Accelerating Flow with DevSecOps and the Software Factory
As you know, the DevSecOps mindset, culture, and technical practices are critical for business agility and overall organizational success. SAFe provides guidance to organize around value, improve quality, build a continuous delivery pipeline, and reduce lead time. Now Peter Vollmer, SAFe SPCT and Distinguished Technologist at Micro Focus, has provided a new advanced topic article with deep, practical advice on how to succeed with your DevOps implementation at enterprise scale with a ‘software factory’.
Two mental models help create a common understanding of the problem. The first model shows how undone work (the additional work required to release after the team is “done” with a Feature or Story) delays delivery and must become part of regular flow. The second provides a unique perspective to value stream mapping by mapping the CI/CD toolchain. Where SAFe’s value stream mapping focuses on delays and the accuracy of activities, Peter’s approach focuses on the same attributes for the tools across the pipeline.
With an understanding of flow and the current toolchain, Peter goes on to describe the software factory’s value and how to create it. Successfully implementing DevSecOps requires broad skills and expertise, which raises the cognitive load on development teams. A software factory reduces that load by providing a standard, integrated, validated toolchain for the CI/CD pipeline and a set of engineering services to support them. Software factories are built iteratively by the product teams. Peter provides advice on how to create a software factory and the types of practices a factory should support.
And we cannot leave out security, compliance, and oversight of governance personnel, which can slow the adoption. Peter advocates an “embrace the inspector” (from David Marquet’s Turn the Ship Around) mindset, where governance is viewed as a resource and improves collaboration with teams.
You can find Peter’s new article here.