Analysis of DevOps workflow

Published on Slideshow
Static slideshow
Download PDF version
Download PDF version
Embed video
Share video
Ask about this video

Scene 1 (0s)

Analysis of DevOps workflow Product Engineer GitHub repository • GitHub Security • Branch Policies • Repository Structure • Library for common functions • Diagram as a code • Lack of tools Integration Azure Pipelines • Agent Configuration • CD Fragmentation • No validation on terraform deployment Azure / GCP Infrastructure Provisioned Code commit & Pull request CD Pipeline • No Deployment Security: Our cloud deployments lack proper security measures, making them vulnerable to attacks. • Branch Protection: Unauthorized changes in our branches risk the stability of our cloud services. • Versioning: Inconsistent versioning practices make it hard to manage configurations effectively. • Secret Scanning: Sensitive information is at risk due to insufficient scanning practices. • Tool Integration for Metrics: Our tools don't integrate well to assess vulnerability and compliance metrics accurately. • Proper Repository Structure: Disorganized repository structures lead to confusion and inefficiencies. • Post Terraform Deployment Validation: Lack of validation after Terraform changes can cause operational disruptions. Workflow Challenges Business Impact Analysis • These challenges reduce the security and reliability of our cloud infrastructure. • They increase the risk of cyber threats, downtime, and inefficiencies in our operations. • Ops incident recovery take more time.

Scene 2 (42s)

• Workflow Product Engineer On Pull Request Code commit & Raise PR GitHub Actions • Pre-Commit Checks • Checkov Scanning - TF • Sematic Versioning • SonarQube Scanning • Black Duck Scanning Azure Pipelines • Download libraries • Agent configuration • CD Fragmentation • Pre-Terraform config • Terraform Apply • Post Terraform Config • Validation CD Pipeline Azure / GCP Infra Deployed GitHub repository • GitHub Security • Branch Policies • Repository Structure • Library for common functions • Diagram as a code • Lack of tools Integration • Manual code review Remediation for BI QED Dashboards • These challenges reduce the security risk and increase reliability of our cloud infrastructure. • They reduce the risk of cyber threats, downtime, and inefficiencies in our operations. • Ops incident recovery take less time with help of dashboards & Teams channel notifications.