By some estimates, more than three-quarters of IT organizations have adopted the DevOps software development methodology in efforts to deliver better software faster. However, the process doesn’t always work as anticipated. Gartner analysts say 90 percent of DevOps initiatives are likely to fail to meet expectations through 2023.
In many instances, problems arise due to challenges surrounding the implementation of a continuous integration and continuous delivery (CI/CD) pipeline. A CI/CD pipeline comprises a set of specific processes that automate the building, testing and delivery of code changes, making it essential for accelerating the application development lifecycle.
Here are five challenges organizations often encounter when implementing CI/CD pipelines:
Poor Implementation
CI/CD pipelines are complex environments that require the integration of multiple loosely coupled tools. When all tools, processes and priorities are properly aligned, the pipeline ensures a continuously moving system of code updates and change integrations. However, companies implementing CI/CD from scratch often lack the expertise to properly build the pipeline.
A common mistake is trying to automate too many processes. Very often, this can result in low-priority processes interrupting more critical processes. At the very least, overly aggressive automation will complicate and slow workflows. It is important to prioritize which automated processes will deliver the most value, and thoroughly test each before adding more.
Internal Resistance
Agile-style development often involves multiple teams working on different elements of the same project. Lone-wolf developers are likely to be uncomfortable with this level of collaboration. In a recent survey from the Advanced Technology Academic Research Center, respondents said cultural resistance to change is the No. 1 barrier to IT modernization.
DevOps and CI/CD won’t work without good collaboration. Organizations need to set expectations when launching a pipeline initiative and establish communication requirements to ensure that development teams work together to identify and resolve any problems.
Simultaneous Changes
By automating integration and delivery, CI/CD helps development teams deliver code changes more frequently and reliably. However, developers can create bottlenecks when they try to implement too many changes in a single release. The flood of changes can trigger a failed test or other problems. Worse yet, the more changes there are in each release, the harder it is to determine which changes are causing problems.
Manual Testing
Testing code changes is an important part of the pipeline process, but manual testing processes often create delays. Manual testing requires developers to identify all changes and run them one at a time, resulting in slow feedback and update delays. Additionally, many tests require dedicated test environments that mimic the end-user environment. Teams typically have to build these environments manually, then tear them down when they’re finished.
While it may be desirable to conduct manual tests in some circumstances, automated testing is essential for speeding the development lifecycle. Automated testing allows developers to run concurrent tests to save time, and automatic provisioning makes it possible to set up test environments with just a few mouse clicks.
Weak Security
Using code from open-source projects or third-party code repositories could inadvertently introduce malicious code into the pipeline. As such, CI/CD pipelines need strong security controls to reduce the chance of vulnerabilities making it into production. That’s easier said than done, however. Sixty percent of respondents in a 451 Research survey said a lack of automated, integrated security tools hampers their ability to effectively protect the CI/CD environment.
Organizations should implement identity and access management solutions to control who has access to tools and resources within the pipeline. Additionally, they should run software composition analysis (SCA), static application security tests (SASTs) and dynamic application security tests (DASTs) to identify potential vulnerabilities as early as possible.
How Technologent Can Help
Technologent has helped numerous customers implement CI/CD pipelines through our IT modernization services. We can help you avoid many of the pitfalls that hamper pipeline development with a finely tuned framework for improving your software development cycle. Contact us to learn more.
May 31, 2022
Comments