Automated Data for DevSecOps Programs
Abstract
Automation in DevSecOps (DSO) transforms the practice of building, deploying, and managing software intensive programs. Although this automation supports continuous delivery and rapid builds, the persistent manual collection of information delays (by weeks) the release of program status metrics and the decisions they are intended to inform. Emerging DSO metrics (e.g., deployment rates, lead times) provide insight into how software development is progressing but fall short of replacing program control metrics for assessing progress (e.g., burn rates against spend targets, integration capability target dates, and schedule for the minimum viable capability release). By instrumenting the (potentially interacting) DSO pipelines and supporting environments, the continuous measurement of status, identification of emerging risks, and probabilistic projections are possible and practical. In this paper, we discuss our research on the information modeling, measurement, metrics, and indicators necessary to establish a continuous program control capability that can keep pace with DSO management needs. We discuss the importance of interactive visualization dashboards for addressing program information needs. We also identify and address the gaps and barriers in the current state of the practice. Finally, we recommend future research needs based on our initial findings.
Document Details
- Document Type
- Technical Report
- Publication Date
- May 01, 2022
- Accession Number
- AD1168421
Entities
People
- Christopher L. Miller
- Hasan Yaşar
- Luiz Antunes
- Robert Mccarthy
- William R. Nichols
Organizations
- Carnegie Mellon University