When you think of TDD, you might lean towards Test-Driven-Development. Though in Tomasz Manugiewicz’s ACE 2022 talk, the ‘T’ in TDD could also mean Trust e.g Trust-Driven-Development. The talk, boils down to if there is trust, there is autonomy. If there is autonomy, creativity flourishes. Building trust is done incrementally, incremental success builds success. Software engineering is a team sport and an exercise in iteration. Creating something for the first time, there will be trial and error and continuous improvement. In the DevOps model, DevOps teams can be integral in fostering and disseminating trust throughout the entire engineering organization. But trust is certainly a two-way street.
Trust Is a Two-Way Street
The cliche says that trust is given and earned. Looking at this another way, you can trust your team and that trust is maintained through actions and interactions. Trust can take years to build and moments to break down. From a DevOps perspective, trust is integral to the systems that DevOps or Platform Engineering teams create. Focusing on making the development pipeline more efficient, if there was no trust, there would be extremely manual processes with multiple layers of sign-offs or manual reviews. Trust from a DevOps perspective focuses on systemic trust and automation.
Systemic Trust – Guardrails
The radio dials to balance for any DevOps team are the radio dials of innovation vs control. Allowing for creativity while still maintaining business or regulatory controls is a balancing act. DevOps teams can create automatic guardrails systemically enforce decisions. For example, if a piece of opensource has a CVSS score above a seven, the deployment is blocked. In essence, trust is given to those to make choices and if the system detects a violation, there is more hygienic and trust-worthy choices can be made. There are two schools of thought which are verification and/or validation. Validation occurs at the time of execution e.g someone is deploying something and verification needs to happen regularly e.g verifying against a ruleset at regular intervals. Shipa Insights can help with both.
Automating Trust with Shipa Insights
Shipa Insights can help strengthen your validation and verification posture. With Kubernetes Application security, the ecosystem moves quickly thus what was good yesterday could be problematic today. Shipa Insights can keep track of not only security vulnerabilities but also shift left choices such as networking and container policies.
What is trustworthy today can change tomorrow in the technology world. If posture should change, changing what is valid is very simple in Shipa Insights, simply adjust your Shipa Framework.
Lastly, with Shipa Insights, you can also get alerts as violations occur. Having a timely notification can help build confidence and trust that issues will be found and remedied.
Feel free to take the Shipa for a spin today. Shipa Insights is included with your Shipa Account, even the free tier.
Cheers,
-Ravi
