(Translated by https://www.hiragana.jp/)
DevOps: Difference between revisions - Wikipedia Jump to content

DevOps: Difference between revisions

Page protected with pending changes
From Wikipedia, the free encyclopedia
Browse history interactively
[pending revision][accepted revision]
← Previous edit
Content deleted Content added
VisualWikitext
Fasi44 (talk | contribs)
3 edits
m Added link to DevSecOps
Tags: Reverted Visual edit
 
(169 intermediate revisions by more than 100 users not shown)
Line 1: Line 1:
{{short description|Set of software development practices}}
{{short description|Set of software development practices}}
{{pp-pc1}}
{{pp-pc1}}
{{Multiple issues|
{{unreliable sources|date=December 2018}}
{{COI|date=August 2021}}
}}
{{Use dmy dates|date=December 2020}}
{{Software development process}}
'''DevOps''' is a set of practices that combines [[software development]] (''Dev'') and [[IT operations]] (''Ops''). It aims to shorten the [[systems development life cycle]] and provide [[continuous delivery]] with high [[software quality]].<ref name="loukides-2012">{{Cite web|url=http://radar.oreilly.com/2012/06/what-is-devops.html|title=What is DevOps?|last=Loukides|first=Mike|date=7 June 2012|publisher=[[O'Reilly Media]]}}</ref> DevOps is complementary with [[Agile software development]]; several DevOps aspects came from the Agile methodology.


'''DevOps''' is a methodology in the software development and IT industry. Used as a set of practices and tools, DevOps integrates and automates the work of [[software development]] (''Dev'') and [[IT operations]] (''Ops'') as a means for improving and shortening the [[systems development life cycle]].<ref>{{Cite web |last1=Courtemanche |first1=Meredith |last2=Mell |first2=Emily |last3=Gills |first3=Alexander S. |title=What Is DevOps? The Ultimate Guide |url=https://www.techtarget.com/searchitoperations/definition/DevOps |access-date=2023-01-22 |website=TechTarget |language=en}}</ref> DevOps is complementary to [[agile software development]]; several DevOps aspects came from the ''agile'' way of working.
==Definition==
Other than it being a cross-functional combination (and a [[portmanteau]]) of the terms and concepts for "development" and "operations", academics and practitioners have not developed a universal definition for the term "DevOps".{{efn|Dyck et. al (2015) "To our knowledge, there is no uniform definition for the terms release engineering and DevOps. As a consequence, many people use their own definitions or rely on others, which results in confusion about those terms."<ref>{{cite journal |first1= Andrej |last1= Dyck |first2= Ralf |last2= Penners |first3= Horst |last3= Lichter |title= Towards Definitions for Release Engineering and DevOps |journal=Proceedings of the 2015 IEEE/ACM 3rd International Workshop on Release Engineering |date=2015-05-19 |page= 3 |publisher=[[Institute of Electrical and Electronics Engineers|IEEE]] |doi= 10.1109/RELENG.2015.10 |isbn= 978-1-4673-7070-7 |s2cid= 4659735 }}</ref>}}{{efn|Jabbari et. al (2016) "The research results of this study showed the need for a definition as individual studies do not consistently define DevOps."<ref>{{cite journal |first1=Ramtin |last1=Jabbari |first2=Nauman |last2=bin Ali |first3=Kai |last3=Petersen |first4=Binish |last4=Tanveer |journal=Proceedings of the 2016 Scientific Workshop |date=May 2016 |publisher=[[Association for Computing Machinery]] |title=What is DevOps?: A Systematic Mapping Study on Definitions and Practices }}</ref>}}{{efn|Erich et. al (2017) "We noticed that there are various gaps in the study of DevOps: There is no consensus of what concepts DevOps covers, nor how DevOps is defined."<ref name="erich-2017">{{cite journal |title=A Qualitative Study of DevOps Usage in Practice |first1=F.M.A. |last1=Erich |first2=C. |last2=Amrit |first3=M. |last3=Daneva |journal=Journal of Software: Evolution and Process |volume=29 |issue=6 |date=June 2017 |pages=e1885 |doi=10.1002/smr.1885 |s2cid=35914007 }}</ref>}}{{efn|Erich et. al (2017) "We discovered that there exists little agreement about the characteristics of DevOps in the academic literature."<ref name="erich-2017"/>}} Most often, DevOps is characterized by key principles: shared ownership, workflow automation, and rapid feedback.


Automation is an important part of DevOps. [[Software programmer]]s and [[Software architect|architects]] should use "[[Fitness function|fitness functions]]" to keep their software in check.<ref>{{Cite book |title=Fundamentals of Software Architecture: An Engineering Approach |publisher=O'Reilly Media |year=2020 |isbn=978-1492043454}}</ref>
From an academic perspective, [[Len Bass]], [[Ingo Weber]], and [[Liming Zhu]]—three computer science researchers from the [[CSIRO]] and the [[Software Engineering Institute]]—suggested defining DevOps as "a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality".<ref>{{cite book|title=DevOps: A Software Architect's Perspective|author1=Bass, Len|author2=Weber, Ingo|author3=Zhu, Liming|isbn=978-0134049847|year=2015}}</ref>


==Definition==
However, the term is used in multiple contexts. At its most successful, DevOps is a combination of specific practices, culture change, and tools.<ref>{{cite journal|title=A guidance to implement or reinforce a DevOps approach in organizations: A case study|author1=Muñoz, Mirna|author2=Negrete Rodríguez, Mario| date=April 2021}}</ref>
Other than it being a cross-functional combination (and a [[portmanteau]]) of the terms and concepts for "development" and "operations", academics and practitioners have not developed a universal definition for the term "DevOps".{{efn|Dyck et al. (2015) "To our knowledge, there is no uniform definition for the terms release engineering and DevOps. As a consequence, many people use their own definitions or rely on others, which results in confusion about those terms."<ref>{{Cite book |last1=Dyck |first1=Andrej |last2=Penners |first2=Ralf |last3=Lichter |first3=Horst |chapter=Towards Definitions for Release Engineering and DevOps |date=2015-05-19 |title=2015 IEEE/ACM 3rd International Workshop on Release Engineering |publisher=[[Institute of Electrical and Electronics Engineers|IEEE]] |page=3 |doi=10.1109/RELENG.2015.10 |isbn=978-1-4673-7070-7 |s2cid=4659735}}</ref>}}{{efn|Jabbari et al. (2016) "The research results of this study showed the need for a definition as individual studies do not consistently define DevOps."<ref>{{Cite journal |last1=Jabbari |first1=Ramtin |last2=bin Ali |first2=Nauman |last3=Petersen |first3=Kai |last4=Tanveer |first4=Binish |date=May 2016 |title=What is DevOps?: A Systematic Mapping Study on Definitions and Practices |journal=Proceedings of the 2016 Scientific Workshop |publisher=[[Association for Computing Machinery]]}}</ref>}}{{efn|Erich et al. (2017) "We noticed that there are various gaps in the study of DevOps: There is no consensus of what concepts DevOps covers, nor how DevOps is defined."<ref name="erich-2017">{{Cite journal |last1=Erich |first1=F.M.A. |last2=Amrit |first2=C. |last3=Daneva |first3=M. |date=June 2017 |title=A Qualitative Study of DevOps Usage in Practice |journal=Journal of Software: Evolution and Process |volume=29 |issue=6 |pages=e1885 |doi=10.1002/smr.1885 |s2cid=35914007|url=https://ris.utwente.nl/ws/files/19208022/Erich_et_al_2017_Journal_of_Software_Evolution_and_Process.pdf }}</ref>}}{{efn|Erich et al. (2017) "We discovered that there exists little agreement about the characteristics of DevOps in the academic literature."<ref name="erich-2017" />}} Most often, DevOps is characterized by key principles: shared ownership, workflow automation, and rapid feedback.
From an academic perspective, [[Len Bass]], Ingo Weber, and Liming Zhu—three computer science researchers from the [[CSIRO]] and the [[Software Engineering Institute]]—suggested defining DevOps as "a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality".<ref>{{Cite book |last1=Bass, Len |title=DevOps: A Software Architect's Perspective |last2=Weber, Ingo |last3=Zhu, Liming |year=2015 |publisher=Addison-Wesley |isbn=978-0134049847}}</ref>
However, the term is used in multiple contexts. At its most successful, DevOps is a combination of specific practices, culture change, and tools.<ref>{{Cite journal |last1=Muñoz, Mirna |last2=Negrete Rodríguez, Mario |date=April 2021 |title=A guidance to implement or reinforce a DevOps approach in organizations: A case study}}</ref>


==History==
==History==
Proposals to combine software development methodologies with deployment and operations concepts began to appear in the late 80s and early 90s.<ref>Chapman, M., Gatti, N: A model of a service life cycle, Proceedings of TINA '93, pp. I-205–I-215, Sep., 1993.</ref>
{{undue weight|section|date=December 2018}}
In 1993 the Telecommunications Information Networking Architecture Consortium ([[TINA-C]]) defined a Model of a Service Lifecycle that combined software development with (telecom) service operations.<ref>Chapman, M., Gatti, N: A model of a service life cycle, Proceedings of TINA '93, pp. I-205–I-215, Sep., 1993.</ref>


Around 2007 and 2008, concerns were raised by those within the software development and IT communities that the separation between the two industries, where one wrote and created software entirely separate from those that deploy and support the software was creating a fatal level of dysfunction within the industry.<ref>{{Cite web |last=Atlassian |title=History of DevOps |url=https://www.atlassian.com/devops/what-is-devops/history-of-devops |access-date=2023-02-23 |website=Atlassian |language=en}}</ref>
In 2009, the first conference named devopsdays was held in [[Ghent]], [[Belgium]]. The conference was founded by Belgian consultant, project manager and agile practitioner Patrick Debois.<ref name="devops-name">{{cite web|last=Mezak|first=Steve|title=The Origins of DevOps: What's in a Name?|url=https://devops.com/the-origins-of-devops-whats-in-a-name/|publisher = devops.com|access-date=6 May 2019|date=25 January 2018}}</ref>{{who|date=December 2018}}<ref name="jediblog">{{cite web|last=Debois|first=Patrick|title=Agile 2008 Toronto|url=http://www.jedi.be/blog/2008/10/09/agile-2008-toronto-agile-infrastructure-and-operations-presentation/|publisher=Just Enough Documented Information|access-date=12 March 2015}}</ref> The conference has now spread to other countries.<ref name="devopsdays">{{cite web|last=Debois|first=Patrick|title=DevOps Days|url=http://www.devopsdays.org/|publisher = DevOps Days|access-date=31 March 2011}}</ref>


In 2009, the first conference named DevOps Days was held in [[Ghent]], [[Belgium]]. The conference was founded by Belgian consultant, project manager and agile practitioner Patrick Debois.<ref>{{Cite web |last=Mezak |first=Steve |date=25 January 2018 |title=The Origins of DevOps: What's in a Name? |url=https://devops.com/the-origins-of-devops-whats-in-a-name/ |access-date=6 May 2019 |publisher=devops.com}}</ref><ref>{{Cite web |last=Debois |first=Patrick |date=9 October 2008 |title=Agile 2008 Toronto |url=http://www.jedi.be/blog/2008/10/09/agile-2008-toronto-agile-infrastructure-and-operations-presentation/ |access-date=12 March 2015 |publisher=Just Enough Documented Information}}</ref> The conference has now spread to other countries.<ref>{{Cite web |last=Debois |first=Patrick |title=DevOps Days |url=http://www.devopsdays.org/ |access-date=31 March 2011 |publisher=DevOps Days}}</ref>
In 2012, the State of DevOps report was conceived and launched by Alanna Brown at Puppet.<ref name="2016 State of DevOps Report">{{cite web|url=https://devops-research.com/assets/state-of-devops-2016.pdf|title=2016 State of DevOps Report|author1=Alana Brown|author2=Nicole Forsgren|date=2016|publisher=Puppet Labs, DORA (DevOps Research|access-date=2019-05-06|author3=Jez Humble|author4=Nigel Kersten|author5=Gene Kim}}</ref><ref name="Alanna Brown">{{cite web|title=Puppet - Alanna Brown|url=https://puppet.com/people/alanna-brown|publisher=Puppet Labs|access-date=2019-04-27}}</ref>


As of 2014, the annual State of DevOps report was published by [[Nicole Forsgren]], Gene Kim, Jez Humble and others. They stated that the adoption of DevOps was accelerating.<ref name="2014 State of DevOps Report">{{cite web|author1=Nicole Forsgren|author2=Gene Kim|author3=Nigel Kersten |author4=Jez Humble|title=2014 State of DevOps Report|url=https://devops-research.com/assets/state-of-devops-2014.pdf|date=2014|publisher=Puppet Labs, IT Revolution Press and ThoughtWorks |access-date=2019-04-27}}</ref><ref name="2015 State of DevOps Report">{{cite web|title=2015 State of DevOps Report|url=https://devops-research.com/assets/state-of-devops-2015.pdf|date=2015|publisher=Puppet Labs, Pwc, IT Revolution Press|access-date=2019-05-06}}</ref> Also in 2014, Lisa Crispin and Janet Gregory wrote the book More Agile Testing, containing a chapter on testing and DevOps.<ref name="More Agile Testing - TOC">{{cite web|title=More Agile Testing|url=https://agiletester.ca/wp-content/uploads/sites/26/2014/09/TOC.pdf|date=October 2014|access-date=2019-05-06}}</ref><ref name="More Agile Testing">{{cite book|title=More Agile Testing|url=https://www.oreilly.com/library/view/more-agile-testing/9780133749571/|last1=Crispin|first1=Lisa|last2=Gregory|first2=Janet|date=October 2014|isbn=9780133749571 |access-date=2019-05-06}}</ref>
In 2012, a report called "State of DevOps" was first published by Alanna Brown at [[Puppet (software)|Puppet Labs]].<ref name="2016 State of DevOps Report">{{Cite web |last1=Alana Brown |last2=Nicole Forsgren |last3=Jez Humble |last4=Nigel Kersten |last5=Gene Kim |date=2016 |title=2016 State of DevOps Report |url=https://dora.dev/research/2017-and-earlier/2016-state-of-devops-report.pdf |access-date=2024-04-24 |publisher=Puppet Labs, DORA (DevOps Research}}</ref><ref>{{Cite web |title=Puppet - Alanna Brown |url=https://puppet.com/people/alanna-brown |access-date=2019-04-27 |publisher=Puppet Labs}}</ref>


As of 2014, the annual State of DevOps report was published by [[Nicole Forsgren]], Gene Kim, Jez Humble and others. They stated that the adoption of DevOps was accelerating.<ref>{{Cite web |last1=Nicole Forsgren |last2=Gene Kim |last3=Nigel Kersten |last4=Jez Humble |date=2014 |title=2014 State of DevOps Report |url=https://dora.dev/research/2017-and-earlier/2014-state-of-devops-report.pdf |access-date=2024-04-24 |publisher=Puppet Labs, IT Revolution Press and ThoughtWorks}}</ref><ref>{{Cite web |date=2015 |title=2015 State of DevOps Report |url=https://dora.dev/research/2017-and-earlier/2015-state-of-devops-report.pdf | access-date=2024-04-24 |publisher=Puppet Labs, Pwc, IT Revolution Press}}</ref> Also in 2014, Lisa Crispin and Janet Gregory wrote the book More Agile Testing, containing a chapter on testing and DevOps.<ref>{{Cite web |date=October 2014 |title=More Agile Testing |url=https://agiletester.ca/wp-content/uploads/sites/26/2014/09/TOC.pdf |access-date=2019-05-06}}</ref><ref>{{Cite book |last1=Crispin |first1=Lisa |url=https://www.oreilly.com/library/view/more-agile-testing/9780133749571/ |title=More Agile Testing |last2=Gregory |first2=Janet |date=October 2014 |publisher=Addison-Wesley |isbn=9780133749571 |access-date=2019-05-06}}</ref>
In 2016 the DORA metrics for throughput (deployment frequency, lead time for changes), and stability (mean time to recover, change failure rate) were published in the State of DevOps report.<ref name="2016 State of DevOps Report"/>


In 2016, the [[DevOps_Research_and_Assessment|DORA]] metrics for throughput (deployment frequency, lead time for changes), and stability (mean time to recover, change failure rate) were published in the State of DevOps report.<ref name="2016 State of DevOps Report" /> However, the research methodology and metrics were criticized by experts.<ref>{{Cite news |last=Turner |first=Graham |date=20 November 2023 |title=Report: Software Engineers Face Backlash for Reporting Wrongdoing |url=https://www.digit.fyi/report-software-engineers-facing-retaliation-for-reporting-wrongdoing/ |access-date=5 January 2024 |work=DIGIT |language=en}}</ref><ref>{{Cite news |last=Saran |first=Cliff |title=Software engineers worry about speaking out - Computer Weekly |url=https://www.computerweekly.com/news/366560292/Software-engineers-worry-about-speaking-out |access-date=5 January 2024 |work=ComputerWeekly.com |language=en}}</ref><ref>{{Cite news |title=75% of software engineers faced retaliation the last time they reported wrongdoing - ETHRWorldSEA |url=https://hrsea.economictimes.indiatimes.com/news/workplace/75-of-software-engineers-faced-retaliation-the-last-time-they-reported-wrongdoing/105335733 |work=ETHRWorld.com |language=en}}</ref><ref>{{Cite web |last=Cummins |first=Holly |title=Holly Cummins on X |url=https://twitter.com/holly_cummins/status/1448357917384744964 |access-date=5 January 2024 |website=X.com}}</ref> In response to these criticisms, the 2023 State of DevOps report <ref name="2023 State of DevOps Report">{{Cite web | last1=DeBellis | first1=Derek | title=2023 State of DevOps Report | url=https://cloud.google.com/devops/state-of-devops | access-date=2024-04-24 | last2=Lewis | first2=Amanda | last3=Villalba | first3=Daniella | last4=Farley | first4=Dave | publisher=Google Cloud DevOps Research and Assessment}}</ref> published changes that updated the stability metric "mean time to recover" to "failed deployment recovery time" acknowledging the confusion the former metric has caused.<ref name="Culture is everything">{{cite web |last1=DeBellis |first1=Derek |last2=Harvey |first2=Nathan |title=2023 State of DevOps Report: Culture is everything |url=https://cloud.google.com/blog/products/devops-sre/announcing-the-2023-state-of-devops-report |website=Google Cloud Blog |access-date=2024-04-24}}</ref>
==Toolchains==
{{Main|DevOps toolchain}}
As DevOps is intended to be a cross-functional mode of working, those who practice the methodology use different sets of tools—referred to as "[[DevOps toolchain|toolchains]]"—rather than a single one.<ref>{{cite report |title=Gartner Market Trends: DevOps – Not a Market, but Tool-Centric Philosophy That supports a Continuous Delivery Value Chain |publisher=Gartner |date=18 February 2015}}</ref> These toolchains are expected to fit into one or more of the following categories, reflective of key aspects of the development and delivery process.
# Coding – code development and review, [[Version control|source code management]] tools, code merging.
# Building – [[continuous integration]] tools, build status.
# Testing – [[continuous testing]] tools that provide quick and timely feedback on business risks.
# Packaging – [[Binary repository manager|artifact repository]], application pre-deployment staging.
# Releasing – change management, release approvals, [[application release automation|release automation]].
# Configuring – infrastructure configuration and management, [[infrastructure as code]] tools.
# Monitoring – [[Application performance management|applications performance monitoring]], end-user experience.


==Relationship to other approaches==
==Relationship to other approaches==
Many of the ideas fundamental to DevOps practices are inspired by, or mirror, other well known practices such as [[Lean manufacturing|Lean]] and [[W. Edwards Deming|Deming's]] [[PDCA|Plan-Do-Check-Act]] cycle, through to [[The Toyota Way]] and the [[Agile software development|Agile]] approach of breaking down components and batch sizes.<ref name=":1">{{Cite journal|last=Klein|first=Brandon Thorin|date=2021-05-01|title=The DevOps: A Concise Understanding to the DevOps Philosophy and Science.|url=https://www.osti.gov/biblio/1785164/|language=English|doi=10.2172/1785164|osti=1785164|s2cid=236606284}}</ref> Contrary to the "top-down" proscriptive approach and rigid framework of [[ITIL]] in the 1990s, DevOps is "bottom-up" and a flexible practice, created by software engineers, with software engineer needs in mind.<ref>{{Cite web|title=The History and Evolution of DevOps {{!}} Tom Geraghty|url=https://tomgeraghty.co.uk/index.php/the-history-and-evolution-of-devops/|access-date=2020-11-29|language=en-GB}}</ref>
Many of the ideas fundamental to DevOps practices are inspired by, or mirror, other well known practices such as [[Lean manufacturing|Lean]] and [[W. Edwards Deming|Deming's]] [[PDCA|Plan-Do-Check-Act]] cycle, through to [[The Toyota Way]] and the [[Agile software development|Agile]] approach of breaking down components and batch sizes.<ref>{{Cite journal |last=Klein |first=Brandon Thorin |date=2021-05-01 |title=The DevOps: A Concise Understanding to the DevOps Philosophy and Science |url=https://www.osti.gov/biblio/1785164/ |language=English |doi=10.2172/1785164 |osti=1785164 |s2cid=236606284 |website=Osti.gov}}</ref> Contrary to the "top-down" prescriptive approach and rigid framework of [[ITIL]] in the 1990s, DevOps is "bottom-up" and flexible, having been created by software engineers for their own needs.<ref>{{Cite web |date=5 July 2020 |title=The History and Evolution of DevOps {{!}} Tom Geraghty |url=https://tomgeraghty.co.uk/index.php/the-history-and-evolution-of-devops/ |access-date=2020-11-29 |language=en-GB}}</ref>


===Agile===
===Agile===
{{Main|Agile software development}}
{{Main|Agile software development}}
The motivations for what has become modern DevOps and several standard DevOps practices such as automated build and test, [[continuous integration]], and [[continuous delivery]] originated in the Agile world, which dates (informally) to the 1990s, and formally to 2001. Agile development teams using methods such as [[Extreme programming|Extreme Programming]] couldn't "satisfy the customer through early and continuous delivery of valuable software"<ref>{{Cite web|title=Principles behind the Agile Manifesto|url=https://agilemanifesto.org/principles.html|access-date=2020-12-06|website=agilemanifesto.org}}</ref> unless they subsumed the operations / infrastructure responsibilities associated with their applications, many of which they automated. Because [[Scrum (software development)|Scrum]] emerged as the dominant Agile framework in the early 2000s and it omitted the engineering practices that were part of many Agile teams, the movement to automate operations / infrastructure functions splintered from Agile and expanded into what has become modern DevOps. Today, DevOps focuses on the deployment of developed software, whether it is developed via Agile or other methodologies.
The motivations for what has become modern DevOps and several standard DevOps practices such as automated build and test, [[continuous integration]], and [[continuous delivery]] originated in the Agile world, which dates (informally) to the 1990s, and formally to 2001. Agile development teams using methods such as [[extreme programming]] couldn't "satisfy the customer through early and continuous delivery of valuable software"<ref>{{Cite web |title=Principles behind the Agile Manifesto |url=https://agilemanifesto.org/principles.html |access-date=2020-12-06 |website=agilemanifesto.org}}</ref> unless they took responsibility for operations and infrastructure for their applications, automating much of that work. Because [[Scrum (software development)|Scrum]] emerged as the dominant Agile framework in the early 2000s and it omitted the engineering practices that were part of many Agile teams, the movement to automate operations and infrastructure functions splintered from Agile and expanded into what has become modern DevOps. Today, DevOps focuses on the deployment of developed software, whether it is developed using Agile oriented methodologies or other methodologies.


===ArchOps===
===ArchOps===
ArchOps presents an extension for DevOps practice, starting from [[software architecture]] artifacts, instead of source code, for operation deployment.<ref>{{cite book |last1=Castellanos |first1=Camilo |last2=Correal |first2=Dario |date=15 September 2018|title=Executing Architectural Models for Big Data Analytics |journal=Lecture Notes in Computer Science |volume=11048 |pages=364–371 |doi=10.1007/978-3-030-00761-4_24 |isbn=978-3-030-00760-7 }}</ref> ArchOps states that architectural models are first-class entities in software development, deployment, and operations.
ArchOps presents an extension for DevOps practice, starting from [[software architecture]] artifacts, instead of source code, for operation deployment.<ref>{{Cite book |last1=Castellanos |first1=Camilo |title=Software Architecture |last2=Correal |first2=Dario |date=15 September 2018 |isbn=978-3-030-00760-7 |series=Lecture Notes in Computer Science |volume=11048 |pages=364–371 |chapter=Executing Architectural Models for Big Data Analytics |doi=10.1007/978-3-030-00761-4_24}}</ref> ArchOps states that architectural models are first-class entities in software development, deployment, and operations.


===CI/CD===
=== Continuous Integration and Delivery (CI/CD) ===
{{Main|CI/CD}}
{{Main|CI/CD}}
Automation is a core principle for achieving DevOps success and CI/CD is a critical component.<ref name="CD_HJ">{{cite book|title=Continuous Delivery: reliable software releases through build, test, and deployment automation|last1=Humble|first1=Jez|last2=Farley|first2=David|date=2011|publisher=Pearson Education Inc.|isbn=978-0-321-60191-9}}</ref>
Automation is a core principle for achieving DevOps success and CI/CD is a critical component.<ref>{{Cite book |last1=Humble |first1=Jez |title=Continuous Delivery: reliable software releases through build, test, and deployment automation |last2=Farley |first2=David |date=2011 |publisher=Pearson Education Inc. |isbn=978-0-321-60191-9}}</ref> Plus, improved collaboration and communication between and within teams helps achieve faster [[time to market]], with reduced risks.<ref>{{Cite journal |last=Chen |first=Lianping |year=2015 |title=Continuous Delivery: Huge Benefits, but Challenges Too |journal=IEEE Software |volume=32 |issue=2 |pages=50–54 |doi=10.1109/MS.2015.27 |s2cid=1241241}}</ref>


=== Mobile DevOps ===
CI/CD consists of [[continuous integration]] (CI) and [[continuous delivery]] (CD), or [[continuous deployment]] (CD). Used together, the three processes automate build, testing, and deployment so DevOps teams can ship code changes faster and more reliably. When referring to CI/CD, the “CD” being referenced is usually continuous delivery, not continuous deployment. Continuous delivery and other CI/CD processes are focused on automating [[software delivery]] tasks, while DevOps also focuses on the organizational change to support great collaboration between the many functions involved. Both share a common background in [[agile methods]] and [[lean thinking]], prioritizing small and frequent changes with focused value to the end customer. This ensures two things: Software is always in a releasable state throughout its lifecycle, which makes it cheaper and less risky to deliver the software.
{{Main|Mobile DevOps}}


Mobile DevOps is a set of practices that applies the principles of DevOps specifically to the development of mobile applications. Traditional DevOps focuses on streamlining the [[software development process]] in general, but [[Mobile app development|mobile development]] has its own unique challenges that require a tailored approach.<ref>{{Cite book |last1=Tak |first1=Rohin |title=Mobile DevOps: Deliver continuous integration and deployment within your mobile applications |last2=Modi |first2=Jhalak |date=2018 |publisher=Packt Publishing |isbn=9781788296243 |pages=12–18}}</ref> Mobile DevOps is not simply as a branch of DevOps specific to mobile app development, instead an extension and reinterpretation of the DevOps philosophy due to very specific requirements of the mobile world.
Plus, improved collaboration and communication between and within teams helps achieve faster [[time to market]], with reduced risks.<ref name="CD_LC">{{Cite journal |doi = 10.1109/MS.2015.27|title = Continuous Delivery: Huge Benefits, but Challenges Too|journal = IEEE Software|volume = 32|issue = 2|pages = 50–54|year = 2015|last1 = Chen|first1 = Lianping|s2cid = 1241241}}</ref>

===DataOps===
{{Main|DataOps}}
The application of continuous delivery and DevOps to data analytics has been termed DataOps. DataOps seeks to integrate data engineering, data integration, data quality, data security, and data privacy with operations. It applies principles from DevOps, [[Agile software development|Agile Development]] and the [[statistical process control]], used in [[lean manufacturing]], to improve the cycle time of extracting value from data analytics.


===Site-reliability engineering===
===Site-reliability engineering===
{{Main|Site reliability engineering}}
{{Main|Site reliability engineering}}
In 2003, [[Google]] developed [[site reliability engineering]] (SRE), an approach for releasing new features continuously into large-scale high-availability systems while maintaining high-quality end-user experience.<ref>{{cite book|title=Site Reliability Engineering|date=April 2016|publisher=O'Reilly Media|first1=Betsy|last1=Beyer|first2=Chris|last2=Jones|first3=Jennifer|last3=Petoff|first4=Niall Richard|last4=Murphy|isbn=978-1-4919-2909-4}}</ref> While SRE predates the development of DevOps, they are generally viewed as being related to each other.
In 2003, [[Google]] developed [[site reliability engineering]] (SRE), an approach for releasing new features continuously into large-scale high-availability systems while maintaining high-quality end-user experience.<ref>{{Cite book |last1=Beyer |first1=Betsy |title=Site Reliability Engineering |last2=Jones |first2=Chris |last3=Petoff |first3=Jennifer |last4=Murphy |first4=Niall Richard |date=April 2016 |publisher=O'Reilly Media |isbn=978-1-4919-2909-4}}</ref> While SRE predates the development of DevOps, they are generally viewed as being related to each other. Some of the original authors of the discipline consider SRE as an implementation of DevOps.<ref>{{cite web |url=https://driftboatdave.com/2018/10/09/interview-with-betsy-beyer-stephen-thorne-of-google/ |title=Interview with Betsy Beyer, Stephen Thorne of Google |date=9 Oct 2018 |author=Dave Harrison |access-date=24 July 2024}}</ref>


===Toyota production system, lean thinking, kaizen===
===Toyota production system, lean thinking, kaizen===
{{main|Toyota Production System}}
{{main|Toyota Production System}}
Toyota production system, also known under the acronym TPS, was the inspiration for [[lean thinking]] with its focus on [[continuous improvement process|continuous improvement]], [[kaizen]], flow and small batches. The [[Andon (manufacturing)|Andon cord principle]] to create fast feedback, swarm and solve problems stems from TPS.<ref>[https://opensource.com/article/18/11/analyzing-devops Analyzing the DNA of DevOps], Brent Aaron Reed, Willy Schaub, 2018-11-14.</ref><ref>The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations, Gene Kim, Patrick Debois, John Willis, Jezz Humble, 2016</ref>
Toyota production system, also known under the acronym TPS, was the inspiration for [[lean thinking]] with its focus on [[continuous improvement process|continuous improvement]], [[kaizen]], flow and small batches. The [[Andon (manufacturing)|andon cord principle]] to create fast feedback, swarm and solve problems stems from TPS.<ref>[https://opensource.com/article/18/11/analyzing-devops Analyzing the DNA of DevOps], Brent Aaron Reed, Willy Schaub, 2018-11-14.</ref><ref>{{Cite book |last1=Gene Kim |title=The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations |last2=Patrick Debois |last3=John Willis |last4=Jezz Humble |date=2016}}</ref>


===DevSecOps, Shifting Security Left===
===DevSecOps, shifting security left===
[https://www.copado.com/why-copado/devsecops/ DevSecOps] is an augmentation of DevOps to allow for security practices to be integrated into the DevOps approach. Contrary to a traditional centralized security team model, each delivery team is empowered to factor in the correct security controls into their software delivery. Security practices and testing are performed earlier in the development lifecycle, hence the term [[Shift-left testing|"shift left"]] can be used. Security is tested in three main areas: static, software composition, and dynamic.
DevSecOps is an augmentation of DevOps to allow for security practices to be integrated into the DevOps approach. Contrary to a traditional centralized security team model, each delivery team is empowered to factor in the correct security controls into their software delivery. Security practices and testing are performed earlier in the development lifecycle, hence the term "[[Shift-left testing|shift left]]". Security is tested in three main areas: static, software composition, and dynamic.


Checking the code statically via [[static application security testing]] (SAST) is [[white-box testing]] with special focus on security. Depending on the programming language, different tools are needed to do such static code analysis. The software composition is analyzed, especially libraries and their versions are checked against vulnerability lists published by [[Computer emergency response team|CERT]] and other expert groups. When giving software to clients, licenses and its match to the one of the software distributed are in focus, especially [[copyleft]] licenses. Dynamic testing is also called [[black-box testing]]. The software is tested without knowing its inner functions. In DevSecOps it is on one hand called [[Dynamic application security testing|dynamically]] (DAST), or penetration testing. The goal is to catch, amongst others, errors like [[cross-site scripting]], or [[SQL injection]] early. Threat types are for example published by the [[OWASP|open web application security project]], e.g. its TOP10.<ref>[https://owasp.org/Top10/ OWASP TOP10], Open web application security project, accessed 2021-11-25.</ref> On the other hand, especially with [[microservices]] interactive application testing (IAST) is helpful to check which code is executed when running automated functional tests, the focus is to detect vulnerabilities within the applications. Contrary to SAST and DAST, IAST works inside the application.
Checking software statically via [[static application security testing]] (SAST) is [[white-box testing]] with special focus on security. Depending on the programming language, different tools are needed to do such static code analysis. The software composition is analyzed, especially libraries, and the version of each component is checked against vulnerability lists published by [[Computer emergency response team|CERT]] and other expert groups. When giving software to clients, library licenses and their match to the license of the software distributed are in focus, especially [[copyleft]] licenses.


In dynamic testing, also called [[black-box testing]], software is tested without knowing its inner functions. In DevSecOps this practice may be referred to as [[dynamic application security testing]] (DAST) or penetration testing. The goal is early detection of defects including [[cross-site scripting]] and [[SQL injection]] vulnerabilities. Threat types are published by the [[OWASP|open web application security project]], e.g. its TOP10,<ref>{{Cite web |title=OWASP TOP10 |url=https://owasp.org/Top10/ |url-status=live |archive-url=https://web.archive.org/web/20230608171837/https://owasp.org/Top10/ |archive-date=June 8, 2023 |access-date=June 8, 2023}}</ref> and by other bodies.
Very similar to IAST, [[Runtime application self-protection]] (RASP) runs inside the application. Its instrumentation focuses to detect attacks not in test cycles, but during productive runtime. Attacks can be either reported via monitoring and alerting, or actively blocked. RASP alerts help [[security information and event management]] (SIEM).

DevSecOps has also been described as a cultural shift involving a holistic approach to producing secure software by integrating security education, security by design, and security automation.<ref>{{Cite book |last=Wilson |first=Glenn |title='DevSecOps: A leader's guide to producing secure software with compromising flow, feedback and continuous improvement' |date=December 2020 |publisher=Rethink Press |isbn=978-1781335024}}</ref>


==Cultural change==
==Cultural change==
DevOps initiatives can create cultural changes in companies<ref>{{cite report |title=Emerging Technology Analysis: DevOps a Culture Shift, Not a Technology |publisher=Gartner}}</ref> by transforming the way [[Information technology operations|operations]], [[Software developer|developers]], and [[Software testing|testers]] collaborate during the development and delivery processes.<ref name="loukides-2012" /> Getting these groups to work cohesively is a critical challenge in enterprise DevOps adoption.<ref>{{cite web|title=Gartner IT Glossary {{ndash}} devops|website=Gartner|url=http://www.gartner.com/it-glossary/devops/ | access-date= 30 October 2015}}</ref><ref name="Jones et al">{{Cite book| first1 = Stephen| title = Proceedings of the 2nd International Workshop on Quality-Aware Dev ''Ops'' - QUDOS 2016| pages = 7–11|last1 = Jones| first2 = Joost| last2 = Noppen|first3 = Fiona| last3 = Lettice| date = 21 July 2016| doi = 10.1145/2945408.2945410 | isbn = 9781450344111| s2cid = 515140| url = https://ueaeprints.uea.ac.uk/id/eprint/59131/4/Accepted_manuscript.pdf}}</ref> DevOps is as much about culture, as it is about the toolchain.<ref name="Building a DevOps culture">{{cite web|url=https://www.oreilly.com/ideas/building-a-devops-culture|title=Building a DevOps culture|author= Mandi Walls|date=25 September 2015|publisher=O'Reilly}}</ref>
DevOps initiatives can create cultural changes in companies<ref>{{Cite report |title=Emerging Technology Analysis: DevOps a Culture Shift, Not a Technology |publisher=Gartner}}</ref> by transforming the way [[Information technology operations|operations]], [[Software developer|developers]], and [[Software testing|testers]] collaborate during the development and delivery processes.<ref>{{Cite web |last=Loukides |first=Mike |date=7 June 2012 |title=What is DevOps? |url=http://radar.oreilly.com/2012/06/what-is-devops.html |publisher=[[O'Reilly Media]]}}</ref> Getting these groups to work cohesively is a critical challenge in enterprise DevOps adoption.<ref>{{Cite web |title=Gartner IT Glossary {{ndash}} devops |url=http://www.gartner.com/it-glossary/devops/ |access-date=30 October 2015 |website=Gartner}}</ref><ref>{{Cite book |last1=Jones |first1=Stephen |url=https://ueaeprints.uea.ac.uk/id/eprint/59131/4/Accepted_manuscript.pdf |title=Proceedings of the 2nd International Workshop on Quality-Aware DevOps - QUDOS 2016 |last2=Noppen |first2=Joost |last3=Lettice |first3=Fiona |date=21 July 2016 |isbn=9781450344111 |pages=7–11 |doi=10.1145/2945408.2945410 |s2cid=515140}}</ref> DevOps is as much about culture as it is about the toolchain.<ref>{{Cite web |last=Mandi Walls |date=25 September 2015 |title=Building a DevOps culture |url=https://www.oreilly.com/ideas/building-a-devops-culture |publisher=O'Reilly}}</ref>

===Building a DevOps culture===
Organizational culture is a strong predictor of IT and organizational performance. Cultural practices such as information flow, collaboration, shared responsibilities, learning from failures and new ideas are central to DevOps. Team-building and other [[employee engagement]] activities are often used to create an environment that fosters this communication and cultural change within an organization. DevOps as a service approach allows developers and operations teams to take greater control of their applications and infrastructure without hindering speed. It also transfers the onus of owning a problem on to the development team, making them much more careful in their stride.

The 2015 State of DevOps Report discovered that the top seven measures with the strongest correlation to organizational culture are:
#Organizational investment
#Team leaders' experience and effectiveness
#Continuous delivery
#The ability of different disciplines (development, operations, and infosec) to achieve win-win outcomes
#Organizational performance
#Deployment pain
#Lean management practices

==Deployment==
Companies with very frequent releases may require knowledge on DevOps.{{citation needed|date=March 2019}} For example, the company that operates image hosting website [[Flickr]] developed a DevOps approach to support ten deployments a day. Daily deployment cycles would be much higher at organizations producing multi-focus or multi-function applications.{{citation needed|date=March 2019}} Daily deployment is referred to as [[continuous deployment]]

===Architecturally significant requirements===
To practice DevOps effectively, software applications have to meet a set of [[architecturally significant requirements]] (ASRs), such as: deployability, modifiability, testability, and monitor-ability.


===Microservices===
===Microservices===
Although in principle it is possible to practice DevOps with any architectural style, the [[microservices]] architectural style is becoming the standard for building continuously deployed systems. Small size service allows the architecture of an individual service to emerge through continuous refactoring,<ref name="Ach_Chen">{{cite conference |title=Towards an Evidence-Based Understanding of Emergence of Architecture through Continuous Refactoring in Agile Software Development|first1=Lianping |last1=Chen |first2=Muhammad|last2=Ali Babar|date=2014 |book-title=The 11th Working IEEE/IFIP Conference on Software Architecture(WICSA 2014) |publisher=IEEE|doi=10.1109/WICSA.2014.45}}</ref>.
Although in principle it is possible to practice DevOps with any architectural style, the [[microservices]] architectural style is becoming the standard for building continuously deployed systems. Small size service allows the architecture of an individual service to emerge through continuous refactoring.<ref>{{Cite conference |last1=Chen |first1=Lianping |last2=Ali Babar |first2=Muhammad |date=2014 |title=2014 IEEE/IFIP Conference on Software Architecture |publisher=IEEE |pages=195–204 |doi=10.1109/WICSA.2014.45 |isbn=978-1-4799-3412-6 |chapter=Towards an Evidence-Based Understanding of Emergence of Architecture through Continuous Refactoring in Agile Software Development |book-title=The 11th Working IEEE/IFIP Conference on Software Architecture(WICSA 2014)}}</ref>


===DevOps automation===
===DevOps automation===
It also supports consistency, reliability, and efficiency within the organization, and is usually enabled by a shared code repository or version control. As DevOps researcher Ravi Teja Yarlagadda hypothesizes, "Through DevOps, there is an assumption that all functions can be carried out, controlled, and managed in a central place using a simple code."<ref>{{cite ssrn |last1=Teja Yarlagadda |first1=Ravi |title=DevOps and Its Practices |date=9 March 2021 |ssrn=3798877}}</ref>
It also supports consistency, reliability, and efficiency within the organization, and is usually enabled by a shared code repository or version control. As DevOps researcher Ravi Teja Yarlagadda hypothesizes, "Through DevOps, there is an assumption that all functions can be carried out, controlled, and managed in a central place using a simple code."<ref>{{Cite SSRN |title=DevOps and Its Practices |last=Teja Yarlagadda |first=Ravi |date=9 March 2021 |ssrn=3798877}}</ref>


==== Automation with version control ====
==== Automation with version control ====
Many organizations use version control to power DevOps automation technologies like [[virtual machines]], containerization (or [[OS-level virtualization]]), and [[CI/CD]]. The paper DevOps: development of a toolchain in the banking domain notes that with teams of developers working on the same project, "All developers need to make changes to the same codebase and sometimes edit even the same files. For efficient working, there has to be a system that helps engineers avoid conflicts and retain the codebase history,"<ref>{{cite thesis |last1=Morisio |first1=Maurizio |title=DevOps: development of a toolchain in the banking domain |journal=Politecnico di Torino |date=16 April 2021 |url=https://webthesis.biblio.polito.it/18120/ |access-date=16 August 2021|type=laurea }}</ref> with the Git version control system and the GitHub platform referenced as examples.
Many organizations use [[version control]] to power DevOps automation technologies like [[virtual machines]], containerization (or [[OS-level virtualization]]), and [[CI/CD]]. The paper "DevOps: development of a toolchain in the banking domain" notes that with teams of developers working on the same project, "All developers need to make changes to the same codebase and sometimes edit even the same files. For efficient working, there has to be a system that helps engineers avoid conflicts and retain the codebase history,"<ref>{{Cite thesis |last=Morisio |first=Maurizio |title=DevOps: development of a toolchain in the banking domain |date=16 April 2021 |access-date=16 August 2021 |degree=laurea |url=https://webthesis.biblio.polito.it/18120/ |journal=Politecnico di Torino}}</ref> with the [[Git]] version control system and the [[GitHub]] platform referenced as examples.


== Adoption ==
==GitOps==
GitOps evolved from DevOps. The specific state of deployment configuration is [[version-control]]led. Because the most popular [[version-control]] is [[Git]], GitOps' approach has been named after [[Git]]. Changes to configuration can be managed using [[code review]] practices, and can be rolled back using version-controlling. Essentially, all of the changes to a code are tracked, bookmarked, and making any updates to the history can be made easier. As explained by [[Red Hat]], ''"visibility to change means the ability to trace and reproduce issues quickly, improving overall security."''<ref>{{Cite web |title=What is GitOps? |url=https://www.redhat.com/en/topics/devops/what-is-gitops |access-date=2023-03-30 |website=www.redhat.com |language=en}}</ref>
===DevOps practices and adoption===
DevOps practices, and their dependencies include a dependency network which connects potential benefits to an ordered chain of practices. Using this network organizations can choose a path that enables fulfillment of their goals.

Adoption of DevOps is being driven by many factors – including:
# Use of agile and other [[software development process|development processes]] and methods;
# Demand for an increased rate of production releases – from application and business unit [[Stakeholder (corporate)|stakeholders]];
# Wide availability of virtualized and [[Cloud computing|cloud infrastructure]] – from internal and external providers;
# Increased usage of [[data center]] automation and [[configuration management]] tools;
# Increased focus on [[test automation]] and [[continuous integration]] methods;
# A critical mass of publicly available best practices.


==See also==
==See also==
* [[Twelve-factor app]]
* [[DataOps]]
* [[DevOps toolchain]]
* [[Twelve-Factor App methodology]]
* [[Infrastructure as code]]
* [[Infrastructure as code]]
* [[Internet application management]]
* [[Lean software development]]
* [[Lean software development]]
* [[Site reliability engineering]]
* [[Value stream]]
* [[Value stream]]
* [[List of build automation software]]


==Notes==
==Notes==

{{notelist}}
{{notelist}}


==References==
==References==

{{Reflist|30em}}
{{reflist|1=30em}}


==Further reading==
==Further reading==
* {{Cite book|title=Effective DevOps : building a culture of collaboration, affinity, and tooling at scale|last1=Davis|first1=Jennifer|last2=Daniels|first2=Ryn|publisher=O'Reilly|isbn=9781491926437|location=Sebastopol, CA|oclc=951434424|date=2016-05-30}}
* {{Cite book|title=The DevOps handbook : how to create world-class agility, reliability, and security in technology organizations|last1=Kim|first1=Gene|last2=Debois|first2=Patrick|last3=Willis|first3=John|last4=Humble|first4=Jez|last5=Allspaw|first5=John|isbn=9781942788003|edition=First|location=Portland, OR|oclc=907166314|date=2015-10-07}}
* {{Cite book|title=Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations|last1=Forsgren|first1=Nicole|last2=Humble|first2=Jez|last3=Kim|first3=Gene|isbn=9781942788331|edition=First|publisher=IT Revolution Press|date=27 March 2018}}


* {{Cite book |last1=Davis |first1=Jennifer |title=Effective DevOps : building a culture of collaboration, affinity, and tooling at scale |last2=Daniels |first2=Ryn |date=2016-05-30 |publisher=O'Reilly |isbn=9781491926437 |location=Sebastopol, CA |oclc=951434424}}

* {{Cite book |last1=Kim |first1=Gene |title=The DevOps handbook : how to create world-class agility, reliability, and security in technology organizations |last2=Debois |first2=Patrick |last3=Willis |first3=John |last4=Humble |first4=Jez |last5=Allspaw |first5=John |date=2015-10-07 |isbn=9781942788003 |edition=First |location=Portland, OR |oclc=907166314}}

* {{Cite book |last1=Forsgren |first1=Nicole |title=Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations |last2=Humble |first2=Jez |last3=Kim |first3=Gene |date=27 March 2018 |publisher=IT Revolution Press |isbn=9781942788331 |edition=First}}

{{Software engineering|state=expanded}}
{{Authority control}}
{{Authority control}}


Line 142: Line 108:
[[Category:Software development process]]
[[Category:Software development process]]
[[Category:Information technology management]]
[[Category:Information technology management]]
[[Category:Software development]]

Latest revision as of 01:53, 16 September 2024

DevOps is a methodology in the software development and IT industry. Used as a set of practices and tools, DevOps integrates and automates the work of software development (Dev) and IT operations (Ops) as a means for improving and shortening the systems development life cycle.[1] DevOps is complementary to agile software development; several DevOps aspects came from the agile way of working.

Automation is an important part of DevOps. Software programmers and architects should use "fitness functions" to keep their software in check.[2]

Definition

[edit]

Other than it being a cross-functional combination (and a portmanteau) of the terms and concepts for "development" and "operations", academics and practitioners have not developed a universal definition for the term "DevOps".[a][b][c][d] Most often, DevOps is characterized by key principles: shared ownership, workflow automation, and rapid feedback. From an academic perspective, Len Bass, Ingo Weber, and Liming Zhu—three computer science researchers from the CSIRO and the Software Engineering Institute—suggested defining DevOps as "a set of practices intended to reduce the time between committing a change to a system and the change being placed into normal production, while ensuring high quality".[6] However, the term is used in multiple contexts. At its most successful, DevOps is a combination of specific practices, culture change, and tools.[7]

History

[edit]

Proposals to combine software development methodologies with deployment and operations concepts began to appear in the late 80s and early 90s.[8]

Around 2007 and 2008, concerns were raised by those within the software development and IT communities that the separation between the two industries, where one wrote and created software entirely separate from those that deploy and support the software was creating a fatal level of dysfunction within the industry.[9]

In 2009, the first conference named DevOps Days was held in Ghent, Belgium. The conference was founded by Belgian consultant, project manager and agile practitioner Patrick Debois.[10][11] The conference has now spread to other countries.[12]

In 2012, a report called "State of DevOps" was first published by Alanna Brown at Puppet Labs.[13][14]

As of 2014, the annual State of DevOps report was published by Nicole Forsgren, Gene Kim, Jez Humble and others. They stated that the adoption of DevOps was accelerating.[15][16] Also in 2014, Lisa Crispin and Janet Gregory wrote the book More Agile Testing, containing a chapter on testing and DevOps.[17][18]

In 2016, the DORA metrics for throughput (deployment frequency, lead time for changes), and stability (mean time to recover, change failure rate) were published in the State of DevOps report.[13] However, the research methodology and metrics were criticized by experts.[19][20][21][22] In response to these criticisms, the 2023 State of DevOps report [23] published changes that updated the stability metric "mean time to recover" to "failed deployment recovery time" acknowledging the confusion the former metric has caused.[24]

Relationship to other approaches

[edit]

Many of the ideas fundamental to DevOps practices are inspired by, or mirror, other well known practices such as Lean and Deming's Plan-Do-Check-Act cycle, through to The Toyota Way and the Agile approach of breaking down components and batch sizes.[25] Contrary to the "top-down" prescriptive approach and rigid framework of ITIL in the 1990s, DevOps is "bottom-up" and flexible, having been created by software engineers for their own needs.[26]

Agile

[edit]
Main article: Agile software development

The motivations for what has become modern DevOps and several standard DevOps practices such as automated build and test, continuous integration, and continuous delivery originated in the Agile world, which dates (informally) to the 1990s, and formally to 2001. Agile development teams using methods such as extreme programming couldn't "satisfy the customer through early and continuous delivery of valuable software"[27] unless they took responsibility for operations and infrastructure for their applications, automating much of that work. Because Scrum emerged as the dominant Agile framework in the early 2000s and it omitted the engineering practices that were part of many Agile teams, the movement to automate operations and infrastructure functions splintered from Agile and expanded into what has become modern DevOps. Today, DevOps focuses on the deployment of developed software, whether it is developed using Agile oriented methodologies or other methodologies.

ArchOps

[edit]

ArchOps presents an extension for DevOps practice, starting from software architecture artifacts, instead of source code, for operation deployment.[28] ArchOps states that architectural models are first-class entities in software development, deployment, and operations.

Continuous Integration and Delivery (CI/CD)

[edit]
Main article: CI/CD

Automation is a core principle for achieving DevOps success and CI/CD is a critical component.[29] Plus, improved collaboration and communication between and within teams helps achieve faster time to market, with reduced risks.[30]

Mobile DevOps

[edit]
Main article: Mobile DevOps

Mobile DevOps is a set of practices that applies the principles of DevOps specifically to the development of mobile applications. Traditional DevOps focuses on streamlining the software development process in general, but mobile development has its own unique challenges that require a tailored approach.[31] Mobile DevOps is not simply as a branch of DevOps specific to mobile app development, instead an extension and reinterpretation of the DevOps philosophy due to very specific requirements of the mobile world.

Site-reliability engineering

[edit]
Main article: Site reliability engineering

In 2003, Google developed site reliability engineering (SRE), an approach for releasing new features continuously into large-scale high-availability systems while maintaining high-quality end-user experience.[32] While SRE predates the development of DevOps, they are generally viewed as being related to each other. Some of the original authors of the discipline consider SRE as an implementation of DevOps.[33]

Toyota production system, lean thinking, kaizen

[edit]
Main article: Toyota Production System

Toyota production system, also known under the acronym TPS, was the inspiration for lean thinking with its focus on continuous improvement, kaizen, flow and small batches. The andon cord principle to create fast feedback, swarm and solve problems stems from TPS.[34][35]

DevSecOps, shifting security left

[edit]

DevSecOps is an augmentation of DevOps to allow for security practices to be integrated into the DevOps approach. Contrary to a traditional centralized security team model, each delivery team is empowered to factor in the correct security controls into their software delivery. Security practices and testing are performed earlier in the development lifecycle, hence the term "shift left". Security is tested in three main areas: static, software composition, and dynamic.

Checking software statically via static application security testing (SAST) is white-box testing with special focus on security. Depending on the programming language, different tools are needed to do such static code analysis. The software composition is analyzed, especially libraries, and the version of each component is checked against vulnerability lists published by CERT and other expert groups. When giving software to clients, library licenses and their match to the license of the software distributed are in focus, especially copyleft licenses.

In dynamic testing, also called black-box testing, software is tested without knowing its inner functions. In DevSecOps this practice may be referred to as dynamic application security testing (DAST) or penetration testing. The goal is early detection of defects including cross-site scripting and SQL injection vulnerabilities. Threat types are published by the open web application security project, e.g. its TOP10,[36] and by other bodies.

DevSecOps has also been described as a cultural shift involving a holistic approach to producing secure software by integrating security education, security by design, and security automation.[37]

Cultural change

[edit]

DevOps initiatives can create cultural changes in companies[38] by transforming the way operations, developers, and testers collaborate during the development and delivery processes.[39] Getting these groups to work cohesively is a critical challenge in enterprise DevOps adoption.[40][41] DevOps is as much about culture as it is about the toolchain.[42]

Microservices

[edit]

Although in principle it is possible to practice DevOps with any architectural style, the microservices architectural style is becoming the standard for building continuously deployed systems. Small size service allows the architecture of an individual service to emerge through continuous refactoring.[43]

DevOps automation

[edit]

It also supports consistency, reliability, and efficiency within the organization, and is usually enabled by a shared code repository or version control. As DevOps researcher Ravi Teja Yarlagadda hypothesizes, "Through DevOps, there is an assumption that all functions can be carried out, controlled, and managed in a central place using a simple code."[44]

Automation with version control

[edit]

Many organizations use version control to power DevOps automation technologies like virtual machines, containerization (or OS-level virtualization), and CI/CD. The paper "DevOps: development of a toolchain in the banking domain" notes that with teams of developers working on the same project, "All developers need to make changes to the same codebase and sometimes edit even the same files. For efficient working, there has to be a system that helps engineers avoid conflicts and retain the codebase history,"[45] with the Git version control system and the GitHub platform referenced as examples.

GitOps

[edit]

GitOps evolved from DevOps. The specific state of deployment configuration is version-controlled. Because the most popular version-control is Git, GitOps' approach has been named after Git. Changes to configuration can be managed using code review practices, and can be rolled back using version-controlling. Essentially, all of the changes to a code are tracked, bookmarked, and making any updates to the history can be made easier. As explained by Red Hat, "visibility to change means the ability to trace and reproduce issues quickly, improving overall security."[46]

See also

[edit]

Notes

[edit]
  1. ^ Dyck et al. (2015) "To our knowledge, there is no uniform definition for the terms release engineering and DevOps. As a consequence, many people use their own definitions or rely on others, which results in confusion about those terms."[3]
  2. ^ Jabbari et al. (2016) "The research results of this study showed the need for a definition as individual studies do not consistently define DevOps."[4]
  3. ^ Erich et al. (2017) "We noticed that there are various gaps in the study of DevOps: There is no consensus of what concepts DevOps covers, nor how DevOps is defined."[5]
  4. ^ Erich et al. (2017) "We discovered that there exists little agreement about the characteristics of DevOps in the academic literature."[5]

References

[edit]
  1. ^ Courtemanche, Meredith; Mell, Emily; Gills, Alexander S. "What Is DevOps? The Ultimate Guide". TechTarget. Retrieved 2023-01-22.
  2. ^ Fundamentals of Software Architecture: An Engineering Approach. O'Reilly Media. 2020. ISBN 978-1492043454.
  3. ^ Dyck, Andrej; Penners, Ralf; Lichter, Horst (2015-05-19). "Towards Definitions for Release Engineering and DevOps". 2015 IEEE/ACM 3rd International Workshop on Release Engineering. IEEE. p. 3. doi:10.1109/RELENG.2015.10. ISBN 978-1-4673-7070-7. S2CID 4659735.
  4. ^ Jabbari, Ramtin; bin Ali, Nauman; Petersen, Kai; Tanveer, Binish (May 2016). "What is DevOps?: A Systematic Mapping Study on Definitions and Practices". Proceedings of the 2016 Scientific Workshop. Association for Computing Machinery.
  5. ^ a b Erich, F.M.A.; Amrit, C.; Daneva, M. (June 2017). "A Qualitative Study of DevOps Usage in Practice" (PDF). Journal of Software: Evolution and Process. 29 (6): e1885. doi:10.1002/smr.1885. S2CID 35914007.
  6. ^ Bass, Len; Weber, Ingo; Zhu, Liming (2015). DevOps: A Software Architect's Perspective. Addison-Wesley. ISBN 978-0134049847.
  7. ^ Muñoz, Mirna; Negrete Rodríguez, Mario (April 2021). "A guidance to implement or reinforce a DevOps approach in organizations: A case study". {{cite journal}}: Cite journal requires |journal= (help)
  8. ^ Chapman, M., Gatti, N: A model of a service life cycle, Proceedings of TINA '93, pp. I-205–I-215, Sep., 1993.
  9. ^ Atlassian. "History of DevOps". Atlassian. Retrieved 2023-02-23.
  10. ^ Mezak, Steve (25 January 2018). "The Origins of DevOps: What's in a Name?". devops.com. Retrieved 6 May 2019.
  11. ^ Debois, Patrick (9 October 2008). "Agile 2008 Toronto". Just Enough Documented Information. Retrieved 12 March 2015.
  12. ^ Debois, Patrick. "DevOps Days". DevOps Days. Retrieved 31 March 2011.
  13. ^ a b Alana Brown; Nicole Forsgren; Jez Humble; Nigel Kersten; Gene Kim (2016). "2016 State of DevOps Report" (PDF). Puppet Labs, DORA (DevOps Research. Retrieved 2024-04-24.
  14. ^ "Puppet - Alanna Brown". Puppet Labs. Retrieved 2019-04-27.
  15. ^ Nicole Forsgren; Gene Kim; Nigel Kersten; Jez Humble (2014). "2014 State of DevOps Report" (PDF). Puppet Labs, IT Revolution Press and ThoughtWorks. Retrieved 2024-04-24.
  16. ^ "2015 State of DevOps Report" (PDF). Puppet Labs, Pwc, IT Revolution Press. 2015. Retrieved 2024-04-24.
  17. ^ "More Agile Testing" (PDF). October 2014. Retrieved 2019-05-06.
  18. ^ Crispin, Lisa; Gregory, Janet (October 2014). More Agile Testing. Addison-Wesley. ISBN 9780133749571. Retrieved 2019-05-06.
  19. ^ Turner, Graham (20 November 2023). "Report: Software Engineers Face Backlash for Reporting Wrongdoing". DIGIT. Retrieved 5 January 2024.
  20. ^ Saran, Cliff. "Software engineers worry about speaking out - Computer Weekly". ComputerWeekly.com. Retrieved 5 January 2024.
  21. ^ "75% of software engineers faced retaliation the last time they reported wrongdoing - ETHRWorldSEA". ETHRWorld.com.
  22. ^ Cummins, Holly. "Holly Cummins on X". X.com. Retrieved 5 January 2024.
  23. ^ DeBellis, Derek; Lewis, Amanda; Villalba, Daniella; Farley, Dave. "2023 State of DevOps Report". Google Cloud DevOps Research and Assessment. Retrieved 2024-04-24.
  24. ^ DeBellis, Derek; Harvey, Nathan. "2023 State of DevOps Report: Culture is everything". Google Cloud Blog. Retrieved 2024-04-24.
  25. ^ Klein, Brandon Thorin (2021-05-01). "The DevOps: A Concise Understanding to the DevOps Philosophy and Science". Osti.gov. doi:10.2172/1785164. OSTI 1785164. S2CID 236606284.
  26. ^ "The History and Evolution of DevOps | Tom Geraghty". 5 July 2020. Retrieved 2020-11-29.
  27. ^ "Principles behind the Agile Manifesto". agilemanifesto.org. Retrieved 2020-12-06.
  28. ^ Castellanos, Camilo; Correal, Dario (15 September 2018). "Executing Architectural Models for Big Data Analytics". Software Architecture. Lecture Notes in Computer Science. Vol. 11048. pp. 364–371. doi:10.1007/978-3-030-00761-4_24. ISBN 978-3-030-00760-7.
  29. ^ Humble, Jez; Farley, David (2011). Continuous Delivery: reliable software releases through build, test, and deployment automation. Pearson Education Inc. ISBN 978-0-321-60191-9.
  30. ^ Chen, Lianping (2015). "Continuous Delivery: Huge Benefits, but Challenges Too". IEEE Software. 32 (2): 50–54. doi:10.1109/MS.2015.27. S2CID 1241241.
  31. ^ Tak, Rohin; Modi, Jhalak (2018). Mobile DevOps: Deliver continuous integration and deployment within your mobile applications. Packt Publishing. pp. 12–18. ISBN 9781788296243.
  32. ^ Beyer, Betsy; Jones, Chris; Petoff, Jennifer; Murphy, Niall Richard (April 2016). Site Reliability Engineering. O'Reilly Media. ISBN 978-1-4919-2909-4.
  33. ^ Dave Harrison (9 Oct 2018). "Interview with Betsy Beyer, Stephen Thorne of Google". Retrieved 24 July 2024.
  34. ^ Analyzing the DNA of DevOps, Brent Aaron Reed, Willy Schaub, 2018-11-14.
  35. ^ Gene Kim; Patrick Debois; John Willis; Jezz Humble (2016). The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations.
  36. ^ "OWASP TOP10". Archived from the original on June 8, 2023. Retrieved June 8, 2023.
  37. ^ Wilson, Glenn (December 2020). 'DevSecOps: A leader's guide to producing secure software with compromising flow, feedback and continuous improvement'. Rethink Press. ISBN 978-1781335024.
  38. ^ Emerging Technology Analysis: DevOps a Culture Shift, Not a Technology (Report). Gartner.
  39. ^ Loukides, Mike (7 June 2012). "What is DevOps?". O'Reilly Media.
  40. ^ "Gartner IT Glossary – devops". Gartner. Retrieved 30 October 2015.
  41. ^ Jones, Stephen; Noppen, Joost; Lettice, Fiona (21 July 2016). Proceedings of the 2nd International Workshop on Quality-Aware DevOps - QUDOS 2016 (PDF). pp. 7–11. doi:10.1145/2945408.2945410. ISBN 9781450344111. S2CID 515140.
  42. ^ Mandi Walls (25 September 2015). "Building a DevOps culture". O'Reilly.
  43. ^ Chen, Lianping; Ali Babar, Muhammad (2014). "2014 IEEE/IFIP Conference on Software Architecture". The 11th Working IEEE/IFIP Conference on Software Architecture(WICSA 2014). IEEE. pp. 195–204. doi:10.1109/WICSA.2014.45. ISBN 978-1-4799-3412-6.
  44. ^ Teja Yarlagadda, Ravi (9 March 2021). "DevOps and Its Practices". SSRN 3798877.
  45. ^ Morisio, Maurizio (16 April 2021). DevOps: development of a toolchain in the banking domain. Politecnico di Torino (laurea thesis). Retrieved 16 August 2021.
  46. ^ "What is GitOps?". www.redhat.com. Retrieved 2023-03-30.

Further reading

[edit]
  • Davis, Jennifer; Daniels, Ryn (2016-05-30). Effective DevOps : building a culture of collaboration, affinity, and tooling at scale. Sebastopol, CA: O'Reilly. ISBN 9781491926437. OCLC 951434424.
  • Kim, Gene; Debois, Patrick; Willis, John; Humble, Jez; Allspaw, John (2015-10-07). The DevOps handbook : how to create world-class agility, reliability, and security in technology organizations (First ed.). Portland, OR. ISBN 9781942788003. OCLC 907166314.{{cite book}}: CS1 maint: location missing publisher (link)
  • Forsgren, Nicole; Humble, Jez; Kim, Gene (27 March 2018). Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations (First ed.). IT Revolution Press. ISBN 9781942788331.
Retrieved from "https://en.wikipedia.org/w/index.php?title=DevOps&oldid=1245953239"