14. @TopoPal
Deliver High Quality Working Software Faster
• No security flaws
• No legal flaws
• Minimum defects
• All levels of testing done
• Code reviewed and source controlled
• Across LOBs, Shared Services and 3rd
Parties
• Tested end-to-end
• All dependencies are satisfied
• How fast? ASAP?
25. @TopoPal
Pipeline must have 16 gates
Source code version control
Optimum branching strategy
Static analysis
> 80% Code coverage
Vulnerability scan
Open source scan
Artifact version control
Auto provision
Immutable servers
Integration testing
Performance testing
Build, Deploy,Testing automated for every commit
Automated Change Order
Zero downtime release
Automated rollback
Feature Toggle
34. @TopoPal
Risks are real
• Intentional damage
• Unintentional damage
• Untested code in production
But….
There is a better way
35. @TopoPal
Hypothesis
• DevOpsSec & CI/CD provide better controls
• A model with ~30 practices can satisfy audit
and compliance
• If everything is source code, no one needs
access to production
• For emergency,“Break Glass”
36. @TopoPal
Result
Production Release 1+ / dayOnce / sprint
# of Applications with Release Automation: 20+
Max. # of Releases in 1 day for 1 Application: 34
With “Segregation of Duties”