CDRA Completes the CI/CD Software Development Lifecycle
When it comes to at-scale software development, is continuous delivery and release automation (CDRA) the next step in the evolution of continuous integration/continuous delivery (CI/CD)?
Forrester Research thinks so. The analysis firm describes CDRA as a way for organizations to deliver better quality software faster and more securely, by automating digital pipelines and improving end-to-end management and visibility.
In this edition of The New Stack Makers podcast, Anders Wallgren, CloudBees vice president of technology strategy, discusses CDRA, supporting tools and the goals and the challenges that DevOps teams have when delivering software. CI/CD systems provider CloudBees was named a leading CDRA vendor in the report “The Forrester Wave: Continuous Delivery And Release Automation, Q2 2020.”
The episode was hosted by Alex Williams, founder and publisher of The New Stack, and co-hosted by Joab Jackson, TNS managing editor.
In many respects, CDRA is very similar to CD, insofar as it is a foundation for committing, then delivering software, Wallgren said. “Value-stream CDRA is really about making your value stream executable and visible on an ongoing real-time basis. So it’s taking all of the things, all of the activities, all of the tools, all of the platforms, all of the software — everything that you do to build, test, qualify, deploy and release your software — and automating that,” Wallgren said.
“Ideally, our point of view is about one platform, over-the-top orchestration and tying together all the islands of automated CI/CD that you already have,” he said.
Many organizations are already fairly accomplished in adopting continuous integration and automating the process. “However, there are about 58 other things that you have to do to your software before it’s ready to go live on the website, get burned into the chip, dropped into the box and those sorts of things,” Wallgren said. “CDRA is really just an acknowledgment that there are still release activities that most large mature software companies engage in, and we’re not yet quite living in a world where I compile the software on my laptop and then two minutes later, it’s in production.”
Among the “58 other things” that DevOps teams are required to do before software is released include: security scans, software composition analysis, static analysis, runtime analysis, penetration testing and “anything that you do around the building and testing and qualification of the software user acceptance,” Wallgren said.
For heavily regulated industries such as finance, health care, automotive, aerospace, defense and others types of organizations with tight auditable requirements, automation is of critical importance. These kinds of organizations “have to be governable and controllable and my point of view is that automation is auditing.”
“I think when you dig down beneath all the details of things like audits and controls, it comes down to documenting what you do, and proving that you did what you documented,” Wallgren said. “An automation definition is a form of documentation, especially these days… So it’s, about really gathering up all those sorts of bits and bobs and from other organizations, other departments, other functions and bringing them out of the silos and onto the big factory conveyor belt that we’re all going to use to get our software out the door, the right way.”