Mjukvaruutveckling med Continuous Delivery : En kvalitativ fallstudie om Continuous Practices med fokus på Continuous Delivery / Software development using Continuous Delivery : A qualitative case study about Continuous Practices with focus on Continuous Delivery

Salomonsson Tigerström, Andreas, Algrim, Sebastian

January 2018

Denna uppsats studerar förutsättningarna för att implementera mjukvaruutvecklings - metoden Continuous Delivery (CDE). Problemställningen som lade grunden för studien, var att det inte finns någon enhetlig standard för CDE. Studien ämnade att undersöka om detta innebar att metoden har varierande innebörd inom olika företag och om de således, i viss mån tillämpar skilda tillvägagångssätt med metoden. Ytterligare en aspekt var att se vilka utmaningar företagen upplevde vid övergången till CDE. Att undersöka om det var främst organisatoriska eller utvecklingsrelaterade problem som upplevts. Samt hur de hanterade kommunikation och tillit till medarbetarna och arbetet inom verksamheten under förändringen. För att belysa problemen, beskrevs teori med fokus på organisatoriska och tekniska utmaningar med Continuous - metoderna: Continuous Integration (CI), Continuous Delivery (CDE) och Continuous Deployment (CD). Teorikapitlet samt tidigare studier inkluderade även forskning om kringliggande koncept som DevOps och LEAN. Metoder, vilka kan underlätta implementationen av CDE. Datainsamlingen genomfördes med öppna individuella intervjuer med representanter från sex stycken företag, där de delade med sig av deras erfarenheter av och syn på CDE. Studien visar att anledningen till att företag väljer att arbeta med CDE, är att de vill gå från utvecklingsmetoder, vilka kräver många beslut inför varje förändring, till ett mer flexibelt arbetssätt där de funnit fördelar som: bättre kvalitet på det som levereras, snabbare leverans av affärsvärde till kunder samt kortare feedback - loopar. Företag som gör en övergång till CDE väljer dessutom ofta att inte automatisera hela vägen ut till produktion, enligt CD, då de ser utmaningar med att säkra kvalitén. Studien har identifierat ett antal faktorer som viktiga för en framgångsrik implementering av CDE, samt faktorer som kan resultera i en svår övergång. / This thesis studies the conditions needed for implementing the software development method Continuous Delivery (CDE). The problem identified for the study, is that there is no standardized approach for CDE as of today. The intentions of the study were to determine whether this means that the method will have a shifting tenor within different companies, and if so, will these companies implement the method with different approaches. Another aspect was to determine which types of challenges the companies were faced with during the transition towards CDE. To review whether the challenges were foremost organisational or development related. And how the organisations handled the communication and trust towards the co-workers and the development work within the organisation during the change towards the method. To highlight these issues, we presented theories with focus on organisational and technical challenges with the different Continuous practices were made. The practices being: Continuous Integration (CI), Continuous Delivery (CDE) and Continuous Deployment (CD). The theory chapter and former studies also contains research about surrounding concepts such as DevOps and LEAN methods, which can aim to facilitate the implementation of CDE. The empirical data collection was performed using open individual interviews with informants from six different companies, where they shared their experience and views on the method CDE. The study demonstrates that the reason organisations chose to implement CDE, is that they want to transform from software development methods, which requires a lot of decision making for any change, to a more flexible work procedure, in order to experience benefits such as: better quality of what is delivered, faster deliveries of business value to the customers and faster feedback-loops. Organisations that make the transition towards CDE also tend not to automate all the way to production, as in agreement with CD, this because the organisations identify challenges with assuring that the quality is sufficient. The study has identified a number of factors that are essential for a successful implementation of CDE, along with factors that may result in a less successful implementation.

Agile methods

Case study

Continuous Delivery

Continuous Deployment

Continuous Integration

Communication barriers

Continuous Practices

Development process

DevOps

LEAN

Organizational structure

Qualitative study.

Agila metoder

Continuous Delivery

Continuous Deployment

Continuous Integration

Continuous Practices

DevOps

Fallstudie

Kommunikationsbarriärer

Kvalitativ studie

LEAN

Organisationsstruktur

Utvecklingsprocess.

Information Systems

Využití Nix/NixOps pro průběžnou integraci a nasazení software při vývoji / Continuous Integration and Delivery by Nix/NixOps in Software Development

Vlk, Tomáš

January 2020

This thesis deals with the application of the functional packaging system Nix and its ecosystem (NixOS, NixOps) for CI/CD in agile development. When using these technologies, the problems caused by different environments are virtually eliminated without the need of containerization. The thesis contains a description of the possibilities and the shortcomings of Nix/NixOps and it proposes a general procedure for the use of these technologies in individual phases of agile development and CI/CD. Thanks to Nix/NixOps, the implementation of CI/CD is very simple and the whole process is also reproducible. The output of the work is a set of the examples demonstrating the use of Nix/NixOps in various projects, which is available as open-source. Thanks to this set, the developers can use Nix quickly and easily in any project, without having to study a large amount of materials.

Guidance on Implementing Agile Software Development Methods within a Traditional Environment / Vägledning kring implementering av agila systemutvecklingsmetoder i en traditionell miljö

Wallström, Andreas

January 2021

Agile software development methods keep increasing in popularity. Many organizations who are using traditional software development methods, such as water-fall and stagegate based methods are switching to agile software development methods. This transition can be challenging, especially for organizations using project governance models that hinder the adoption of agile practices. This study aims to provide guidance to managers on how to introduce agile software development methods in such traditional organizations. The study is a single-case study on a large governmental agency in Sweden. Eight interviews with developers, team-leads and managers were conducted. The study identifies practical tools and ideas that managers can use to introduce a shared definition of agile, adopting an agile mindset, dedicated teams, and CI&CD. Together, this guidance supports managers with the introduction of agile software development methods in organizations utilizing traditional project governance structures and traditional software development methods. / Agila systemutvecklingsmetoder fortsätter öka i popularitet. Många organisationer som använder sig av traditionella systemutvecklingsmetoder så som vattenfallsmodellen byter till agila systemutvecklingsmetoder. Denna övergång kan vara utmanande, speciellt för organisationer som använder sig av projektbaserade förvaltningsmodeller som hindrar implementeringen av agila metoder. Den här studien syftar till att ge vägledningen till chefer kring hur de kan introducera agila systemutvecklingsmetoder iden nyss nämnda typen av traditionella organisationer. Studien är en fallstudie gjort på en stor myndighet i Sverige. Åtta intervjuer med systemutvecklare, lag-ledare och chefer har utförts. Studien identifierar verktyg och idéer som chefer kan använda sig avför att introducera en delad gemensam definition av agilt, anamma ett agilt tankesätt, introducera dedikerade teams och CI&CD. Tillsammans hjälper de här verktygen med introduktionen av agila systemutvecklingsmetoder i organisationer som använder sig av traditionella systemutvecklingsmetoder och förvaltningsmodeller.

Agile

Agile Software Development

CI&CD

Continuous integration

Continuous deployment

Dedicated teams

Agilt

Agil systemutveckling

CI&CD

Kontinuerlig integration

Kontinuerlig driftsättning

Dedikerade teams

Economics and Business

Ekonomi och näringsliv

Computer Systems

Datorsystem

<b>The Significance of Automating the Integration of Security and Infrastructure as Code in Software Development Life Cycle</b>

Hephzibah Adaeze Igwe (19213285)

28 July 2024

<p dir="ltr">The research focuses on integrating automation, specifically security and Infrastructure as Code (IaC), into the Software Development Life Cycle (SDLC). This integration aims to enhance the efficiency, quality, and security of software development processes. The study explores the benefits and challenges associated with implementing DevSecOps practices, which combine development, security, and operations into a unified process.</p><h3>Background and Motivation</h3><p dir="ltr">The rise of new technologies and increasing demand for high-quality software have made software development a crucial aspect of business operations. The SDLC is essential for ensuring that software meets user requirements and maintains high standards of quality and security. Security, in particular, has become a critical focus due to the growing threat of cyber-attacks and data breaches. By integrating security measures early in the development process, companies can better protect their software and data.</p><h3>Objectives</h3><p dir="ltr">The primary objectives of this research are:</p><ol><li><b>Examine the Benefits and Challenges</b>: To investigate the advantages and difficulties of integrating DevSecOps and IaC within the SDLC.</li><li><b>Analyze Impact on Security and Quality</b>: To assess how automation affects the security and quality of software developed through the SDLC.</li><li><b>Develop a Framework</b>: To create a comprehensive framework for integrating DevSecOps and IaC into the SDLC, thereby improving security and reducing time to market.</li></ol><h3>Methodology</h3><p dir="ltr">The research employs a mixed-methods approach, combining qualitative and quantitative methods:</p><ul><li><b>Qualitative</b>: A literature review of existing research on DevSecOps, IaC, and SDLC, providing a theoretical foundation and context.</li><li><b>Quantitative</b>: Building a CI/CD (Continuous Integration/Continuous Deployment) pipeline from scratch to collect empirical data. This pipeline serves as a case study to gather insights into how automation impacts software security and quality.</li></ul><h3>Tools and Technologies</h3><p dir="ltr">The study utilizes various tools, including:</p><ul><li><b>GitHub</b>: For version control and code repository management.</li><li><b>Jenkins</b>: To automate the CI/CD pipeline, including building, testing, and deploying applications.</li><li><b>SonarQube</b>: For static code analysis, detecting code quality issues, and security vulnerabilities.</li><li><b>Amazon Q</b>: An AI-driven tool used for code generation and security scanning.</li><li><b>OWASP Dependency-Check</b>: To identify vulnerabilities in project dependencies.</li><li><b>Prometheus and Grafana</b>: For monitoring and collecting metrics.</li><li><b>Terraform</b>: For defining and deploying infrastructure components as code.</li></ul><h3>Key Findings</h3><ul><li><b>Reduction in Defect Density</b>: Automation significantly reduced defect density, indicating fewer bugs and higher code quality.</li><li><b>Increase in Code Coverage</b>: More comprehensive testing, leading to improved software reliability.</li><li><b>Reduction in MTTR, MTTD, and MTTF</b>: Enhanced system reliability and efficiency, with faster detection and resolution of issues.</li><li><b>Improved System Performance</b>: Better performance metrics, such as reduced response time and increased throughput.</li></ul><h3>Conclusion</h3><p dir="ltr">The study concludes that integrating security and IaC automation into the SDLC is crucial for improving software quality, security, and development efficiency. However, despite the clear benefits, many companies are hesitant to adopt these practices due to perceived challenges, such as the upfront investment, complexity of implementation, and concerns about ROI (Return on Investment). The research underscores the need for continued innovation and adaptation in software development practices to meet the evolving demands of the technological landscape.</p><h3>Areas for Further Research</h3><p dir="ltr">Future studies could explore the broader impact of automation on developer productivity, job satisfaction, and long-term security practices. There is also potential for developing advanced security analysis techniques using machine learning and artificial intelligence, as well as investigating the integration of security and compliance practices within automated SDLC frameworks.</p>

Technology management

Cloud computing

Automated software engineering

Automation

SDLC

Software Development Life Cycle

DevSecOps

Iac

Infrastructure as Code

CI/CD

Code Quality

Static Code Analysis

ML

Vulnerability Management

Security

AI

Machine Learning

Artificial Intelligence

Supply Chain Security

Job Satisfaction

Developer Productivity