While Agile, CI/CD, and DevOps are different, they support one another. Agile focuses on the development process, CI/CD on practices, and DevOps on culture.
You can’t build a house with a single tool. Nor can you enable your development practice with one. Agile, DevOps, and CI/CD are three distinct tools, each important in its own right. When a development organization uses all three for their intended purposes, the results are transformational. And in the context of security, only then—in our opinion—have you earned the right to call yourselves DevSecOps.
Agile, now referred to by some of its manifesto authors as agility, is focused on removing process barriers and enabling the key stakeholders, folk like developers and customers, to collaborate more closely on accelerating delivery. Agile highlights the constancy of change and acknowledges that as software producers, we don’t often know everything we need to successfully conceive, develop, and deliver high-quality software in monolithic life cycles.
So, though agile has come to mean different things over the past two decades, its fundamentals remain: Remove process barriers empowering individuals, produce working software rapidly, collaborate closely with customers, and respond to (rather than resist) change.
Continuous integration (CI) is a software engineering practice where members of a team integrate their work with increasing frequency. In keeping with CI practice, teams strive to integrate at least daily and even hourly, approaching integration that occurs “continuous-ly.”
Historically, integration has been a costly engineering activity. So, to avoid thrash, CI emphasizes automation tools that drive build and test, ultimately focusing on achieving a software-defined life cycle. When CI is successful, build and integration effort drops, and teams can detect integration errors as quickly as practical.
Continuous delivery (CD) is to packaging and deployment what CI is to build and test. Teams practicing CD can build, configure, and package software and orchestrate its deployment in such a way that it can be released to production in a software-defined manner (low cost, high automation) at any time.
High-functioning CI/CD practices directly facilitate agile development because software change reaches production more frequently. As a result, customers have more opportunities to experience and provide feedback on change.
DevOps focuses on limitations of culture and roles as agile development does process. The intention of DevOps is to avoid the negative impact that overspecialization and stovepiping roles in an organization have on preventing rapid or even effective response to production issues. DevOps organizations break down the barriers between Operations and Engineering by cross-training each team in the other’s skills. This approach improves everyone’s ability to appreciate and participate in each other’s tasks and leads to more high-quality collaboration and more frequent communication.
How are CI/CD, agile, and DevOps related in real-life development? Engineering teams often start with CI because it’s in their wheelhouse. A DevOps focus can help organizations understand what configuration, packaging, and orchestration are necessary to software-define even more of the life cycle—creating a more valuable CD practice. The practice of CI/CD in DevOps, in turn, adds to agile development.
Here’s a quick and easy way to differentiate agile, DevOps, and CI/CD:
John Steven is a former senior director at Synopsys. His expertise runs the gamut of software security—from threat modeling and architectural risk analysis to static analysis and security testing. He has led the design and development of business-critical production applications for large organizations in a range of industries. After joining Synopsys as a security researcher in 1998, John provided strategic direction and built security groups for many multinational corporations, including Coke, EMC, Qualcomm, Marriott, and FINRA. His keen interest in automation contributed to keeping Synopsys technology at the cutting edge. He has served as co-editor of the Building Security In department of IEEE Security & Privacy magazine and as the leader of the Northern Virginia OWASP chapter. John speaks regularly at conferences and trade shows.