Most teams need a variety of tools across multiple vendors to help them do their work and achieve their unique objectives. But, as our 2020 DevOps Trends Survey with CITE Research found, many teams experience challenges to implementing DevOps. There’s both a cultural and technical shift that’s required, and it can be unclear how to get started.
On October 21st, Atlassian’s own Ian Buchanan – principal solutions architect and DevOps expert – hosted a webinar titled “Step Up Your DevOps Game with 4 Key DevOps Integrations.” He shared how our partner ecosystem helps power an integrated DevOps toolchain and its value to our customers. Drawing from his experience with our largest partners and customers as well as Atlassian customer surveys and insights, Ian introduced four key DevOps practices to consider as you move through your DevOps journey. With help from our friends from SmartBear, Snyk, LaunchDarkly, and Dynatrace, we also presented tips on how to approach each of these practices.
Traditionally, testing is driven by the QA team, taking place only at the end of a project. But with the shift to agile and DevOps, teams strive to incorporate testing through the entire development process – from initial design through integration, deployment, and software delivery – resulting in reduced lead times and faster bug detection. With agile testing, tests are built as part of specification criteria and automation enables tests to be run on-demand.
Atlassian’s testing integrations are designed to make it easy for team members to view and manage tests directly within Jira. For instance, Zephyr for Jira – Test Management allows you to use Jira issues as tests and get a full picture of testing status and performance, without jumping to another application.
Tips for incorporating testing throughout your software development process
Design for a shared value of testing throughout the development process. This means, include testing in your planning stage and allow stakeholders in the development process to help define what each testing component looks like. This will save you time in your analysis of failures.
Establish centralized reporting that includes both details and a broad view. Build reporting that is available to all teams, and can be interpreted by developers as well as product managers and the CTO.
Integrate testing across each system in your DevOps workflow. Make an effort to incorporate testing progress and results across your tools, including automation frameworks and CI/CD platforms. One way to achieve this is by establishing a source of truth, often Jira, and identifying the integrations that will assist with the flow of data.
Apps and Integrations
For many organizations, security measures are still executed from the outside in. But with the shift to DevOps and agile, software releases are more frequent and it’s harder to keep up using traditional security practices. Similar to testing, this shift has prompted teams to include security earlier in the development flow – ideally without disrupting the speed of development. With this “shift left” approach, teams experience shorter lead times and fewer security incidents, ultimately saving time and resources that would otherwise be used to repair them.
Atlassian integrations for DevSecOps help you manage and address security practices within Jira or Bitbucket. For instance, our integration with Snyk allows you to inject security scanning directly into your Bitbucket pipeline using Bitbucket Pipes, or include scanning as part of a build step and against a commit as code insights. This ensures you’re abreast of all security items you want to adjust before you issue a pull request.
Tips for building your DevSecOps practices
Think beyond tooling (it’s just step one). DevSecOps not only requires the right tools, but a shift in mindset as well. Take time to understand how security can be incorporated into the planning and development process. When you have the right mindset or culture around security, it enables you to maximize the value of your tools.
Get stakeholder buy-in. Adopting DevSecOps becomes easier with cross-team buy-in. Distill down the key benefits of baking security into your unique development process and present it to stakeholders to land on a common understanding of the value you’ll be gaining.
Adopt a shared model for security. Once you’ve established the right stakeholder buy-in, you can then shift to an approach that allows for more participation. Work with stakeholders to define practices that will be beneficial to the collective team.
Empower developers to make informed decisions. Developers should not have to become security experts, but they should have relevant information early enough in the process to make informed decisions. With the right tools and alignment, you can get developers the information they need.
Teams risk problems with platform functionality and user experience when they combine releases (making features available to customers) with deploying code (moving code into production). You can reduce this risk with feature flags – decision points in code (fancy “if” statements) whose behavior can vary during runtime based on external input. This allows you to increase deployment frequency and reduce change failures.
Atlassian integrations for feature flagging allow you to integrate your workflows by surfacing feature flag details, like the rollout status within Jira. With the LaunchDarkly integration, you can create a feature flag within a Jira story.
Pro-tips for feature flagging
Make flag planning a part of feature design. Plan for the idea that a piece of the user interface may be turned on or off, and develop code accordingly. This also makes it easy to manage those “if” statements.
Standardize naming. Feature flagging is highly valuable, and large-scale feature flagging is common. Standardizing your labeling system enables you to find the features you want to access quickly, especially in an emergency.
Minimize reach of a flag. To maintain more control of your releases and deployments, narrow the reach of your flags to isolate the feature changes you make.
Review flag use at regular intervals. Once a feature is on for all users, you’ll likely want to remove if statements around a feature flag. Make a point to look over feature flags periodically, like every few months, to avoid flags that have been left on or off.
Monitoring & Observability
A lot of operations teams are still challenged with the speed versus quality trade offs. They’re missing the critical information to prioritize effectively and that’s because it’s hard to get a true sense of performance testing at any given time. Logging and monitoring is valuable but can quickly become overwhelming with dozens of data sources creating blindspots and misconfigurations. Observability is a technology or tool that delivers precise answers about the performance of applications, the underlying infrastructure, and the experience of all users, enabling teams to find and resolve incidents much faster.
Atlassian’s integrations for advanced observability give teams the ability to update, view, and manage alerts across platforms. For instance, integrations with Dynatrace allow you to synchronize problem comments between your monitoring platform and Jira, or send Bitbucket deployment actions to the platform to help figure out a problem’s root cause. Partners like Sumo Logic integrate insights across multiple Atlassian products within a single dashboard.
How to approach monitoring and observability
Track “advanced observability” metrics. In addition to metrics, logs, and traces, you should also monitor app topology, code level detail, user experience, and behavior. When these metrics are connected and in context, you can understand the root cause and business impact faster.
Automate where you can. This is critical for modern, dynamic multi-cloud applications. Take the time to find the right places to apply automation – the time to value is incredibly fast.
Design a “virtual team” with AI that can determine root cause and business impact. Use technology that acts as a “virtual team” ready to alert you with information about what happened, the business impact, the root cause of the issue, and how to fix it,
Share tooling across teams. Adopt tools that allow you to speak a common language across teams in development, operations, and the business so that you can collaborate more effectively.
Apps and Integrations
Now that you know…
Atlassian and its ecosystem of partners support the open toolchain approach to DevOps, which allows you to incorporate these practices into your workflows when it’s right for you. For instance, if you’re early in your journey, you may be focused on working in Jira and doing hand-offs with other functions more manually. Once you’ve got that down, you may move on to agile testing and continuous delivery and incorporate more automation. As you get more advanced, testing and delivery will be so much more integrated, and you’ll adopt observability and feature flags. As you evolve, your tools will reflect your evolution.
– DevOps Guides and Best Practices: Explore beginner, intermediate, or advanced DevOps guides.
– Recommended DevOps integrations: View our curated list of DevOps integrations for agile testing, DevSecOps, feature flagging, observability, and more.
– Q&A: Read answers to top questions on this topic from the live webinar
– Sign up for Jira and Bitbucket: Try our Jira and Bitbucket integration and explore how these integrations work together.