SlideShare uma empresa Scribd logo

Data Driven Decisions in DevOps

L
Leon Stigter

With everything going on in DevOps, I think we can safely say that building pipelines is the way to deploy your applications to production. But knowing what you deploy to production and whether it is actually okay needs more data, like security checks, performance checks, and budget checks. We’ve come up with a process for that, which we call Continuous Verification “A process of querying external systems and using information from the response to make decisions to improve the development and deployment process.” In this session, we’ll look at extending an existing CI/CD pipeline with checks for security, performance, and cost to make a decision on whether we want to deploy our app or not.

Software
1 de 30
Confidential │ ©2020 VMware, Inc. Data Driven Decisions in DevOps Add More To Your Pipelines Leon Stigter Product Manager @VMware July 2nd, 2020
2Confidential │ ©2020 VMware, Inc. Technology Is Changing Rapidly @retgits | @MyDevSecOps
3Confidential │ ©2020 VMware, Inc. Changing Technology Means Changing Infrastructure @retgits | @MyDevSecOps
4Confidential │ ©2020 VMware, Inc. Changing Infrastructure Changing Means Rethink How You Deploy… @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 5 2020 stack Gone are the “simple” days of centralized stacks Application Architectures Are Changing 2000’s stack App Database Webserver Environment App Environment Cache Database Logs @retgits | @MyDevSecOps
6Confidential │ ©2020 VMware, Inc. “Amazon.com does 136,000 fully automated deployments per day” Ken Exner, Director AWS Dev Resources Source: https://techbeacon.com/devops/going-big-devops-how-scale-continuous-delivery-success @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 7 Applications Are The New Unit of Measure For Ops AWS does 136,000 fully automated deployments every day, but… Ø Less than 50% of organizations has CI/CD pipelines Ø Less than 6% has fully automated CI/CD pipelines Deployments @retgits | @MyDevSecOps
8Confidential │ ©2020 VMware, Inc. “I really want to spend my day sitting in front of screens watching DevOps pipelines…” - No one ever… @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 9 Who am I? Ø Product Manager, turned Developer Advocate, turned Product Manager again… Ø Passionate about Serverless, Containers, and all things Cloud Ø I love dadjokes, cheesecake, and Go @retgits Leon Stigter, Product Manager App Toolkit go.retgits.com/mydevsecops @retgits | @MyDevSecOps
10Confidential │ ©2020 VMware, Inc. “Y’all only do VMs at VMware, right?” - Pretty much everyone, ever @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 11 We deeply care about building apps, for example with the Kubernetes ecosystem… @retgits | @MyDevSecOps
12Confidential │ ©2020 VMware, Inc. But I’m Not Here To Sell You Things… @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 13 Let’s get back to DevOps @retgits | @MyDevSecOps
14Confidential │ ©2020 VMware, Inc. “software deployment” should be high quality and repeat-able as it “leaves the factory” @retgits | @MyDevSecOps
15Confidential │ ©2020 VMware, Inc. “Efficiency comes through the (re)use of common components” @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 16 CI/CD Pipelines are the vehicle for deployment @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 17 Most operations checks are done post deployment Re-deploy @retgits | @MyDevSecOps Cost Security Utilization Performance
Confidential │ ©2020 VMware, Inc. 18 Continuous Verification “A process of querying external system(s) and using information from the response to make decision(s) to improve the development and deployment process.” @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 19 Increase Efficiency And Reduce Operational Overhead Traditional Pipeline Extending Pipeline(s) External Actor External Actor Continuous Verification @retgits | @MyDevSecOps
20Confidential │ ©2020 VMware, Inc. “Automating your entire pipeline, including cost and governance, gives you more time to spend on the beach” #BeachOps @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 21 “A process of querying external system(s) and using information from the response to make decision(s) to improve the development and deployment process.” ØContinuous Security (environment validations, deployment security, etc) ØCost and Resource Management in CI/CD ØImage Verification ØAuthorization (normalized IAM/RBAC between AWS, Azure, GCP, and on prem) ØApplication performance and SLA Continuous Verification What is it? @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 22 Continuous Verification Scenario Do we have capacity & budget in the project/account/etc? Do we follow best practices and security guidelines for accounts and permissions? Look at performance stats in test/dev environment Are my dependencies secure? @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 23 Answering questions, like A)Will this deployment exceed the budget now? B) Is there enough capacity for resources in EC2, RDS, etc. below the utilization budget? C) What are the optimal resources (i.e. rightsized EC2 instance, RI, etc) to use for this deployment? D) Is the deployment running within budget with the right resources and are there recommendations? Because money is important… Cost @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 24 Clair Vulnerability scans EC2 security group - port 22 is publicly accessible S3 Bucket or Blob Storage is open to the world Database instances (RDS / S3) are not encrypted User has active keys but has not rotated them AWS VPC Flow logs / Azure Network Security Group Flow Logs - “What’s happening in my cloud network?” AWS Cloud Trail / Azure Activity Log - “Who, when and what CRUD operations were performed on which services in the account?” AWS Guard Duty / Azure Advanced Threat Protection - “That looks sketchy !!” Avoids data exposure to anonymous users/applications Prevents privileged escalation and unauthorized access to resources Ensures compliance with regulations like PCI, HIPPA Security Safety matters to everyone Pre Deployment Post Deployment Why In A Pipeline?
Confidential │ ©2020 VMware, Inc. 25 Open Source Security Source: State of Open Source Security Report 2020, Snyk
Confidential │ ©2020 VMware, Inc. 26 Answers questions, like: Does my K8s cluster have enough capacity to deploy this new app Where are the bottlenecks in my architecture Are the spikes in CPU usage normal How can I visualize which path traffic takes through my architecture Is there latency issues on my app using high volume traffic generation Can the database scale and support the needed capacity The User experience matters too! Performance Checks
Confidential │ ©2020 VMware, Inc. 27 Let’s Go See That in Action… @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 28 One Small Disclaimer… I’m about to use tools that I’m comfortable with, you should use tools that you choose… @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. 29 Recap Do we have capacity & budget in the project/account/etc? Do we follow best practices and security guidelines for accounts and permissions? Look at performance stats in test/dev environmentAre my dependencies secure? @retgits | @MyDevSecOps
Confidential │ ©2020 VMware, Inc. Thank You @retgits The awesome icons in this deck are made by Freepik and Flat Icons from www.flaticon.com retgits.com go.retgits.com/ mydevsecops

Recomendados

Aaron Swain at VMware Tanzu Public Sector Connect 2021
Aaron Swain at VMware Tanzu Public Sector Connect 2021Aaron Swain at VMware Tanzu Public Sector Connect 2021
Aaron Swain at VMware Tanzu Public Sector Connect 2021
VMware Tanzu
 
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
VMware Tanzu
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
VMware Tanzu
 
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & Infostretch
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & InfostretchApp-First & Cloud-Native: How InterMiles Boosted CX with AWS & Infostretch
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & Infostretch
Infostretch
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
DevOps.com
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it Work
VMware Tanzu
 
Digitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředíDigitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředí
MarketingArrowECS_CZ
 

Recomendados

Aaron Swain at VMware Tanzu Public Sector Connect 2021
Aaron Swain at VMware Tanzu Public Sector Connect 2021Aaron Swain at VMware Tanzu Public Sector Connect 2021
Aaron Swain at VMware Tanzu Public Sector Connect 2021
VMware Tanzu
 
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
July 28: Tanzu Mission Control: Resolving Kubernetes fragmentation across Dev...
VMware Tanzu
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
VMware Tanzu
 
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & Infostretch
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & InfostretchApp-First & Cloud-Native: How InterMiles Boosted CX with AWS & Infostretch
App-First & Cloud-Native: How InterMiles Boosted CX with AWS & Infostretch
Infostretch
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
DevOps.com
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it Work
VMware Tanzu
 
Digitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředíDigitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředí
MarketingArrowECS_CZ
 
Getting Security in the Loop: Building Balanced Teams
Getting Security in the Loop: Building Balanced TeamsGetting Security in the Loop: Building Balanced Teams
Getting Security in the Loop: Building Balanced Teams
VMware Tanzu
 
Containers: Give Me The Facts, Not The Hype - AppD Summit Europe
Containers: Give Me The Facts, Not The Hype - AppD Summit EuropeContainers: Give Me The Facts, Not The Hype - AppD Summit Europe
Containers: Give Me The Facts, Not The Hype - AppD Summit Europe
AppDynamics
 
Spring Cloud Kubernetes: An Easier Path from Idea to Production
Spring Cloud Kubernetes: An Easier Path from Idea to ProductionSpring Cloud Kubernetes: An Easier Path from Idea to Production
Spring Cloud Kubernetes: An Easier Path from Idea to Production
VMware Tanzu
 
A Leader’s Guide to DevOps Practices and Culture
A Leader’s Guide to DevOps Practices and CultureA Leader’s Guide to DevOps Practices and Culture
A Leader’s Guide to DevOps Practices and Culture
VMware Tanzu
 
Infrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricInfrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service Fabric
Saba Jamalian
 
Stability anti patterns in cloud-native applications
Stability anti patterns in cloud-native applicationsStability anti patterns in cloud-native applications
Stability anti patterns in cloud-native applications
Ana-Maria Mihalceanu
 
From Monolith to Microservices – and Beyond!
From Monolith to Microservices – and Beyond!From Monolith to Microservices – and Beyond!
From Monolith to Microservices – and Beyond!
Jules Pierre-Louis
 
Application Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesApplication Security in the Cloud - Best Practices
Application Security in the Cloud - Best Practices
RightScale
 
Developers Are Users, Too
Developers Are Users, TooDevelopers Are Users, Too
Developers Are Users, Too
VMware Tanzu
 
OPS Executive insights Webinar - Accenture
OPS Executive insights Webinar - AccentureOPS Executive insights Webinar - Accenture
OPS Executive insights Webinar - Accenture
VMware Tanzu
 
Dockercon 2015 - Faster Cheaper Safer
Dockercon 2015 - Faster Cheaper SaferDockercon 2015 - Faster Cheaper Safer
Dockercon 2015 - Faster Cheaper Safer
Adrian Cockcroft
 
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision APIUsing Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
VMware Tanzu
 
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
VMware Tanzu
 
Operational Transformation: Teachers’ Journey from App Servers to VMware Tanzu
Operational Transformation: Teachers’ Journey from App Servers to VMware TanzuOperational Transformation: Teachers’ Journey from App Servers to VMware Tanzu
Operational Transformation: Teachers’ Journey from App Servers to VMware Tanzu
VMware Tanzu
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
DevOps.com
 
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed ServiceCloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
VMware Tanzu
 
Cloud Native Runtime Platform
Cloud Native Runtime PlatformCloud Native Runtime Platform
Cloud Native Runtime Platform
VMware Tanzu
 
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
How Online Retailer Resident Scaled DevOps with AWS and CloudShell ColonyHow Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
DevOps.com
 
7 Virtues of a Next-gen ADC
7 Virtues of a Next-gen ADC7 Virtues of a Next-gen ADC
7 Virtues of a Next-gen ADC
Avi Networks
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated Environments
DevOps.com
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
VMware Tanzu
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless World
Leon Stigter
 

Mais conteúdo relacionado

Mais procurados

Containers: Give Me The Facts, Not The Hype - AppD Summit Europe
Containers: Give Me The Facts, Not The Hype - AppD Summit EuropeContainers: Give Me The Facts, Not The Hype - AppD Summit Europe
Containers: Give Me The Facts, Not The Hype - AppD Summit Europe
AppDynamics
 
From Monolith to Microservices – and Beyond!
From Monolith to Microservices – and Beyond!From Monolith to Microservices – and Beyond!
From Monolith to Microservices – and Beyond!
Jules Pierre-Louis
 
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision APIUsing Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
VMware Tanzu
 
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed ServiceCloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
VMware Tanzu
 
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
How Online Retailer Resident Scaled DevOps with AWS and CloudShell ColonyHow Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
DevOps.com
 

Mais procurados (20)

Getting Security in the Loop: Building Balanced Teams
Getting Security in the Loop: Building Balanced TeamsGetting Security in the Loop: Building Balanced Teams
Getting Security in the Loop: Building Balanced Teams
 
Containers: Give Me The Facts, Not The Hype - AppD Summit Europe
Containers: Give Me The Facts, Not The Hype - AppD Summit EuropeContainers: Give Me The Facts, Not The Hype - AppD Summit Europe
Containers: Give Me The Facts, Not The Hype - AppD Summit Europe
 
Spring Cloud Kubernetes: An Easier Path from Idea to Production
Spring Cloud Kubernetes: An Easier Path from Idea to ProductionSpring Cloud Kubernetes: An Easier Path from Idea to Production
Spring Cloud Kubernetes: An Easier Path from Idea to Production
 
A Leader’s Guide to DevOps Practices and Culture
A Leader’s Guide to DevOps Practices and CultureA Leader’s Guide to DevOps Practices and Culture
A Leader’s Guide to DevOps Practices and Culture
 
Infrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service FabricInfrastructure less development with Azure Service Fabric
Infrastructure less development with Azure Service Fabric
 
Stability anti patterns in cloud-native applications
Stability anti patterns in cloud-native applicationsStability anti patterns in cloud-native applications
Stability anti patterns in cloud-native applications
 
From Monolith to Microservices – and Beyond!
From Monolith to Microservices – and Beyond!From Monolith to Microservices – and Beyond!
From Monolith to Microservices – and Beyond!
 
Application Security in the Cloud - Best Practices
Application Security in the Cloud - Best PracticesApplication Security in the Cloud - Best Practices
Application Security in the Cloud - Best Practices
 
Developers Are Users, Too
Developers Are Users, TooDevelopers Are Users, Too
Developers Are Users, Too
 
OPS Executive insights Webinar - Accenture
OPS Executive insights Webinar - AccentureOPS Executive insights Webinar - Accenture
OPS Executive insights Webinar - Accenture
 
Dockercon 2015 - Faster Cheaper Safer
Dockercon 2015 - Faster Cheaper SaferDockercon 2015 - Faster Cheaper Safer
Dockercon 2015 - Faster Cheaper Safer
 
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision APIUsing Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
Using Pivotal Cloud Foundry with Google’s BigQuery and Cloud Vision API
 
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
 
Operational Transformation: Teachers’ Journey from App Servers to VMware Tanzu
Operational Transformation: Teachers’ Journey from App Servers to VMware TanzuOperational Transformation: Teachers’ Journey from App Servers to VMware Tanzu
Operational Transformation: Teachers’ Journey from App Servers to VMware Tanzu
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed ServiceCloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
 
Cloud Native Runtime Platform
Cloud Native Runtime PlatformCloud Native Runtime Platform
Cloud Native Runtime Platform
 
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
How Online Retailer Resident Scaled DevOps with AWS and CloudShell ColonyHow Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
How Online Retailer Resident Scaled DevOps with AWS and CloudShell Colony
 
7 Virtues of a Next-gen ADC
7 Virtues of a Next-gen ADC7 Virtues of a Next-gen ADC
7 Virtues of a Next-gen ADC
 
DevOps for Highly Regulated Environments
DevOps for Highly Regulated EnvironmentsDevOps for Highly Regulated Environments
DevOps for Highly Regulated Environments
 

Semelhante a Data Driven Decisions in DevOps

Pivotal Platform - December Release A First Look
Pivotal Platform - December Release A First LookPivotal Platform - December Release A First Look
Pivotal Platform - December Release A First Look
VMware Tanzu
 
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to AvoidChoosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
eG Innovations
 
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceOptimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
ThousandEyes
 
What's New in eG Enterprise v6 - Unified performance monitoring, diagnosis, a...
What's New in eG Enterprise v6 - Unified performance monitoring, diagnosis, a...What's New in eG Enterprise v6 - Unified performance monitoring, diagnosis, a...
What's New in eG Enterprise v6 - Unified performance monitoring, diagnosis, a...
eG Innovations
 
Scaling Your SaaS with Analytics-Driven Insights and Wavefront Integrations f...
Scaling Your SaaS with Analytics-Driven Insights and Wavefront Integrations f...Scaling Your SaaS with Analytics-Driven Insights and Wavefront Integrations f...
Scaling Your SaaS with Analytics-Driven Insights and Wavefront Integrations f...
Amazon Web Services
 
Azure Overview Arc
Azure Overview ArcAzure Overview Arc
Azure Overview Arc
rajramab
 

Semelhante a Data Driven Decisions in DevOps (20)

tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless World
 
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceOptimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
 
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceEMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
 
Pivotal Platform - December Release A First Look
Pivotal Platform - December Release A First LookPivotal Platform - December Release A First Look
Pivotal Platform - December Release A First Look
 
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to AvoidChoosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
Choosing a Citrix Monitoring Strategy: Key Capabilities and Pitfalls to Avoid
 
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceOptimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
 
Wavefront by vmware june 2019 - legraswindow
Wavefront by vmware june 2019 - legraswindowWavefront by vmware june 2019 - legraswindow
Wavefront by vmware june 2019 - legraswindow
 
What's New in eG Enterprise v6 - Unified performance monitoring, diagnosis, a...
What's New in eG Enterprise v6 - Unified performance monitoring, diagnosis, a...What's New in eG Enterprise v6 - Unified performance monitoring, diagnosis, a...
What's New in eG Enterprise v6 - Unified performance monitoring, diagnosis, a...
 
Realise True Business Value .pdf
Realise True Business Value .pdfRealise True Business Value .pdf
Realise True Business Value .pdf
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
 
Scaling Your SaaS with Analytics-Driven Insights and Wavefront Integrations f...
Scaling Your SaaS with Analytics-Driven Insights and Wavefront Integrations f...Scaling Your SaaS with Analytics-Driven Insights and Wavefront Integrations f...
Scaling Your SaaS with Analytics-Driven Insights and Wavefront Integrations f...
 
Application Modernization with PKS / Kubernetes
Application Modernization with PKS / KubernetesApplication Modernization with PKS / Kubernetes
Application Modernization with PKS / Kubernetes
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service Mesh
 
Realize True Business Value With ThousandEyes
Realize True Business Value With ThousandEyesRealize True Business Value With ThousandEyes
Realize True Business Value With ThousandEyes
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
Azure Overview Arc
Azure Overview ArcAzure Overview Arc
Azure Overview Arc
 
2023_2_CNCF_TAP_Backstage.pdf
2023_2_CNCF_TAP_Backstage.pdf2023_2_CNCF_TAP_Backstage.pdf
2023_2_CNCF_TAP_Backstage.pdf
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101
 

Mais de Leon Stigter

Building Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonBuilding Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and Tekton
Leon Stigter
 
Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019
Leon Stigter
 
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonTrusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Leon Stigter
 

Mais de Leon Stigter (20)

Thinking Stateful Serverless
Thinking Stateful ServerlessThinking Stateful Serverless
Thinking Stateful Serverless
 
Test driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knativeTest driving event-driven apps on kubernetes with kind, tekton, and knative
Test driving event-driven apps on kubernetes with kind, tekton, and knative
 
Building Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and TektonBuilding Event-Driven Workflows with Knative and Tekton
Building Event-Driven Workflows with Knative and Tekton
 
Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup Every Talk Has To Be Unique @ DevRel Meetup
Every Talk Has To Be Unique @ DevRel Meetup
 
Continuous Verification in a Serverless World
Continuous Verification in a Serverless WorldContinuous Verification in a Serverless World
Continuous Verification in a Serverless World
 
Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019Trusting Your Ingredients @DevOpsDays Columbus 2019
Trusting Your Ingredients @DevOpsDays Columbus 2019
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes… Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
 
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
Refactoring to Modules - Why, How and Everything Else I Can Fit In 45 Minutes…
 
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In CommonTrusting Your Ingredients - What Building Software And Cheesecake Have In Common
Trusting Your Ingredients - What Building Software And Cheesecake Have In Common
 
Building a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules RepositoryBuilding a Kubernetes Powered Central Go Modules Repository
Building a Kubernetes Powered Central Go Modules Repository
 
Refactoring to Go modules: why and how
Refactoring to Go modules: why and howRefactoring to Go modules: why and how
Refactoring to Go modules: why and how
 
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
Persistence is futile (or is it?) - How to Manage, Version, and Promote Docke...
 
Data Driven DevOps
Data Driven DevOpsData Driven DevOps
Data Driven DevOps
 
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & CodefreshWhere did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
Where did my modules GO? Building and deploying Go Apps w/ GoCenter & Codefresh
 
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire FireDevOps Theory vs. Practice: A Song of Ice and Tire Fire
DevOps Theory vs. Practice: A Song of Ice and Tire Fire
 
The Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With ConfidenceThe Art of Deploying Artifacts to Production With Confidence
The Art of Deploying Artifacts to Production With Confidence
 
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and LambdaProject Flogo: Serverless Integration, Powered by Flogo and Lambda
Project Flogo: Serverless Integration, Powered by Flogo and Lambda
 
Project Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the EnterpriseProject Flogo: An Event-Driven Stack for the Enterprise
Project Flogo: An Event-Driven Stack for the Enterprise
 
The Road to a Cloud-First Enterprise
The Road to a Cloud-First EnterpriseThe Road to a Cloud-First Enterprise
The Road to a Cloud-First Enterprise
 
Building serverless apps with Go & SAM
Building serverless apps with Go & SAMBuilding serverless apps with Go & SAM
Building serverless apps with Go & SAM
 

Último

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 

Último (20)

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 

Data Driven Decisions in DevOps

  • 1. Confidential │ ©2020 VMware, Inc. Data Driven Decisions in DevOps Add More To Your Pipelines Leon Stigter Product Manager @VMware July 2nd, 2020
  • 2. 2Confidential │ ©2020 VMware, Inc. Technology Is Changing Rapidly @retgits | @MyDevSecOps
  • 3. 3Confidential │ ©2020 VMware, Inc. Changing Technology Means Changing Infrastructure @retgits | @MyDevSecOps
  • 4. 4Confidential │ ©2020 VMware, Inc. Changing Infrastructure Changing Means Rethink How You Deploy… @retgits | @MyDevSecOps
  • 5. Confidential │ ©2020 VMware, Inc. 5 2020 stack Gone are the “simple” days of centralized stacks Application Architectures Are Changing 2000’s stack App Database Webserver Environment App Environment Cache Database Logs @retgits | @MyDevSecOps
  • 6. 6Confidential │ ©2020 VMware, Inc. “Amazon.com does 136,000 fully automated deployments per day” Ken Exner, Director AWS Dev Resources Source: https://techbeacon.com/devops/going-big-devops-how-scale-continuous-delivery-success @retgits | @MyDevSecOps
  • 7. Confidential │ ©2020 VMware, Inc. 7 Applications Are The New Unit of Measure For Ops AWS does 136,000 fully automated deployments every day, but… Ø Less than 50% of organizations has CI/CD pipelines Ø Less than 6% has fully automated CI/CD pipelines Deployments @retgits | @MyDevSecOps
  • 8. 8Confidential │ ©2020 VMware, Inc. “I really want to spend my day sitting in front of screens watching DevOps pipelines…” - No one ever… @retgits | @MyDevSecOps
  • 9. Confidential │ ©2020 VMware, Inc. 9 Who am I? Ø Product Manager, turned Developer Advocate, turned Product Manager again… Ø Passionate about Serverless, Containers, and all things Cloud Ø I love dadjokes, cheesecake, and Go @retgits Leon Stigter, Product Manager App Toolkit go.retgits.com/mydevsecops @retgits | @MyDevSecOps
  • 10. 10Confidential │ ©2020 VMware, Inc. “Y’all only do VMs at VMware, right?” - Pretty much everyone, ever @retgits | @MyDevSecOps
  • 11. Confidential │ ©2020 VMware, Inc. 11 We deeply care about building apps, for example with the Kubernetes ecosystem… @retgits | @MyDevSecOps
  • 12. 12Confidential │ ©2020 VMware, Inc. But I’m Not Here To Sell You Things… @retgits | @MyDevSecOps
  • 13. Confidential │ ©2020 VMware, Inc. 13 Let’s get back to DevOps @retgits | @MyDevSecOps
  • 14. 14Confidential │ ©2020 VMware, Inc. “software deployment” should be high quality and repeat-able as it “leaves the factory” @retgits | @MyDevSecOps
  • 15. 15Confidential │ ©2020 VMware, Inc. “Efficiency comes through the (re)use of common components” @retgits | @MyDevSecOps
  • 16. Confidential │ ©2020 VMware, Inc. 16 CI/CD Pipelines are the vehicle for deployment @retgits | @MyDevSecOps
  • 17. Confidential │ ©2020 VMware, Inc. 17 Most operations checks are done post deployment Re-deploy @retgits | @MyDevSecOps Cost Security Utilization Performance
  • 18. Confidential │ ©2020 VMware, Inc. 18 Continuous Verification “A process of querying external system(s) and using information from the response to make decision(s) to improve the development and deployment process.” @retgits | @MyDevSecOps
  • 19. Confidential │ ©2020 VMware, Inc. 19 Increase Efficiency And Reduce Operational Overhead Traditional Pipeline Extending Pipeline(s) External Actor External Actor Continuous Verification @retgits | @MyDevSecOps
  • 20. 20Confidential │ ©2020 VMware, Inc. “Automating your entire pipeline, including cost and governance, gives you more time to spend on the beach” #BeachOps @retgits | @MyDevSecOps
  • 21. Confidential │ ©2020 VMware, Inc. 21 “A process of querying external system(s) and using information from the response to make decision(s) to improve the development and deployment process.” ØContinuous Security (environment validations, deployment security, etc) ØCost and Resource Management in CI/CD ØImage Verification ØAuthorization (normalized IAM/RBAC between AWS, Azure, GCP, and on prem) ØApplication performance and SLA Continuous Verification What is it? @retgits | @MyDevSecOps
  • 22. Confidential │ ©2020 VMware, Inc. 22 Continuous Verification Scenario Do we have capacity & budget in the project/account/etc? Do we follow best practices and security guidelines for accounts and permissions? Look at performance stats in test/dev environment Are my dependencies secure? @retgits | @MyDevSecOps
  • 23. Confidential │ ©2020 VMware, Inc. 23 Answering questions, like A)Will this deployment exceed the budget now? B) Is there enough capacity for resources in EC2, RDS, etc. below the utilization budget? C) What are the optimal resources (i.e. rightsized EC2 instance, RI, etc) to use for this deployment? D) Is the deployment running within budget with the right resources and are there recommendations? Because money is important… Cost @retgits | @MyDevSecOps
  • 24. Confidential │ ©2020 VMware, Inc. 24 Clair Vulnerability scans EC2 security group - port 22 is publicly accessible S3 Bucket or Blob Storage is open to the world Database instances (RDS / S3) are not encrypted User has active keys but has not rotated them AWS VPC Flow logs / Azure Network Security Group Flow Logs - “What’s happening in my cloud network?” AWS Cloud Trail / Azure Activity Log - “Who, when and what CRUD operations were performed on which services in the account?” AWS Guard Duty / Azure Advanced Threat Protection - “That looks sketchy !!” Avoids data exposure to anonymous users/applications Prevents privileged escalation and unauthorized access to resources Ensures compliance with regulations like PCI, HIPPA Security Safety matters to everyone Pre Deployment Post Deployment Why In A Pipeline?
  • 25. Confidential │ ©2020 VMware, Inc. 25 Open Source Security Source: State of Open Source Security Report 2020, Snyk
  • 26. Confidential │ ©2020 VMware, Inc. 26 Answers questions, like: Does my K8s cluster have enough capacity to deploy this new app Where are the bottlenecks in my architecture Are the spikes in CPU usage normal How can I visualize which path traffic takes through my architecture Is there latency issues on my app using high volume traffic generation Can the database scale and support the needed capacity The User experience matters too! Performance Checks
  • 27. Confidential │ ©2020 VMware, Inc. 27 Let’s Go See That in Action… @retgits | @MyDevSecOps
  • 28. Confidential │ ©2020 VMware, Inc. 28 One Small Disclaimer… I’m about to use tools that I’m comfortable with, you should use tools that you choose… @retgits | @MyDevSecOps
  • 29. Confidential │ ©2020 VMware, Inc. 29 Recap Do we have capacity & budget in the project/account/etc? Do we follow best practices and security guidelines for accounts and permissions? Look at performance stats in test/dev environmentAre my dependencies secure? @retgits | @MyDevSecOps
  • 30. Confidential │ ©2020 VMware, Inc. Thank You @retgits The awesome icons in this deck are made by Freepik and Flat Icons from www.flaticon.com retgits.com go.retgits.com/ mydevsecops