DevSecOps

avatar
Created by
GiganticAngonoka72710

Subdecks (5)

Cards (149)

  • Collaboration
    • The key premise behind DevOps is collaboration. Development and operations teams coalesce into a functional team that communicates, shares feedback, and collaborates throughout the entire development and deployment cycle. Often, this means development and operations teams merge into a single team that works across the entire application lifecycle.
  • Collaboration
    • The members of a DevOps team are responsible for ensuring quality deliverables across each facet of the product. This leads to more ‘full stack’ development, where teams own the complete backend-to-frontend responsibilities of a feature or product. Teams will own a feature or project throughout the complete lifecycle from idea to delivery. This enhanced level of investment and attachment from the team leads to higher quality output.
  • Automation
    • An essential practice of DevOps is to automate as much of the software development lifecycle as possible. This gives developers more time to write code and develop new features. Automation is a key element of a CI/CD pipeline and helps to reduce human errors and increase team productivity. With automated processes, teams achieve continuous improvement with short iteration times, which allows them to quickly respond to customer feedback.
  • Continuous Improvement
    • Continuous improvement was established as a staple of agile practices, as well as lean manufacturing and Improvement Kata. It’s the practice of focusing on experimentation, minimizing waste, and optimizing for speed, cost, and ease of delivery. Continuous improvement is also tied to continuous delivery, allowing DevOps teams to continuously push updates that improve the efficiency of software systems. The constant pipeline of new releases means teams consistently push code changes that eliminate waste, improve development efficiency, and bring more customer value. 
  • Customer-centric action
    • DevOps teams use short feedback loops with customers and end users to develop products and services centered around user needs. DevOps practices enable rapid collection and response to user feedback through use of real-time live monitoring and rapid deployment. Teams get immediate visibility into how live users interact with a software system and use that insight to develop further improvements. 
  • Create with the end in mind
    • This principle involves understanding the needs of customers and creating products or services that solve real problems. Teams shouldn’t ‘build in a bubble’, or create software based on assumptions about how consumers will use the software. Rather, DevOps teams should have a holistic understanding of the product, from creation to implementation.
  • 7 DevOps Principles:
    1. Collaboration
    2. Data-Based Decision Making
    3. Customer-Centric Decision Making
    4. Constant Improvement
    5. Responsibility Throughout the Lifecycle
    6. Automation
    7. Failure as a Learning Opportunity
  • What is DevOps?
    • To improve the efficiency and quality of software development, delivery, and deployment, a group of activities and approaches called DevOps combines software development (Dev) with information technology operations (Ops).
    • DevOps' primary objective is to foster teamwork between the development and operations teams so that they may collaborate easily across the whole software development life cycle. In addition, automation, continuous integration, delivery, and deployment are used to speed up and reduce mistakes in the software development process.
  • What is DevOps?
    • Monitoring and feedback are also emphasized in DevOps, which enables the development and operations teams to see problems early and proactively handle them. Using DevOps methods, businesses may improve their agility, competitiveness, and overall productivity by achieving quicker release cycles, higher-quality software, and enhanced team cooperation.
  • How is DevOps different from agile methodology?
    • DevOps is a culture that allows the development and the operations team to work together. This results in continuous development, testing, integration, deployment, and monitoring of the software throughout the lifecycle
    • Agile is a software development methodology that focuses on iterative, incremental, small, and rapid releases of software, along with customer feedback. It addresses gaps and conflicts between the customer and developers.
    • DevOps:
  • Which are some of the most popular DevOps tools?
    The most popular DevOps tools include:
    1. Selenium
    2. Puppet
    3. Chef
    4. Git
    5. Jenkins
    6. Ansible
    7. Docker
  • What are the different phases in DevOps?The various phases of the DevOps lifecycle are as follows:
    • Integrate: Multiple codes from different programmers are integrated into one.
    • Deploy: Code is deployed into a cloud environment for further usage. It is ensured that any new changes do not affect the functioning of a high traffic website.
    • Operate: Operations are performed on the code if required.
    • Monitor: Application performance is monitored. Changes are made to meet the end-user requirements.
  • What are the different phases in DevOps?
    The various phases of the DevOps lifecycle are as follows:
    • Plan: Initially, there should be a plan for the type of application that needs to be developed. Getting a rough picture of the development process is always a good idea.
    • Code: The application is coded as per the end-user requirements. 
    • Build: Build the application by integrating various codes formed in the previous steps.
    • Test: This is the most crucial step of the application development. Test the application and rebuild, if necessary.
  • Mention some of the core benefits of DevOps.
    The core benefits of DevOps are as follows:
    Technical benefits
    • Continuous software delivery
    • Less complex problems to manage
    • Early detection and faster correction of defects
    Business benefits
    • Faster delivery of features
    • Stable operating environments
    • Improved communication and collaboration between the teams
  • How will you approach a project that needs to implement DevOps?
    • An assessment of the existing process and implementation
    • Create a proof of concept (PoC). Once it is accepted and approved, the team can start on the actual implementation and roll-out of the project plan.
    • The project is now ready for implementing DevOps by using version control/integration/testing/deployment/delivery and monitoring followed step by step.
  • Continuous Delivery
    • Ensures code can be safely deployed on to production
    • Ensures business applications and services function as expected
    • Delivers every change to a production-like environment through rigorous automated testing
  • Continuous Deployment
    • Every change that passes the automated tests is deployed to production automatically
    • Makes software development and the release process faster and more robust
    • There is no explicit approval from a developer and requires a developed culture of monitoring
  • What is the role of configuration management in DevOps?
    • Enables management of and changes to multiple systems.
    • Standardizes resource configurations, which in turn, manage IT infrastructure.
    • It helps with the administration and management of multiple servers and maintains the integrity of the entire infrastructure.
  • How does continuous monitoring help you maintain the entire architecture of the system?
    Continuous monitoring in DevOps is a process of detecting, identifying, and reporting any faults or threats in the entire infrastructure of the system.
    • Ensures that all services, applications, and resources are running on the servers properly.
    • Monitors the status of servers and determines if applications are working correctly or not.
    • Enables continuous audit, transaction inspection, and controlled monitoring.
  • What is the role of AWS in DevOps?
    • Flexible services: Provides ready-to-use, flexible services without the need to install or set up the software.
    • Built for scale: You can manage a single instance or scale to thousands using AWS services.
    • Automation: AWS lets you automate tasks and processes, giving you more time to innovate
    • Secure: Using AWS Identity and Access Management (IAM), you can set user permissions and policies.
    • Large partner ecosystem: AWS supports a large ecosystem of partners that integrate with and extend AWS services.
  • Name three important DevOps KPIs.
    • Meantime to failure recovery: This is the average time taken to recover from a failure.
    • Deployment frequency: The frequency in which the deployment occurs. 
    • Percentage of failed deployments: The number of times the deployment fails.
  • Explain the term "Infrastructure as Code" (IaC) as it relates to configuration management.
    • Writing code to manage configuration, deployment, and automatic provisioning.
    • Managing data centers with machine-readable definition files, rather than physical hardware configuration.
    • Ensuring all your servers and other infrastructure components are provisioned consistently and effortlessly. 
    • Administering cloud computing environments, also known as infrastructure as a service (IaaS).
  • What are the fundamental differences between DevOps & Agile?
  • What are the anti-patterns of DevOps?
    • Cannot perform DevOps → Have the wrong people
    • DevOps ⇒ Production Management is done by developers
    • The solution to all the organization’s problems ⇒ DevOps
    • DevOps == Process 
    • DevOps == Agile
    • Cannot perform DevOps → Organization is unique
    • A separate group needs to be made for DevOps
  • What are the benefits of using version control?
    • All team members are free to work on any file at any time with the Version Control System (VCS). Later on, VCS will allow the team to integrate all of the modifications into a single version.
    • The VCS asks to provide a brief summary of what was changed every time we save a new version of the project. We also get to examine exactly what was modified in the content of the file. As a result, we will be able to see who made what changes to the project.
  • What are the benefits of using version control?
    • Inside the VCS, all the previous variants and versions are properly stored. We will be able to request any version at any moment, and we will be able to retrieve a snapshot of the entire project at our fingertips.
    • A VCS that is distributed, such as Git, lets all the team members retrieve a complete history of the project. This allows developers or other stakeholders to use the local Git repositories of any of the teammates even if the main server goes down at any point in time.
  • Describe the branching strategies you have used.
    • Release branching - We can clone the develop branch to create a Release branch once it has enough functionality for a release. This branch kicks off the next release cycle, thus no new features can be contributed beyond this point. The things that can be contributed are documentation generation, bug fixing, and other release-related tasks. The release is merged into master and given a version number once it is ready to ship. It should also be merged back into the development branch, which may have evolved since the initial release.
  • Describe the branching strategies you have used.
    • Feature branching - This branching model maintains all modifications for a specific feature contained within a branch. The branch gets merged into master once the feature has been completely tested and approved by using tests that are automated.
  • Describe the branching strategies you have used.
    • Task branching - In this branching model, every task is implemented in its respective branch. The task key is mentioned in the branch name. We need to simply look at the task key in the branch name to discover which code implements which task.
  • Can you explain the “Shift left to reduce failure” concept in DevOps?
    • Shift left is a DevOps idea for improving security, performance, and other factors. Let us take an example: if we look at all of the processes in DevOps, we can state that security is tested prior to the deployment step. We can add security in the development phase, which is on the left, by employing the left shift method. We can integrate with all phases, including before development and during testing, not just development. This most likely raises the security level by detecting faults at an early stage
  • What is the Blue/Green Deployment Pattern?
    • This is a method of continuous deployment that is commonly used to reduce downtime. This is where traffic is transferred from one instance to another. In order to include a fresh version of the code, we must replace the old code with a new code version. 
    • The new version exists in a green environment and the old version exists in a blue environment. After making changes to the previous version, we need a new instance from the old one to execute a newer version of the instance.
  • What is Continuous Testing?
    • Continuous Testing constitutes the running of automated tests as part of the software delivery pipeline to provide instant feedback on the business risks present in the most recent release. In order to prevent problems in step-switching in the Software delivery life-cycle and to allow Development teams to receive immediate feedback, every build is continually tested in this manner. This results in a significant increase in speed in a developer's productivity as it eliminates the requirement for re-running all the tests after each update and project re-building.
  • What is Automation Testing?
    • Test automation or manual testing Automation is the process of automating a manual procedure in order to test an application or system. Automation testing entails the use of independent testing tools that allow you to develop test scripts that can be run repeatedly without the need for human interaction.
  • What are the benefits of Automation Testing?
    Some of the advantages of Automation Testing are -
    • Helps to save money and time.
    • Unattended execution can be easily done.
    • Huge test matrices can be easily tested.
    • Parallel execution is enabled.
    • Reduced human-generated errors, which results in improved accuracy.
    • Repeated test tasks execution is supported.
  • How to automate Testing in the DevOps lifecycle?
    • Developers are obliged to commit all source code changes to a shared DevOps repository.
    • Every time a change is made in the code, Jenkins-like Continuous Integration tools will grab it from this common repository and deploy it for Continuous Testing, which is done by tools like Selenium.
  • Why is Continuous Testing important for DevOps?
    • Any modification to the code may be tested immediately with Continuous Testing. This prevents concerns like quality issues and releases delays that might occur whenever big-bang testing is delayed until the end of the cycle. In this way, Continuous Testing allows for high-quality and more frequent releases.
  • Explain the difference between a centralized and distributed version control system (VCS).
    Centralized Version Control System
    • All file versions are stored on a central server
    • No developer has a copy of all files on a local system
    • If the central server crashes, all data from the project will be lost
    Distributed Control System
    • Every developer has a copy of all versions of the code on their systems
    • Enables team members to work offline and does not rely on a single location for backups
    • There is no threat, even if the server crashes
  • How do you push a file from your local system to the GitHub repository using Git?
    First, connect the local repository to your remote repository:
    • git remote add origin [copied web address]
    Second, push your file to the remote repository:
    • git push origin master
     
  • How is a bare repository different from the standard way of initializing a Git repository?
    Using the standard method:
    git init
    • You create a working directory with git init
    • A .git subfolder is created with all the git-related revision history
    Using the bare way
    git init --bare
    • It does not contain any working or checked out a copy of source files
    • Bare repositories store git revision history in the root folder of your repository, instead of the .git subfolder
  • Which of the following CLI commands can be used to rename files?
    • git mv