By Felipe Ruiz | May 05, 2020
DevOps is a predominant phenomenon,
a new way of thinking and working in software engineering
that is receiving a lot of attention nowadays.
DevOps a combination of the words 'Development' and 'Operations.'
In 2016, Jabbari et al. stated that
for this concept there was no concrete or complete definition.
That’s why they decided to do a review and collect,
analyze, and compare definitions from scientific papers to consolidate one.
In their research, 49 primary studies were meeting their requirements.
They identified in those studies
"the central components of
That’s something we’ll review in this post,
to improve our understanding of that concept.
As a first component (C1),
Jabbari and colleagues show us the already mentioned combination of terms
Dev) and 'Operations' (
The second component (C2) comprehends communication, collaboration,
and teamwork between developers and operators.
In the third component (C3),
we can see "the main goal of
which is to bridge the gap between
From the fourth component (C4),
it is assumed that
is a modern software development method that unifies other methods and tools.
The fifth component (C5) is where
DevOps is seen
as a paradigm of software delivery with continuous feedback,
fast response to modifications, and automated delivery pipelines.
The sixth component (C6) shows
the automatic "deployment process from the source code in version control
to the production environment."
The seventh component (C7) is related to 'continuous integration.'
Finally, the eight component (C8) is where
DevOps is taken as a method
where quality assurance is essential for improving performance.
With those components identified,
Jabbari et al. give us the following definition of
DevOps is a development methodology (C4) aimed at bringing the gap (C3) between Development and Operations (C1), emphasizing communication and collaboration (C2), continuous integration (C7), quality assurance (C8) and delivery (C5) with automated deployment (C6) utilizing a set of development practices.
Now, with this definition as a guide,
we can easily delve into different issues about
and always know what component or part of this methodology we are referring to.
So, for instance, let’s expand what is said in C1, C2, and C3.
CTO, Rafael Alvarez, explains in one of his conferences,
there are typically two teams in companies
where software is created and sold as a product or as a service.
A team of developers and a team of operators.
In short, the first team,
with its programming knowledge, creates the app.
The second team, which manages the hardware and operating systems,
is in charge of deployment
(making the app available for customer use) and service.
Rafael explains that the development team
is often asked to change the software quickly.
In contrast, the operations team is asked to ensure
that the infrastructure remains stable and changes slowly.
Therefore, the parties tend to struggle with "political noise,"
slowing down the overall process.
Here is where
DevOps methodology comes into play,
bringing those two teams together.
As Rafael mentions, people are no longer grouped by task or function
but by product (or service),
and we then have cross-functional teams.
Now, focused on C4 (not the explosive),
we have that
DevOps is related to some software development methods:
'Waterfall,' 'Agile,' and 'Lean.'
Let’s extend the information about this,
mostly from what Freddy Yumba shares.
Waterfall is a traditional linear plan-driven approach to software development. So, it is assumed that all requirements can be specified before starting the development process. Each phase must end before moving on to the next. Results in detailed documents must be signed, and these are measures of progress. In this model, the integration of later changes may mean redesigning the entire system. So, it is said that it doesn’t accommodate well to modifications requested by users and that it doesn’t give rise to creativity.
Instead, Agile focuses more on collaboration "between development teams, business people and customer," and on creativity, and rapid response to user needs. Through this methodology, earlier and more frequent releases are sought. Besides, communication of the development plan is preferred through face-to-face conversations, rather than through documentation as in Waterfall.
Finally, Lean, according to Yumba, is more oriented towards improving production system operations, project management, and the delivery of products and services. Some people see Lean as a way to bring agility from the project level to the organization level. In the Lean methodology, there’s an essential aim: the elimination of waste, anything that doesn’t add value to the development process. Therefore, unnecessary meetings, documentation, and tasks are discarded as much as possible.
DevOps arises by mixing Agile and Lean principles and practices,
but it’s more than that.
As the author says:
DevOps is "a new culture, corporate philosophy, and way of working."
It is a result of the experiences of many people
and the desire to create and maintain organizations with high-speed,
high-performance processes and exceptional
IT products and services.
Well, talking about more components,
'continuous integration' (C7) is one of the drivers of the
We know that development practice can be made
from different machines and locations.
With 'continuous integration,' we mean that the resulting code
is integrated into a shared repository
over and over again during the day, even every day.
This is something different from what we were used to, years ago,
when integration was quite late.
Additionally, as part of
an automated build verifies each check-in,
which serves to detect bugs and other problems quickly (C8),
without waiting for full code integration
and the deployment of the entire system.
Then we have continuous, automated, and fast delivery (C5),
with software always ready for the production environment,
to be released to users whenever required.
DevOps, there’s increased responsiveness
to customer requirements and needs.
With a continuous deployment (C6), companies in the web domain,
as is commented by Lwakatare and colleagues,
have "the opportunity to quickly verify
whether their new software features are useful to customers
and [can adopt] practices such as A/B testing."
In this, "users are randomly assigned
to one of the two variants of the system for experimentation."
Quick feedback becomes quite useful
to evaluate the quality of the software
and continuously repair or improve
what is needed in the development process.
Today, many companies offer software as a service (
SaaS) on the web.
"Resource virtualization and cloud computing
have provided the required building blocks" (Spinellis, 2016).
DevOps proves to be quite useful for those companies with
since from this methodology,
extensive control of the infrastructure is achieved,
and the software can be quickly restructured
and re-released if there are some problems.
What happens if we implement the term 'security' in this context?
We get the much mentioned
And what does that term mean?
Don’t worry; surely we’ll talk about it later.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation