Auditing an Agile Development Operations Ecosystem

In an enterprise software development, DevOps is a practice of integrating development and operations to deliver cost-efficient, improved quality solutions to the customer by automating the existing processes to achieve “continuous delivery.” In the current dynamic IT Ecosystem where there is a rising need to prove a competitive edge to maximize profitability, it is pivotal to drive business value with profound emphasis on quality. Agile enables us to take calculated risks during development whereas its affinity to adopting DevOps will promote continuous delivery with reduced friction to improve business efficiency. As this approach requires a change in people, process, technology, culture, usage of right tools and techniques, the early involvement of IT Auditors during the process of transformation could aid to build effective Risk Management strategies to handle organizational challenges. This article aims to present a risk-based audit approach to effectively use audit tools and techniques in an Agile-DevOps transformation environment to achieve maximum business value.

Migration from DevOps to DevSecOps - A complete migration framework, challenges and evaluation

DevOps development strategy is based on lean and agile principles and developed to ensure faster delivery. It ensures the collaboration of all stakeholders in the software development process and incorporates user’s feedback in a faster manner. This strategy is developed to guarantee customer satisfaction, increased business value, reduced time for bagging the feedback and adjusting the deliverables. They identified a requirement of prioritizing security in DevOps and started conferring about security to be embedded in DevOps. This introduced a mission-critical issue in many organizations as it requires breaking down of the barriers of operations and security team and review of many security policies in place. The challenge is to find the best way in DevOps can still perform Continuous Integration and Continuous Delivery after implanting security in a DevOps environment. This paper introduces a complete migration framework from DevOps to DevSecOps.This paper also identifies the attributes on which the migration framework can be evaluated.

Continuous Delivery of Blockchain Distributed Applications

Ensuring a production-ready state of the application under development is the imminent feature of the Continuous Delivery (CD) approach. In a blockchain network, nodes communicate and store data in a distributed manner. Each node executes the same business application but operates in a distinct execution environment. The literature lacks research focusing on continuous practices for blockchain and Distributed Ledger Technology (DLT). Specifically, it lacks such works with support for both design and deployment. The author has proposed a solution that takes into account the continuous delivery of a business application to diverse deployment environments in the DLT network. As a result, two continuous delivery pipelines have been implemented using the Jenkins automation server. The first pipeline prepares a business application whereas the second one generates complete node deployment packages. As a result, the framework ensures the deployment package in the actual version of the business application with the node-specific up-to-date version of deployment configuration files. The Smart Contract Design Pattern has been used when building a business application. The modeling aspect of blockchain network installation has required using Unified Modeling Language (UML) and the UML Profile for Distributed Ledger Deployment. The refined model-to-code transformation generates deployment configurations for nodes. Both the business application and deployment configurations are stored in the GitHub repositories. For the sake of verification, tests have been conducted for the electricity consumption and supply management system designed for prosumers of renewable energy.

Pilot Remote Clinical Communication Skill Session During COVID-19 Pandemic: Medical Education in New Normal

IntroductionClinical Communication teaching has relied heavily on face-to-face teaching using Patient Partners. The current situation with COVID-19 has led to lockdown, social isolation and travel difficulty. This leads to challenges in delivering this teaching. The study aim is to pilot a clinical communication teaching session remotely, using a virtual learning environment and video conferencing. This study evaluates the pilot about achieving learning outcomes on Musculo Skeleton disease and experience of student’s and patient partner.MethodsMixed qualitative and quantitative data are obtained through an online survey. The thematic framework is used to analyse the qualitative data and the descriptive statistics are used to evaluate the quantitative responses. Results The study provided satisfaction on proceeding this new pilot remote communication session to the routine medical curriculum, with 100% recommendation by the students. The majority of students had transformed their theoretical knowledge in the Musculo Skeleton disease system to consult with patient partners. The study also finds some gaps such as delays due to internet and device faults, limited time to build rapport with patients, nonverbal expressions are not being conveyed via the screen and difficulties in adapting to new remote sessions in short transition.ConclusionLooking into the future of new normal. Remote clinical communication session worked well during the pilot study. New innovatory methods in delivering remote teaching and more studies on different diseases topics should be implemented to analyse the sustainability and validity of the remote session for continuous delivery in medical education.

IMPLEMENTASI CONTIONOUS INTEGRATION DAN CONTINOUS DEPLOYMENT PADA APLIKASI LEARNING MANAGEMENT SYSTEM DI PT. MILLENNIA SOLUSI INFORMATIKA

Aplikasi Learning Management System atau LMS merupakan produk aplikasi yang dikembangkan oleh PT. Millennia Solusi Informatika. Aplikasi LMS ini telah digunakan oleh salah satu jaringan sekolah swasta. Dalam pengembangannya, aplikasi ini menggunakan metode scrum dimana pendekatan metode ini bersifat agile dan dapat menyesuaikan kebutuhan dengan cepat. Berangkat dari hal tersebut maka dalam proses delivery perangkat lunak ini maka perlu menggunakan konsep continuous integration dan continuous deployment guna memenuhi alur pengembangan yang bersifat agile dan dapat berulang. Continous Integration (CI) adalah pengintegrasian kode ke dalam repositori kode kemudian menjalankan penggunaan secara otomatis, cepat dan sering. Sementara Continuous Deployment atau Continuous Delivery (CD) adalah praktik yang dilakukan setelah proses CI selesai dan seluruh kode berhasil terintegrasi, sehingga aplikasi bisa dibangun dan dirilis secara otomatis. Dengan menggunakan metode CI/CD diharapkan dalam proses penyampaian aplikasi dapat terus berlangsung otomatis, cepat dan sering walaupun aplikasi tersebut sudah digunakan oleh pengguna.

Towards Continuous Deployment for Blockchain

Ensuring a production-ready state of the application under development is the immanent feature of the continuous delivery approach. In a blockchain network, nodes communicate, storing data in a decentralized manner. Each node executes the same business application but operates in a distinct execution environment. The literature lacks research, focusing on continuous practices for blockchain and distributed ledger technology. In particular, such works with support for both software development disciplines of design and deployment. Artifacts from considered disciplines have been placed in the 1 + 5 architectural views model. The approach aims to ensure the continuous deployment of containerized blockchain distributed applications. The solution has been divided into two independent components: Delivery and deployment. They interact through Git distributed version control. Dedicated GitHub repositories should store the business application and deployment configurations for nodes. The delivery component has to ensure the deployment package in the actual version of the business application with the node-specific up-to-date version of deployment configuration files. The deployment component is responsible for providing running distributed applications in containers for all blockchain nodes. The approach uses Jenkins and Kubernetes frameworks. For the sake of verification, preliminary tests have been conducted for the Electricity Consumption and Supply Management blockchain-based system for prosumers of renewable energy.

Security in Agile Development, use Case in Typeform

Software development methodologies have evolved during the last years to reduce the time to market to the minimum possible. Agile is one of the most common and used methodologies for rapid application development. As the agile manifesto defines in its 12 principles, one of its main goals is to satisfy the customer needs through early and continuous delivery of valuable software. Significantly, that none of the principles refers to security. In this paper, we will explain how Typeform integrates security activities into the whole development process, reducing at the same time the phases on the S-SDLC to reduce friction and improve delivery while maintaining the security level.