No content

INTRODUCTIONS George Miranda Technical Strategy Chef Software, Inc. @gmiranda23 . 

Velocity: time from idea to ship Software success metrics Quantifying outcomes to deliver software at speed Deployment frequency Time from commit to deploy Mean time to resolve Time deploying remediation Change failure rate SPEED Measure of rate of software change EFFICIENCY Measure of effectiveness of software change RISK Measure of quality of software change Compliance audit frequency Idea Ship 

QUALITY/COMPLIANCE RATE OF INNOVATION Perception: Speed vs. risk 

QUALITY/COMPLIANCE RATE OF INNOVATION Reality: Faster speed & lower risk 

Risk webinar poll results Is risk migitation slowing you down? Yes No Unsure Not applicable Yes 54% Most important challenges Overcome manual process Lack of team communication Uncertainty over tools Split 41% 

PART OF A PROCESS OF CONTINUOUS COMPLIANCE Scan for Compliance Build & Test Locally Build & Test CI/CD Remediate Verify A SIMPLE EXAMPLE OF AN INSPEC CIS RULE InSpec ▪ Integration testing framework ▪ Compliance automation framework ▪ One common language across teams Turn security and compliance into code control ‘cis-1.4.1’ do title ‘1.4.1 Enable SELinux in /etc/grub.conf’ desc ‘ Do not disable SELinux and enforcing in your GRUB configuration. These are important security features that prevent attackers from escalating their access to your systems. For reference see … ‘ impact 1.0 expect(grub_conf.param ‘selinux’).to_not eq ‘0’ expect(grub_conf.param ‘enforcing’).to_not eq ‘0’ end 

“The tools we use reinforce the behavior; the behavior reinforces the tool. Thus, if you want to change your behavior, change your tools.” – Adam Jacob, CTO, Chef Transforming culture 

Standard Bank pushes ideas from commit to deploy in 18 minutes with Chef Focus on Speed Measuring the rate of software change HIGH IT PERFORMERS MEDIUM IT PERFORMERS LOW IT PERFORMERS On-demand Week - Month Month – 6 Month < 1 Hour Week - Month Month - 6 month USE CASES INCLUDE: ▪ Application Delivery ▪ Build Pipelines DEPLOYMENT FREQUENCY TIME FROM COMMIT TO DEPLOY 

Deployment pipelines 

Pipeline shape VERIFY APPROVE COMMIT CHANGE BUILD ACCEPTANCE DELIVER UNION REHEARSAL DELIVERED 

● Write some code ● Write and run some unit tests ● Commit the change ● Pipeline runs integration/acceptance tests, etc ● Approve delivery to production ● Lowered chance of production failure Add a test Run the tests Make a little change Run the tests pass [development continues] fail fail pass pass [development stops] Test driven development 

Q&A George Miranda Technical Strategy Chef Software, Inc. @gmiranda23 . What challenges do you have when increasing your speed at shipping software? 

No content