For companies concerned with security as they push for faster development, a hallmark of agile frameworks such as DevOps, the US National Security Agency (NSA) has a message for you: Test, take it slow, but do it right and your developers will thank you.
Starting in 2018, the NSA embarked on a project to build more support for its developers and combine multiple instances of source code repositories. While the secretive government agency — whose missions include both spying on the communications of other countries and striving to secure US classified networks — has to work within the restrictions of a largely air-gapped network, the DevX team created a "highly available, elastically scalable architecture in AWS" that allows fast software development in a secure environment, Eric Mosher, technical lead for the DevX DevOps Pipeline at the NSA, said in a presentation at the virtual GitLab Commit conference last week.
Originally, installed from code in 2013, the NSA's source repository languished until 2018, when the agency kicked off its DevX project to improve the experience of developers. The team did an extensive rearchitecting of its approach to keep its security requirements while allowing the fewest custom changes as possible. Even with numerous dry runs, the developers still ran into problems, Mosher said.
"We didn't know the right kind of testing to do, and we needed some smarter automation," he said. "After the upgrade, we made sure to build in more of this automated testing ... and we added that smarter automation."
In the end, however, the project resulted in a fully DevOps-capable pipeline that allows gove ..
Support the originator by clicking the read the rest link below.
