Auto-tech series - GitLab: Automation en route to faster software
This is a guest post for the Computer Weekly Developer Network written by Fatima Sarah Khalid, developer evangelist, GitLab.
Khalid writes in full as follows …
Early in my career, I was a city government’s only developer. My job was to maintain the city’s website, which consisted of a mishmash of applications, each with little documentation and each involving several stakeholders from different departments. To help navigate the complexity, I worked together with various departments and was the first to make weekly visits to the system administrators in the basement of the City Hall.
These visits marked the beginning of our shift towards DevSecOps.
Using DevSecOps, we brought together stakeholders across departments, set up automation tools and were able to streamline our processes, speed up the pace of website updates and reduce errors and crashes. Trust me: it’s not fun when the website crashes during the mayor’s annual address and constituents can’t access the speech.
It’s much better when you can deploy changes to the speech with a click.
Looking back, I often wonder how my experiences working for the city would have been different with access to the tools we have today. At the city, I struggled with multiple projects and dependencies, changing release priorities and had to constantly find and update deprecated code. Implementing custom pipeline configurations, setting up security scanning, using AI-assisted code to support updates would have enabled me to work more efficiently, but wouldn’t solve everything. To me, the future is automated software delivery — being able to automate the entire DevSecOps cycle, from ideation to deployment with automated infrastructure.
Did someone say automated DevSecOps?
Imagine being able to automate the entire software development process, from creating issues to deploying to your infrastructure in your cloud of choice. This would allow teams to focus on building solutions for an organisation’s more complex challenges. For instance:
- Having code testing coverage built into your CI/CD pipelines means you can deploy with confidence knowing everything will deploy as expected.
- Automated deployments ensure that websites, like I used to be responsible for, are up and running during important events (like the mayor’s state of address).
- Advanced pipeline configurations – including parent-child pipelines, multi-project pipelines and merge trains – make continuous integration, deliveryf and deployment more efficient and can be tailored to the needs of a complex project.
Secure code & compliance
Software automates repetitive tasks and eliminates manual work. By automating parts of the software lifecycle, developers can save time, skip repetitive tasks and avoid errors. An important part of this lifecycle is ensuring that applications remain secure and new code doesn’t introduce new vulnerabilities and meets your organisation’s regulatory and compliance standards.
Specifically:
- Performing security scanning in your CI/CD pipelines to check applications for known vulnerabilities such as data leaks, cross-site scripting, buffer overflows, or unauthorised access. This will help you proactively identify vulnerabilities and weaknesses in your applications.
- Setting up an auditing process for teams to ensure developers are securing their code and keeping track of vulnerabilities that could be not resolved immediately, like those WordPress ‘multisites’ that were spun for specific city campaigns and need to be updated to be secure.
- Restricting and monitoring access based on the principle of least privilege, utilising protected branches and merge request approval requirements to place restrictions on critical projects are ways to ensure compliance standards are being met.
Scaling for the future
Fatima Sarah Khalid: Using AI-assisted code to support updates would have allowed more sleep!
The future of DevSecOps involves automating your software delivery pipeline and bringing your focus back to the basics—the problems, often complex ones, that we’re solving for our organisations.
Platforms that help reduce the number of tools you’re managing and automate parts of the DevSecOps process can help get us there.
Looking back at my time in City Hall – with its multiple projects, legacy code and kiosks – I now realise how much impact today’s software development tools could have made on my team’s work creating more streamlined and efficient applications for city services.
Automating software delivery would have allowed us to spend less time troubleshooting code and more time focused on improving user experience and better serving our constituents. DevSecOps isn’t just about the tools, it’s about empowering every team member to be part of and contribute their expertise to the software development process.
Moreover… getting some extra sleep on the morning of the mayor’s address because real-time updates to the speech on the website won’t be as stressful as before.