Last week we kicked off GitHub InFocus, a global virtual series just for software teams. We discussed the importance of developer experience and innersource—and how key collaboration really is. Next…
Last week we kicked off GitHub InFocus, a global virtual series just for software teams. We discussed the importance of developer experience and innersource—and how key collaboration really is. Next up: DevOps. We checked in with virtual hosts Jennie, Marko, and Daniel for a quick Q&A on what to expect, from CI/CD to DevSecOps.
Jennie: While the term DevOps has been around for a while, it’s still convoluted to many. What I’m excited about for this week is that we’ve brought in so many DevOps experts across GitHub to share the lessons, strategies, and best practices we learned from working with our customers. The four sessions this week will cover not only the DevOps fundamentals, but also motivations for change, trends in the industry, and how to get started on a transformational journey.
Jennie: DevOps encompasses tooling, development, operations, automation, culture, and most importantly, it’s a methodology that brings them all together. DevOps has turned them into something that’s greater than the sum of their parts for more than a decade now. Have we reached the limit of all that?
What’s more, we still have to consider:
We’ll be covering all the above during DevOps Week, especially in our Breaking down DevOps conversation with Bryan Liles from VMware.
Daniel: With the advent of DevOps, a lot of specialist groups are shrinking and the burden is shifting more and more upon the developer to deliver better software, faster. One example is security. Security is becoming more of a developer responsibility as opposed to something applied later in the software development lifecycle. Finding vulnerabilities at development time is critical for several reasons, but security researchers are rare and expensive. So, how can we share their work among all software development organizations?
Fortunately the answer is there right in front of us—DevOps! Along with making sure code passes functional, performance, and integration tests, we can focus on code quality. From a developer-first perspective, a vulnerability in many cases is simply a code quality issue that can be exploited by a bad actor. Next week, we’ll walk through how to bring rapid code quality feedback into the branch, commit, and pull request cycle in a way that matches test result feedback, so developers aren’t seen as the cause of a security problem. It just becomes another test result to address and fix. Even better, when that feedback isn’t security-speak but in developer-speak, it’s far easier to digest and make required changes. Other developers dropping by can see that instant feedback and learn as well, so everyone learns together instead of one person being singled out for making a mistake.
Daniel: Every company is now competing for the same developer resources at a global level. In fact, we see traditional organizations leading developer hiring compared to their digital-first competitors. Large organizations are learning how to do more with the same or fewer resources, while balancing changes to distributed teams and remote work. Open source has been a big help with that. Organizations can open source code that isn’t critical to their business or their intellectual property. But what about getting faster with the code they do need to write?
Open source solves more than code resourcing issues. Open source communities have had to deal with scarce and distributed developer resources for years. They’ve solved this through shared discovery of code and process, automating testing, providing direct and rapid feedback and, finally, an open and supportive culture—the kinds of things DevOps practitioners strive to provide. Innersource is the process of taking these lessons learned from the open source community and applying them internally within your organization. At InFocus, you’ll learn how to set up your own innersource program, why innersource is an important factor in DevOps, and how it creates a positive feedback loop by bringing the philosophies and solutions of the open source community back into DevOps.
Marko: Every organization is unique, with unique processes, challenges, and goals. If you’re just starting out, you may be more focused on experimentation versus finding new ways to automate established processes or build on the tools you’ve already invested in. A large organization that’s been doing security and compliance for years operates differently from a startup. Both may share the same overall goal—building and shipping great customer experiences—but the way they get there doesn’t look the same. Why should it? There are DevOps best practices we can all learn from each other, but staying competitive means focusing and improving the processes that are unique to your business and team. With Skyscanner and Otto Group, you’ll see two different organizations with successful DevOps programs, how they define success, and how they got there.
Marko: Automating CI/CD is just one part of DevOps. Like we saw at Developer Experience Week, there are so many other parts of your software lifecycle you can simplify, whether it’s compliance checks or managing team notifications. Again, it’s all about identifying where your team spends the most time. If your developers are spending more time fixing vulnerabilities than writing code, there are ways to automate that process. If developers are being pulled away to track down Jira tickets or update their work status, GitHub Actions and other integrations make it possible to comment on Jira from within pull requests. These are just some examples, but we’ll be walking through how to automate and manage every part of your DevOps process from one platform.
Jennie: Tools and platforms are fundamental to DevOps because they influence the way your team works, and in time the way your team works shapes your culture, which can ultimately become your biggest competitive advantage. I’m looking forward to hearing from the speakers on all the ways we can help to power a successful DevOps program.
Daniel: In the DevOps world, developer-first doesn’t mean developer-only. Everything we can do to help remove blocks and bottlenecks to help developers turn out better code faster is a win for all. It makes operations easier, it makes security easier, it makes feedback easier, and it makes customer success easier.
Marko: If you’re waiting to try DevOps or bring in more automation, there may never be a “perfect” time. Change creates friction, but it’s important to try new things and give your team space and time to find their way. Listen to developers, continuously gather feedback, and you’ll find the balance between efficiency and trust.
Want to learn more? Tune in to DevOps Week at InFocus starting on March 2 at 9am PT / 12pm ET or check out the full list of sessions.
Start your free trial for 30 days and increase your team’s collaboration. $21 per user/month after trial expires.
Curious about other plans?
In March, we experienced two incidents that resulted in degraded performance across GitHub services.
In February, we experienced two incidents that resulted in degraded performance across GitHub services.
With this version, customers can choose how to best scale their security strategy, gain more control over deployments, and so much more.
Grace Madlinger 
