in reality getting the time/resources at the time you need key SMEs/stakeholders can be a challenge. (ref https://www.modernanalyst.com/Resources/Articles/tabid/115/ID/5832/A-Business-Analysts-Experience-With-Scrum.aspx )
 
And, lets talk about '''requirements'''.  Everyone thinks that - we're Agile! we don't need requirements cause the client/SME/stakeholder is right beside us every step of the way.  But, we all know in reality getting the time/resources at the time you need key SMEs/stakeholders can be a challenge. (ref https://www.modernanalyst.com/Resources/Articles/tabid/115/ID/5832/A-Business-Analysts-Experience-With-Scrum.aspx )
Line 18: Line 18:  
I have been on many many projects.  Sure some don't require elaborate requirements depending upon the size, complexity, criticality, scope, costs, resources, experience/wisdom/knowledge etc...  but many do - at least a baseline of SMART requirements which evolve. The best projects I have been on have been iterative, incremental and integrated in approach involving key SMEs/stakeholders producing prototypes and proof of concepts with a SMART baseline of requirements which evolve with time to manage scope, costs, resources, schedule, quality, risks...  
 
I have been on many many projects.  Sure some don't require elaborate requirements depending upon the size, complexity, criticality, scope, costs, resources, experience/wisdom/knowledge etc...  but many do - at least a baseline of SMART requirements which evolve. The best projects I have been on have been iterative, incremental and integrated in approach involving key SMEs/stakeholders producing prototypes and proof of concepts with a SMART baseline of requirements which evolve with time to manage scope, costs, resources, schedule, quality, risks...  
 
Without requirements where will you start?  Requirements allow you to prioritize, categorize, trace, realize, measure/monitor/correct accordingly and continuously and risk assess.  I've been on projects where scope was all over the place, so were costs and resources were heading in every direction.  Requirements were no place to be found and the project. A baseline of requirements which evolve provides direction.   
 
Without requirements where will you start?  Requirements allow you to prioritize, categorize, trace, realize, measure/monitor/correct accordingly and continuously and risk assess.  I've been on projects where scope was all over the place, so were costs and resources were heading in every direction.  Requirements were no place to be found and the project. A baseline of requirements which evolve provides direction.   
[[File:Technology overview.png|thumb]]
+
[[File:Technology overview.png|thumb|Needs_analysis]]
 
Then comes the '''organization's culture, people, process, governance and tools''' https://www.compact.nl/en/articles/continuously-improve-your-agility/ which is important.  Are we meeting the client's needs and organizational mandates/objectives/vision/goals?
 
Then comes the '''organization's culture, people, process, governance and tools''' https://www.compact.nl/en/articles/continuously-improve-your-agility/ which is important.  Are we meeting the client's needs and organizational mandates/objectives/vision/goals?
[[File:Devsecops culture.png|thumb]]
+
[[File:Devsecops culture.png|thumb|Organization_culture_fit]]
    
{| class="wikitable"
 
{| class="wikitable"
97

edits