That out of control train barreling down the track is the fast pace of today’s business climate. As its speed has gotten faster and faster, DevOps tools for software development were put in place to keep its engines stoked and the train running at optimal speed to keep up with others.

In its search for speed, however, companies may have placed software quality at risk…and with poor software quality comes the danger of application security issues. To prevent these potential software quality and security issues, DevSecOps has come onto the scene to prevent projects from becoming derailed or introducing a significant amount of risk into the organization.

When a DevOps project gets derailed, getting it back on track is not as easy as retracing your steps and moving forward from the project’s point of derailment. Sometimes the point where it got offline may not be clear, or perhaps the original goals where not achievable. The DevOps process itself may require a complete overhaul of the software engineers’ processes and practices.

Veteran business technology reporter John Edwards, in a recent commentary in InformationWeek, proposed a five-point plan for how DevOps teams can “go back to the virtual drawing board and steer the initiative back onto its planned course.”

Edwards’ steps fall in line with common business practices for whenever a project goes awry. He proposes that companies:

Identify the root of the problem
Get everyone on board
Analyze and measure every step in the project
Clarify the project’s goals
Define the leadership of the project team

WATCH NOW: Frederic Veron, CIO of Deutsche Bank, shares steps to DevOps excellence

Each of these initiatives, however, can take on a life of its own. If they are not addressed quickly and completely they can add to the issues with application security and software quality that a meandering process creates. Applying Software Intelligence to each stage can provide the transparency and data that makes each stage timely and efficient.

Identify the root of the problem: using automated application analysis finds application quality issues – including those that lead to potential application security breach points – within the software created during the original DevOps process and points to the need for attention; to attempt to do this manually could take exponentially longer and drive costs into the stratosphere.
Get everyone on board: using Software Intelligence to identify issues provides the data that both managers and upper level management need to make decisions about the DevOps process. It also provides information to the engineers so they can see an objective measurement of where the process went awry.
Analyze and measure: by performing the static analysis inherent in within Software Intelligence, organizations create data that measures how big the problem is, the technical debt of the project, and just how far and at what cost the retooling of the process will be. Application analysis and measurement will continue when the project resumes to collect software quality data as the project progresses.
Clarify the project’s goals: with the root of the problem identified through Software Intelligence, the DevOps team can hone in on what they need to do to achieve the original goals of the project, or may provide the data they need to redefine the goals to ones that are more achievable and will result in better software quality and application security
Define the leadership: these are the people who will work with the data provided by Software Intelligence to get the DevOps project headed back in the right direction. Once back on track, they also will monitor the ongoing process through automated analysis and measurement to identify any new issues as they happen and before they derail the project again.

Whether it’s DevOps, Agile, Waterfall or any other development process, when the paths of software developers begin to wander, the costs to a company – both financial and reputation – can add up. With some basic steps, and the data collected through the static analysis of Software Intelligence, a DevOps team can quickly get back on track, prevent future derailments, and steam its way to optimal software quality and application security.

Filed in: DevOps

Tagged: DevOps DevSecOps Software Intelligence software risk

Open source is part of almost every software capability we use today. At the very least libraries, frameworks or databases that get used in mission critical IT systems. In some cases entire systems being build on top of open source foundations. Since we have been benchmarking IT software for years, we thought we would set our sights on some of the most commonly used open source software (OSS) projects. Software Intelligence Report <> Papers

In our 29-criteria evaluation of the static application security testing (SAST) market, we identified the 10 most significant vendors â€” CAST, CA Veracode, Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock, SonarSource, and Synopsys â€” and researched, analyzed, and scored them. This report shows how each measures up and helps security professionals make the right choice. Forrester Wave: Static Application Security Testing, Q4 2017 Analyst Paper

Making sense of cloud transitions for financial and telecoms firms Cloud migration 2.0: shifting priorities for application modernization in 2019 Research Report

Jonathan Bloom Technology Writer & Consultant

Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.

DevOps: 5 Steps to Get Derailed Projects Back on Track