DevSecOps - ValueLabs

End-to-End Case Study

Geo location

US (East)

Platform

Web

Engagement

15 Years

Service

DevSecOps & SRE

Challenges

The client’s monolithic IT structure created issues during deployments and updates. Before 2018, they manually deployed applications which caused long periods of downtime and slow code verification.

Inefficient manual testing

Slow processes

Inflexibility

Delayed downtime

The DevOps team regularly took 4 hours to manually deploy and verify code
During this time, customers could not access the app
Platform inflexibility meant customizing the app for customer onboarding could take up to 30 days
Changes to customer contracts or business processes would lead to further downtime as engineers manually updated the app

Our Solution

Our solution focused on bringing speed and flexibility to the client by integrating DevSecOps services and solutions into their development processes. We worked alongside the internal teams to draw the security and testing processes alongside the development pipeline. We streamlined the release process and eliminated human dependency through strategic automation.

Solution Impact

83%

Reduction

In application downtime for DEV / QA / UAT

96%

Reduction

In application downtime for production

Human dependency

Reduced

Through automation

Our Approach

We implemented version control to prevent accidental changes and allow engineers to rollback or reuse pipeline code. We created a pipeline for every technology type and integrated unit, smoke, and regression tests. The DevOps team can now self-manage and customize this pipeline based on product readiness.

Top DevOps Mistakes to Avoid

Read Blog

Centering universality in the DevSecOps strategy

When we began to look at the DevSecOps implementation, we knew we would need to make sure the app could be used universally. The client’s customers could operate all over the world, and they would be using all the major devices and software to do so. We created a pipeline that could work with every technology type, and then we brought unit, smoke and regression tests into that pipeline. We helped to design templates for every application type to speed up engineers’ execution of the app. We also created touchless automation for all environments, removing the need for the engineers to verify and check many processes. By centering universality in our strategy, we were able to make the processes more flexible for both the client and their customers, and we were able to free up their engineers’ valuable time.

Increasing self-management through customization and automation

The universal touchless automation we helped integrate into the DevSecOps pipeline granted the engineers the ability to self-manage the pipeline more effectively. The DevSecOps teams can now set up and manage the pipelines themselves. They can guide the initial setup with comprehensive documentation. The teams can see how fit a new product or update is and customize the tests that are run on that product. The touchless automation means the DevSecOps teams no longer need to go back and run manual tests to verify results. They know that the results are accurate, and they can get on with the business of addressing challenges, providing updates, and onboarding customers faster than ever.

Speeding up development times with flexibility

From the beginning, we knew the impregnable IT infrastructure was at the heart of all the client’s biggest challenges. Everything, even our DevSecOps solutions, therefore, had to increase flexibility for our client. As we developed the pipelines, we built in the flexibility to allow the development and QA teams to include or remove certain testing features, depending on what the product in question needed. This freed up much time during the testing and validation stages. We built approval gates for QA and production processes, and we integrated unit tests and sonar scans before deployment. We also worked with the client to ensure they understood the Azure native deployment process so they could quickly onboard their new projects to the CI/CD process. All this flexibility means the client no longer wastes time running the exact same process on their many different products, speeding up the DevSecOps process significantly.

Business Impact

Our DevSecOps services and solutions focused on three things: flexibility, universality, and – above all – speed. As a result, the client has been able to avoid the large periods of downtime that they had once taken as a given, and they enjoy faster deployment times with fewer bugs and challenges.