The Doppler Quarterly Special Edition 2019 | Page 68

The build process should perform security and coding standards scans. Testing should
be automated and part of the build process. The build process should produce a score
for security, programming standards and quality. The build should fail if any one of
those scores are not at an acceptable level. The goal of this approach is to not let issues
progress downstream, because it is much more expensive and time consuming to fix
defects later in the lifecycle.
DevOps Maturity
After evaluating our client’s capabilities in the area of people, process and technology,
we provide a maturity score.
The score is a snapshot of the client’s current state of maturity. Next, we provide a list of
gaps in each area that shows the delta between the current state and the desired future
state. Clients often want to start with a maturity of level 3 so that they can get to a con-
sistent, secure and reliable state for deployments, while achieving a higher level of
agility.
ACME Maturity Model Score: 1.74
Maturity
Level
Level 1
Ad-Hoc
Level 2
Repeatable
People
• Silo based
• Blame, finger pointing
• Dependent experts
• Lack of accountability
Process
• Manual process
• Tribal knowledge
Level 4
Measured
Level 5
Optimized
• Processes established within • Automated builds
• Automated tests
• Collaboration exists
• Processes are automated
• Shared decision making
across SDLC
Continuous Delivery
• Shared accountability
• Standards across organization
• Proactive monitoring
• Collaboration backed on shared
• Metrics collected and analyzed
metrics with a focus Continuous
on remov- Deployment
against business goals
ing bottlenecks
• Visibility & predictability
• A culture of continuous
• Self service automation
improvement
• Risk & cost optimization
Continuous Operations
permeates through the
• High degree of
experimentation
Figure 2: Maturity Model Matrix
66 | THE DOPPLER | SPECIAL EDITION 2019
deployments
• Manual testing
• Environment
silos
• Managed communications
Continuous Integration
• No standards
• Limited knowledge sharing
• Can repeat what is known, but
organization
• Manual builds and
is the norm
• Unpredictably reactive
can't react to unknowns
Level 3
Defined
Technology
inconsistencies
written as part of
story development
• Painful but repeatable
releases
• Automated build & test cycle
for every commit
• Push button deployments
• Automated user & acceptance
testing
• Build metrics visible
and acted on
• Orchestrated deployments
with auto rollbacks
• Non-functional requirements
defined and measured
• Zero downtime deployments
• Immutable infrastructure
• Actively enforce resiliency by
forcing failures