Where are you using WebAssembly?
Wasm promises to let developers build once and run anywhere. Are you using it yet?
At work, for production apps
At work, but not for production apps
I don’t use WebAssembly but expect to when the technology matures
I have no plans to use WebAssembly
No plans and I get mad whenever I see the buzzword
DevOps / Operations / Platform Engineering / Software Development

How PaymentWorks Modernized Its Developer Platform with Slim.AI

PaymentWorks sought to update its development pipeline, secure containers automatically and increase developer velocity to gain competitive advantage.
Mar 31st, 2023 11:46am by
Featued image for: How PaymentWorks Modernized Its Developer Platform with Slim.AI

PaymentWorks is an enterprise payments-security platform with a mission to mitigate the risks inherent in business-to-business payments. By automating a complex, manual, people-intensive and error-prone payment process, PaymentWorks protects organizations from business payments fraud and ensures regulatory compliance.

Shipping new features quickly while meeting strict security and compliance requirements has always been critical to its success, but its engineers were charged with a new, business-critical software development project with tight deadlines and keen interest from executives, customers and investors.

The engineering team decided to build the new service as a containerized microservice to proactively break apart their existing monolithic, VM-based infrastructure. Doing so would allow them to shorten development cycles, reduce complexity and make developer onboarding easier. They needed to ensure quality, compliance and consistency in delivering production-ready containers as the new “shippable unit of software.” Furthermore, they needed a scalable developer experience that enabled fast onboarding as their business grew and they added more developers to the team.

With this new project, there were goals to streamline the software delivery pipeline:

  • Create secure, production-ready containers automatically as part of the release process that reduce vulnerabilities and attack surface.
  • Remove manual, repetitive activities, such as ad hoc scripting and manual bookkeeping around architecture decisions, that result in mundane work, human error and delays.
  • Fit the container hardening process into existing developer workflows to ease adoption and improve velocity.
  • Reduce DevOps overhead while getting containers from dev to prod.

PaymentWorks also had a goal of having full visibility, history and control over the exact versions of the artifacts running in production, such as the locations of where specific images run, the dependencies (packages) and where versions (git commits) of the application code are contained. Due to the confidential nature of financial services, the new system needed to be secure and easily auditable.

Implementing this new system would help the company scale more efficiently to meet future needs and shorten test cycles, challenges it faced with its legacy build-and-test pipeline based on EC2 (Amazon Elastic Compute Cloud) instances.

The PaymentWorks engineering team knew that providing developers with the right tools and automation would ensure best practices were met as they transitioned to a containerized platform.

They called on Slim.AI, which offers solutions that automatically optimize the composition and construction of containerized applications to create hardened containers, improve build and deploy cycles, and provide deep insight into application behavior and performance.

The teams began by integrating Slim.AI into the PaymentWorks Jenkins-based CI pipeline, recording containers and related artifacts, and storing them as “Collections” on Slim’s web-based SaaS platform. Jenkins communicates with the Slim.AI platform via API, determining the necessary build details and context to generate properly composed and tagged containers.

During this process, Slim.AI catalogs a record of all build context, container versions, tags, attributes and history. Once containers are built, Slim.AI automatically generates a new environment-specific Docker Compose file that pins the latest versions to semantic references and commits that to GitHub for the specified deployment context (dev, test or production).

The PaymentWorks CD system then references the Slim.AI Collections API to find the containers, Docker Compose files and metadata necessary to deploy and run the system. AWS Elastic Container Registry houses the containers, and Slim.AI automatically keeps track of all container versions for each collection, runs vulnerability scanners, hardens containers and generates artifacts for compliance.

Developers can interface with Slim.AI via a web-based UI or command-line interface to review artifacts, see inside their recently built containers, and debug and secure their containers in a developer-friendly way. PaymentWorks’ first container to ship reduced the total vulnerability count by 89%, eliminating all critical, and 60% of high-risk findings.

This integrated container management system allows other aspects of the PaymentWorks environment to interact with Slim.AI programmatically with semantic precision, speed and high automation, whether that’s infrastructure running on AWS or security and compliance audits.

The best part is that it’s completely self-service and hands-off: no friction, manual steps or scripts. According to Matias Elgart, vice president for platform engineering at PaymentWorks, the system has created a way to easily onboard to the new microservices environment as the dev team continues to grow, and developers love that they don’t have to manually manage and share files and scripts locally.

By working with Slim.AI, PaymentWorks has reached its combined goals of improving security and compliance while reducing operational complexity, error and repetitive DevOps cycles, freeing up their teams to focus on building great software for their customers and creating a positive developer experience.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Pragma, Docker.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.