Posted by John Steven on Monday, March 19th, 2018
We’ve been seeing a lot of instances recently in which the terms Agile, CI/CD, and DevOps are used interchangeably.
You couldn’t build a house with a single tool. Nor can you enable your development practice with one. Agility, CI/CD, and DevOps are three distinct tools, each important in its own right. When all three are used for their intended purposes, the results are transformational. And in the context of security, only then—in our opinion—have you earned the right to call yourselves DevSecOps.
Agile, now referred to by some of its manifesto authors as agility, is focused on removing process barriers and enabling the key stakeholders, folk like developers and customers, to collaborate more closely on accelerating delivery. Agility highlights the constancy of change and acknowledges that as software producers, we don’t often know everything we need to successfully conceive, develop, and deliver high-quality software in monolithic life cycles.
So, though agility has come to mean different things over the past two decades, its fundamentals remain: Remove process barriers empowering individuals, produce working software rapidly, collaborate closely with customers, and respond to (rather than resist) change.
Continuous integration (CI) is a software engineering practice where members of a team integrate their work with increasing frequency. In keeping with CI practice, teams strive to integrate at least daily and perhaps multiple times per day, toward the aspirational term in which it’s couched: “continuous-ly.”
Historically, integration has been a costly engineering activity. So, to avoid thrash, CI emphasizes automation tools that drive build and test, ultimately focusing on achieving a software-defined life cycle. When CI is successful, build and integration effort drops, and integration errors are detected as quickly as practical.
Continuous delivery (CD) is to packaging and deployment what CI is to build and test. Software is built, configured, and packaged and its deployment orchestrated in such a way that it can be released to production in a software-defined manner (low cost, high automation) at any time.
High-functioning CI/CD practices directly facilitate agility because software change reaches production more frequently, providing more opportunities for customers to experience and provide feedback on change.
DevOps focuses on limitations of culture and roles as agility does process. DevOps highlights the negative impact that overspecialization and stovepiping roles in an organization have played in preventing rapid or even effective response to production issues. DevOps organizations break down the barriers between Operations and Engineering, cross-training each on the other’s skills, improving everyone’s ability to appreciate and participate in each other’s tasks, as well as providing more high-quality collaboration, more frequent communication.
Engineering teams often start with CI because it’s in their wheelhouse. A DevOps focus can help organizations understand what configuration, packaging, and orchestration are necessary to software-define even more of the life cycle—creating a more valuable CD practice. This, in turn, adds to agility.
Here’s a quick and easy way to differentiate Agile, DevOps, and CI/CD:
Get the latest AppSec news and trends sent directly to you.