Your code is the small part. The libraries you pull in are the big part — and that is where most of your CVEs live. In Part 3 of the GitLab DevSecOps series, Patrick Steger and I bring up a tiny Spring Boot demo, wire it into a GitLab pipeline, and then add Software Composition Analysis with a single include line.
Before we can shift any security checks left, we need a project, a repository, and a pipeline that actually builds something. In Part 2 of our GitLab DevSecOps series, Patrick Steger and I log into GitLab, create a new .NET Core project from a template, and look at the .gitlab-ci.yml file that GitLab generates for us — including the build and test jobs that will become the foundation for everything we add later.
Why does security still get bolted on at the end of the development process, and how do we move it earlier without slowing teams down? In Part 1 of our GitLab DevSecOps series, Patrick Steger and I set the stage: what GitLab is, what shifting security left really means, and which CI/CD concepts you have to understand before you can build a DevSecOps pipeline that actually works.
How do you make sure your organization is not overloaded with too many projects, too many ideas, and too little focus? And how do you ensure you are building the right thing? This is exactly what epics are for. In this video, I walk through the concept of epics, show you a concrete example, and explain why epics are far more effective than traditional projects.
Have you ever wondered what “DevOps Engineers” actually do? What does “DevOps” even mean actually? This blog post aims to explain the concept of DevOps and the value that it
Over the past few years I have published a deep-dive on every single activity in the SAFe DevOps Health Radar. This post is the round-the-radar tour: a single page that walks you through all four aspects and all sixteen stages, with the original video for each and a link to the full article. Use it as a map — to find your starting point, to share with your team, or to assess where you are today and where you want to go next.
Release on Demand is the final step in the SAFe for DevOps continuous delivery pipeline, and it is the step that ties everything together. In this video, I walk through how Release on Demand works, why separating deployment from release is so powerful, and how the whole pipeline enables organizations to build the right thing right.
Feature toggles are one of those concepts that sound simple on the surface but unlock enormous power in practice. In this DevOps Meetup Zurich session, I team up with Ben Rometsch, founder of Flagsmith, to explain the what, why, and how of feature toggles. We cover the foundational concepts of CI/CD that make feature toggles necessary, the difference between deployment and release, and how modern feature flagging platforms enable progressive rollouts, user segmentation, and A/B testing.
The SAFe® for DevOps training is an assessment or a workshop that is ideally suited for teams. Why? Because the focus is on driving the value stream of these teams. Addressing questions, challenges, and any potential obstacles - we can work on the training to provide value to them. We will give them the theory input of what exactly DevOps is.
Learn is the last step of the SAFe for DevOps Health Radar, and in many ways it is the most important one. This is where we make the hard decisions about where to invest, where to stop, and how to continuously improve everything we do. In this video, I walk through what the Learn step involves and why it is the key to building the right thing right.
Measure is the step of the SAFe for DevOps Health Radar where everything comes together. After deploying to production and stabilizing, we now collect qualitative and quantitative information about our epics and features. The goal is to validate our hypotheses and make informed strategic decisions. In this video, I walk through what the Measure step involves and why it is essential for building the right thing.
After we release a new feature to our users, we need to make sure everything runs smoothly. Stabilize is the SAFe DevOps Health Radar activity that focuses on maintaining a high level of business continuity so we can continuously deliver value to our customers. In this video, I walk through what Stabilize involves and why it is essential for a stable, resilient production environment.
