2020 is here and it’s like we are watching a SciFi movie from the future 😉 But the future is now, no doubt about it. The last 5 years I hear from many companies that the SDLC trends have changed and many more tools are used to find bugs faster, to build faster, to deploy faster, new or legacy products. DevOps mentality plays a vital role to this effort and the reason for this is that the word “faster” in the previous statement can be used only if development, devops and operations teams work very close together.
Of course it’s hard to adopt new trends in legacy products but if you have time to redesign and can-do attitude nothing is impossible. I’m trying to adopt such trends in my teams as well. I’m pretty sure that in 2020 we will see new products and tools that help the software development lifecycle with more automation, AI/ML, testing, increased observability.
Let’s see which are the top 9 trends I picked up during my research and experiments.
1. Software Development Workflow
Everybody uses such tools. Git as a source code management tool is the most popular of all and all developers should be familiar with it. Many startups use cloud based git products like gitlab, bitbucket or github. On the other hand established companies or companies that believe their code is safer on premises, may use same products installed in their data centers. As the years pass more and more companies have distributed teams and engineers working remotely who need a way to collaborate, discuss, share their notes, ideas. Slack or Microsoft Teams are ones of such tools. Zoom or Jitsi Meet are also great collaboration tools.
2. Continuous Delivery / Continuous Integration
You definitely should use CI/CD tools in order to increase automation and improve your software reliability by getting feedback from every step of your development pipeline. Shipping code faster is number one priority of all companies.
We use a lot Jenkins, but there some other great CI/CD platforms like CircleCI, GitlabCI, TravisCI.
3. Testing
CI/CD platforms are also used to execute automated tests that the development or QA teams have implemented, in order to ensure that nothing has broken during the development pipelines. Each time we find a production issue we implement a new test case in our automated integration tests (whenever is possible) so that we make sure that this bug won’t happen again in a new release. We use a lot SonarQube, Selenium, JUnit, Findbugs and Jmeter.
4. DevSecOps
Everybody agrees that security is a very important chapter in the SDLC but devops teams did not put a lot of effort in this one. In 2020 DevSecOps is one of the trends that will play a major role in the development pipeline. But what exactly are the DevSecOps tasks that you should be dealing with? Some examples are:
a. checks for vulnerabilities in opensource libraries that your applications depend on
b. security vulnerabilities that our apps may be exposed to, like
- SQL Injection
- Cross Site Scripting
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross Site Request Forgery
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to restrict URL Access
c. train your development teams to write secure code
d. execute threat modelling and risk assessments
Fortunately there are now several tools out there that devops teams may use: Checkmarkx, Snyk, ShiftLeft, continuum security.
5. Orchestration
Simplification of the deployments of complex distributed software is definitely part of the development pipeline nowadays. Kubernetes, Docker Swarm, Amazon EKS, Azure AKS, Docker, Cloud Foundry are some of the tools/platforms that gives us the power of deploying faster, easier and more secure. Of course you have to master the learning curve of such tools, but when you do it you will be ready for large scale deployments in private or public clouds. An idea of playing around and experimenting with them is to setup on premises such tools and deploy apps of your staging environments. Learn best practices of writing Dockerfiles and make sure you know how to debug such environments when something goes wrong.
6. Log Management
No more grepping and searching in application log files. Log Management tools are kind of an oasis in the desert of huge and infinite log files, log databases, etc. Of course these tools cannot help troubleshooting if there are no log messages with the exact errors, so it depends on the development team on what information will be exposed through the logs. Several tools exist for logs management and analytics: Splunk, Elastic, Sumo logic, loggy.
7. Monitoring
New Relic, DataDog, Dynatrace and other companies provide log aggregation and consolidation. More and more products move to microservices and troubleshooting is harder since you need to read logs from different services or need to know which service was overloaded while asynchronous requests come in and you can’t find out only through the log messages what’s going on. For this reason application performance management features that these monitoring tools have are very useful on debugging.
8. Alerting
Fine-tuned alerts ensure you learn about software issues in real-time and the right people get notified at the right time. Sometimes email alerts are not enough, especially when something happens when your operations team sleeps. Phone or pager calls are the ideal for such situations. Some the tools that already exist: PagerDuty, OpsGenie, Solarwinds pingdom, Victor Ops, (x) matters.
9. Visualization
There are so much data coming from the monitoring tools that you need to have a way to visualize them in order to understand what’s going on with our systems. Thanks to the following tools you are able to understand the meaning of the high volumes of data: Kibana, Grafana, Prometheus, Datadog.