Dimensional Data

Developers love their tools. Operations teams love their tools. And security teams love their tools. As Dev, Sec, and Ops consolidate onto a single DevOps platform, toolchain technical debt becomes exponentially more costly and complex. “Tools should be in the background enabling excellent development, operations, and security practices. However, DevOps teams are often led by their tools rather than the other way around and that can hinder all aspects of the software development lifecycle (SDLC),” says Cindy Blake, CISSP, director of product and solutions marketing at GitLab. An April 2022 Gartner® report titled “Beware the DevOps Toolchain Debt Collector” notes that “many organizations find themselves with outdated, poorly governed, and unmanageable toolchains as they scale DevOps initiatives.” One of the key findings, according to Gartner, is that “most organizations create homegrown toolchains, often leveraging the tools beyond their functional design. This not only leads to a fragmented toolchain, but also creates complications when tooling needs to be scaled, replaced, or updated.” Toolchain technical debt introduces complexity as companies shift critical tasks such as reliability, governance, and compliance left in the SDLC. Discover how GitLab 15 can help your team deliver secure software, while maintaining compliance and automating manual processes. Save the date for our GitLab 15 launch event on June 23rd! No time for technical debt Few DevOps teams give toolchain upkeep the time and attention it requires. According to GitLab’s 2021 DevSecOps survey, nearly two-thirds of survey respondents, 61%, said they spend 20% or less of their time on toolchain integration and maintenance each month. “Developers face challenges and time constraints while maintaining these complex, stand-alone tool siloes, building fragility and technical debt that the [infrastructure and operations] leader has to deal with,” Gartner states. The research firm adds, “These outdated toolchains further increase overhead costs, magnify technical risks, add operational toil, and limit business agility.” Blake agrees: “Complex toolchains inhibit the ability to govern the software development and deployment process. Policies must be managed across tools and visibility into code changes and changes to its surrounding infrastructure become difficult to see and track. Time is wasted on managing the toolchain instead of value-added work.” Getting purpose-driven The remedy to toolchain sprawl and subsequent debt is to change strategy. Instead of putting energy into figuring out how to maintain one-off tools, DevOps teams should focus on how to enable processes and policies that support simplicity, control, and visibility across the SDLC. “These are the characteristics needed to meet reliability, governance, and compliance demands. A united platform like GitLab helps you do that,” Blake says. Gartner states: “Successful infrastructure and operations leaders reduce technical debt and sustainably scale DevOps toolchain initiatives across the organization by using a prioritized, iterative strategy that minimizes friction in making changes to toolchains and more quickly delivers customer value.” Adopting a purpose-built platform instead of a complex and ad-hoc toolchain also eases an organization’s ability to automate the SDLC. “Automation abstracts complexity away from the developer and provides guard rails so DevOps teams gain greater efficiency, accuracy, and consistency,” Blake says. In addition, automation reduces the audit footprint in terms of what needs oversight and inspection. Platforms also support automation throughout operations, including building and testing infrastructure as code, so that “you can eliminate the variables when you’re trying to debug an application,” she says. […]

GitLab has surveyed DevOps practitioners for more than five years now. In that time, we have come to know what questions to ask to understand how well teams are doing with DevOps. In sharing these 10 questions, we aim to help you assess your own team’s capabilities and achieve smarter, faster DevOps. How fast is your team releasing code today vs. one year ago? Tracking release speed is like taking the temperature of your DevOps team. You’d like to think everything is going well, but you might be surprised. Occasionally DevOps teams report to us they are actually releasing code more slowly than in the past. What stage(s) in the process are causing the most release delays? This question will shine a spotlight on the areas in your DevOps practice that simply don’t work. Spoiler alert: The answer will certainly be testing, though other things, from planning to code development and code review, might pop up, too. How automated is your DevOps process? Ask this, but don’t just focus on testing, tempting as that might be. Also think about what else in the software development lifecycle would benefit from automation. Consider what getting that time back would afford you. Could you assign your developers and ops pros to other business-critical projects? What’s been added to your DevOps tech stack over the last year? It’s good to look back and take inventory of the technology you have in play. This is also data that can help inform what your next steps might be, such as adopting GitOps, observability, or AI. How are your DevOps roles changing? If your team is like others we’ve heard from, (big) changes are happening. Devs are picking up tasks that have traditionally been owned by ops, ops is becoming anything from a DevOps coach to a platform engineer or a cloud expert, and security is likely now embedded in development teams. How does security integrate with DevOps in your organization? The most successful DevOps teams have figured out how to bridge the dev and sec divide. Whether your team has a security champion or actually embeds sec pros on the dev team, this is a critical piece in the process to release safer software faster. What advanced technologies are you using (or considering) in your DevOps practice? “Bots” can test code, AI can review code, and a low code/no code tool will make citizen developers out of anyone in the organization. Now is definitely the time to make sure your DevOps team is future-proofing the tech stack. Do you have a plan for governance and compliance of your software supply chain? To keep the software supply chain secure, DevOps teams need visibility into and control over the entire development lifecycle. Can you easily deal with audits or attestations of compliance? Mature governance and compliance processes are essential in all industries today, not just those that are highly regulated. What advanced practices are you using (or considering) in your DevOps environment? Whether it’s Infrastructure as Code (IaC), GitOps, or MLOps, cutting-edge practices can jumpstart your releases and bring new and interesting opportunities to DevOps teams. Do you regularly assess DevOps careers and roles on your team? Happy team members really are more productive, so consider this a PSA to keep career growth conversations a priority. In considering […]

eCommerce platform provider Swell was built to give entrepreneurs the opportunity to build the online business that they envision. A GitLab customer since 2021, GitLab has been adopted as Swell’s one DevOps, project management, and support ticketing tool for the whole organization. It’s the foundational platform that the business works on. Swell is using GitLab Premium in many different areas, including for product development and to build the platform infrastructure, says Nico Bistolfi, vice president of technology. “GitLab is our source of truth for everything,” Bistolfi says. Now, Swell is looking into expanding its usage of the platform to leverage features such as code quality, automation, and other types of dynamic application security and static application security. GitLab for CI/CD Swell upgraded to the Premium version and the biggest advantage so far has been the review operations capability, Bistolfi says. The company has created environments for every merge request users make, and that replicates in production for testers to see what was changed, whether a fix was made, or how the new feature is working. “We could not go to our software development lifecycle today without the review ops. That’s something that is critical for us,” Bistolfi says. GitLab is used for both continuous integration (CI) and continuous deployment (CD). While building the CI/CD pipeline process is ongoing, Bistolfi says, “We are slowly changing it and relying more and more on GitLab” in areas, including application security. Before moving to GitLab, Swell was using bare-metal servers. The company now uses GitLab’s container management solutions and all API updates are happening through the platform. From inputting issues to resolution Everyone at Swell is using GitLab — not just developers — and for a variety of tasks. The company has created a way to process support tickets through the platform. Another use case is knowledge management. “We find ourselves making some decisions from comments in GitLab,” he says. The whole process from the time a ticket is created to being resolved is done within the platform. The company culture is about full information transparency, Bistolfi says, particularly since Swell is fully remote and employees work from 11 different countries. So one goal is to maintain asynchronous communication. When an issue is created in the platform, a little bit of coding is required, but he said non-developer users have adapted well. The feedback so far has been that using GitLab has been frictionless. Speed to delivery Initially, for some services, it took about 30 minutes to build and deploy an image. Now, the process has been decreased to between one and five minutes in most cases. Swell manually sets release dates for system improvements and, right now, there are about two a week. The company is working on automating the process for continuous delivery with the goal of soon having releases every couple of hours. Team play Swell manages team backlogs, sprints, milestones, and future work using its own flavor of Kanban with what Bistolfi calls “quick labels.” Engineering teams are being scaled and, in addition to Kanban, some projects are done using Scrum. Changing their GitLab configuration has let teams measure velocity better. A future goal is to gain visibility into team results, as well as use GitLab for project planning and management, he says. GitLab as a product and company Bistolfi […]