Embed Size (px)
Citation preview
Mentor’s View: Aligning your team and your powers for successChris CarlucciCustomer Success EngineerSonatype
2 05/03/2023
Agenda
• Getting Started on Your Journey• Open Source Policy Guidelines• Policy Results in Eclipse & Jenkins• Meaningful Success Metrics
3 05/03/2023
Getting started on your journey
• Rugged DevOps, Software Supply Chain, Now What?
• The Hero’s Journey• Align Your Heroes• Building Bridges• Setting Expectations
4 05/03/2023
Building A Trusted Software Supply Chain
5 05/03/2023
Different Stakeholders, Different Priorities
Where’s that release?
Done! On to the next sprint.
Now, where are we in that
process?
6 05/03/2023
Building A Better Bridge Between Dev, Ops & Sec
• Tooling needs to adopt the practice of the practitioner
• A tool is not a process and a process is not a tool; learn to leverage both
7 05/03/2023
Two Philosophies
• Support & guide
• Objective information across the lifecycle • Each performs the task
they are good at• Faster component
selection and issue resolution• Bridges the developer
“compliance” gap
• Scan & scold
• Reactive information latein the lifecycle • Creates rework and slows
remediation• Hinders technology
innovation• More expensive
8 05/03/2023
Communicate ExpectationsDetermine lifecycle enforcement strategy:
Allows developers time to research & fix or to request waivers
Everything is documented on an internal WIKI
Development CI Build Promotion to staging or release
9 05/03/2023
Fix the Red – Actionable?
paniceasy
oops
prayhelp?
evil
bs
fix it
10 05/03/2023
Fix the Red – Actionable?
paniceasy
oops
prayhelp?
evil
bs
fix it
11 05/03/2023
Building A Good Component Practice
Phase 3 Reducing risk & enforcing
compliance
Phase 2 Creating policy &
rating risk
Phase 1Understanding your
environment
12 05/03/2023
Interactive Policy Development
13 05/03/2023
What Is Policy?
14 05/03/2023
Out-of-the-box Policies With Easy Customization
Architecture
Component
License
Security
15 05/03/2023
IQ Server Policy Definition
16 05/03/2023
Tool Chain Integration – IDE & CI Server
17 05/03/2023
ZTTR (Zero Time to Remediation)
Empower Developers From The Start1
18 05/03/2023
Design A Frictionless Approach2
19 05/03/2023
Create A Software Bill Of Materials3
20 05/03/2023
Defining Meaningful Success Metrics
http://www.aintitcool.com/node/44547
21 05/03/2023
It’s Not Always What You Measure…
http://ronjeffries.com/articles/016-03/you-want/
22 05/03/2023
…It’s the Behavior that ResultsManager: “Nathan, this isn’t fair. You’re just showing the number of stories, not how big they are.”Nathan: “That’s right.”Manager: “But that’s not fair!”Nathan: [silent]Manager: “All I’d have to do would be to divide up my stories into little bits and release those every month.”Nathan: [silent, smiling]Manager: “Oh.”
• Soon, the manager was doing small stories, to the benefit of everyone.
http://ronjeffries.com/articles/016-03/you-want/
23 05/03/2023
Success Metrics• Short Term – Time to Value
• “By the end of the workshop, we configured ~80% of our policies. Just six business days after training, we have made the test environment available in our organization”
• Long Term – Quality Metrics• MTTR• WIP• New violations delivered to production
Q&A
25 05/03/2023
Wrap Up• Manage your Software Supply Chain• Collaborate with counterparts –
BA/PM/Dev/QA/Ops/Sec. • Discuss mutual interdependence and shared
objectives• Automated Real-Time Feedback is a win-win
• http://bit.ly/app-check
26
We’re here, engaged &READY
TO HELP
Nexus Newsletter Nexus Live – Google Hangouts Cool Things in 2 Minutes
Customer Success Team
Training On-Site or OnlineOnline Knowledge BaseNexus Community Pages
Books Online
Chicago, IL April 27, 2016
Mentor’s View: Aligning your team and your powers for successChris Carlucci, Customer Success Engineer, Sonatype
