On October 21st, we hosted a webinar titled, Step Up You DevOps Game with 4 Key Integrations for Jira and Bitbucket. I covered 4 key DevOps practices - agile testing, DevSecOps, feature flagging, and observability - and examples of integrations in each area. If you haven’t see it, you can view an on-demand version of the presentation here.
We received far too many, albeit good, questions during the Q&A portion, so I’d like to answer some of them here. Read Q&As for the other two DevOps practices, as well:
These are very similar ideas. Traditional approaches to security and monitoring often leave these as responsibilities “handed off” to another team so they can feel unfamiliar to team new to DevOps. In a DevOps world, security and monitoring become part of every feature or bug fix. The “big idea” of DevSecOps is just making sure that code changes are used as opportunities to make sure the application is secure, not just waiting for a report from an external team. I think observability can be considered “intentional monitoring”. In other words, making sure there are good log statements in the code and there are good ways to check what is happening inside the application, without relying on a debugger.
This question gets at the heart of how we're using old tools in new ways. I think one aspect of logging that may change in some teams is being more intentional. Like making sure you are logging the right things in order to do better post-incident analysis, or to reveal problems when they are happening. It's a bit like agile testing or DevSecOps in that you want to plan for what can go wrong, and make logging useful. Sometimes this takes practice. Like asking during post-incident analysis, “What do we wish we knew from logs?”
Putting DevOps aside, there’s already a blog post on 6 steps to better release management in Jira Software. In a DevOps world, I hope your teams can separate deployment from release. Even in a DevOps world, I think release managers can play an important role making sure that all release expectations are understood early. For example, when I was a Product Manager, it really helped me to know about export controls and licensing restrictions for my packaged software from the start. That’s because I could influence development decisions to keep the deployment and release processes easy. When it’s just a surprise at the end, that can lead to a lot of stressful efforts or blowing the release schedule altogether.
While there isn’t a Bamboo-specific App in the Marketplace for Snyk, you can call Snyk directly using a Node.js library using a Bamboo script task. I prefer that I can call all the tools in my continuous delivery pipelines locally using a build script. It really helps with debugging. That means most of my pipeline is expressed with Bamboo script tasks, rather than with specialized Bamboo tasks.
Yes. But you might be able to get by with a free Snyk plan with 200 tests per month for open source vulnerabilities on private projects. Rather than testing with every commit, you might just run a daily scan to keep under the limit. In addition, you should check out OWASP’s lists for SAST and DAST which both include some free and open-source options. The free options may not offer the same kind of security checks and might not help as much with prioritization; however, most teams could really use all the help they can get.
Now that you know how to step up your DevOps game with key DevOps practices to consider, you may find our new DevOps guides helpful. Whether you’re a beginner, intermediate, or advanced in your DevOps, find recommendations and inspiration for how to combine your tools and DevOps practices.
To see more in-depth demos or explainer videos of the integrations highlighted in the webinar by visiting our curated DevOps marketplace page of integrations in the four categories covered. Not only do partner pages have additional content available in the Marketplace, but most of our Marketplace is full of additional videos, screenshots, and documentation so you can discover these integrations as you see fit. Let us know in the comments what additional demos you’re interested in watching!
Learn more and get inspired by other materials we’ve published for your reading pleasure:
DevSecOps: Injecting Security into CD Pipelines. Learn how DevSecOps impacts on the CD pipeline and the security posture of agile development teams.
Realizing the full potential of DevSecOps. Four strategies to achieve a true DevSecOps culture.
Supercharge your DevSecOps mission with Atlassian tools. Atlassian is now available on the United States Air Force Platform One.
How Dynatrace and Atlassian help transform your operations team to work smarter not harder. Have you ever wondered how you can improve incident and problem resolution for enterprise software? The team at Atlassian & Dynatrace have been wondering, and decided to collaborate to identify the right solution.
Hello folks, This is a series of articles where I explain GitHub Script with GitHub Actions and how you can automate publishing data on Atlassian & GitHub Platform based on the results of Workf...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events