DevOps platforms are mature, but still lack robust Software Composition Analysis functionality

Organizations looking to DevOps platforms to integrate and manage toolchains should be mindful of key gaps in functionality these platforms lack – including robust open source software management.

Application, infrastructure and operations professionals are increasingly looking to adopt platforms to integrate or deliver out-of-the box solutions because of the many benefits they bring to advancing a DevOps culture. But functionality like Software Composition Analysis (SCA) is a critical gap, according to the report, “The Future of DevOps Toolchains Will Involve Maximizing Flow in IT Value Streams.”

SCA solutions advance DevOps strategies because they enable developers to rapidly consume open source software technologies, while at the same time mitigate the risks of license compliance issues and unpatched security vulnerabilities, according to the report. SCA tools automate governance by, for instance, providing a detailed inventory of application components.

“A DevOps culture provides fertile ground for the adoption of OSS tools. However, lack of proper OSS governance exposes organizations to legal and security risks,” the report’s authors wrote. “Software composition analysis (SCA) tools aim to mitigate these risks.”

The findings and recommendations are based off Gartner’s 2019 DevOps survey of 273 IT and business professionals involved in decision-making around DevOps in their organizations. The survey looked at the performance, drivers and challenges in scaling DevOps.

Platforms can reduce overhead and complexity by allowing teams to focus less on managing the tools themselves and more on tasks that add value to the customer, according to Gartner. They also enable visibility into the overall process that enhances productivity, communication and business outcomes for continuous improvement in both the product itself and the process used to build it.

Several trends are working in favor of the platform-centric approach. These include consolidation in the market, the drive toward value-stream-based approaches that demand an integrated view of activities, and the adoption of container-based architectures, according to the report. Organizations are also facing challenges in assessing and improving metrics like release velocity and product team efficiency.

But with the market still evolving and end-to-end functionality lacking, we believe, Gartner recommends that customers layer three different approaches:

  • Adopt DevOps value stream delivery platforms (VSDPs) that orchestrate DevOps toolchains to build, deliver and deploy the software.
  • Adopt DevOps value stream management platforms (VSMPs) that provide capabilities for measuring strategic metrics like release velocity and team efficiency.
  • Use third-party tools that provide critical best-of-breed functionality for SCA and other use cases, such as cloud-native application architectures, tools to optimize machine learning operations and commercial off-the-shelf application management.

“These three ways are not mutually exclusive,” the report’s authors wrote. “Organizations will use VSDPs for a few products, layer an existing DevOps toolchain with a VSMP, and use specialized tools to support emerging use cases involving ML, cloud-native and open-source technologies.”

For the full report and to learn more about the benefits of SCA in DevOps, click here: https://info.revenera.com/SCA-RPT-Gartner-Future-DevOps

 

Gartner, The Future of DevOps Toolchains Will Involve Maximizing Flow in IT Value Streams, Manjunath Bhat, Daniel Betts, Hassan Ennaciri, Chris Saunderson, Thomas Murphy, 14 January 2020

Leave a Reply

Your email address will not be published. Required fields are marked *