SlideShare a Scribd company logo

Aligning Your Team and Your Powers for Success

Download as PPTX, PDF
S
SeniorStoryteller

Mike Worthington from Sonatype gave a presentation on aligning teams and establishing a software supply chain for success. He discussed how most software projects have hundreds of components with frequent updates but many have known vulnerabilities and lack governance. Applying principles like component selection, quality control, and monitoring assemblies can help. Worthington also covered getting started, building bridges between teams, setting expectations, and defining meaningful success metrics like time to value and quality measures.

Technology
1 of 33
Downloaded 38 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Dallas, TX April 5, 2016 Mentor’s View: Aligning your team and your powers for success Mike Worthington, Customer Success Engineer, Sonatype
Agenda 2 4/11/2016 • Software Supply Chain & Rugged DevOps • Getting Started on Your Journey • Interactive Demo – Setting Policy • Policy Results in Jenkins & Eclipse • Meaningful Success Metrics
The Software Supply Chain 3 4/11/2016 • Hundreds of thousands of projects • 3-4 updates annually • 30 billion download requests last year • 1 in 16 have known vulnerabilities • 43% have no component governance • 75% of those who do don’t enforce it • 106 components per application • 24 known vulnerabilities • 73% have no inventory
If manufacturers built cars the way we build software… 4 4/11/2016 Any part can be used even if it’s outdated or known to be unsafe. Since parts aren’t tracked, it’s challenging to issue a recall. There is no quality control or consistency from car to car. There is no inventory of parts used, or where. Choose any supplier for any part, regardless of quality.
5 4/11/2016 Apply Software Supply Chain Principles For Rugged DevOps
Supplier & component selection (3rd party or Proprietary) Component quality & governance Monitoring components & assemblies (patches, updates, vulns, age) Guidelines & policies Bill of Materials Warehouse & Staging Image: Gartner Research, March 2016: Avoid Failure by Developing a Toolchain that Enables DevOps Nexus Automates Software Supply Chain Practices Across The Devops Toolchain
Getting started on your journey 7 4/11/2016 Rugged DevOps, Software Supply Chain, Now What? • The Hero’s Journey • Align Your Heroes • Building Bridges • Setting Expectations
Building a trusted software supply chain 8 4/11/2016
Different stakeholders, different priorities 9 4/11/2016 Where’s that release? Done! On to the next sprint. Now, where are we in that process?
10 4/11/2016 Building a better bridge between Dev, Ops & Sec • Tooling needs to adopt the practice of the practitioner • A tool is not a process and a process is not a tool; learn to leverage both
Two philosophies Support & guide • Objective information across the lifecycle • Each performs the task they are good at • Faster component selection and issue resolution • Bridges the developer “compliance” gap 11 4/11/2016 Scan & scold • Reactive information late in the lifecycle • Creates rework and slows remediation • Hinders technology innovation • More expensive
12 4/11/2016 Building a good component practice Phase 3 Reducing risk & enforcing compliance Phase 2 Creating policy & rating risk Phase 1 Understanding your environment
13 4/11/2016 Communicate expectations Determine lifecycle enforcement strategy: Allows developers time to research & fix or to request waivers Everything is documented on an internal WIKI Development CI Build Promotion to staging or release
Fix the Red – Actionable? 14 4/11/2016
Fix the Red – Actionable? 15 4/11/2016
Interactive policy development 16 4/11/2016
17 4/11/2016 What is policy?
18 4/11/2016 Out-of-the-box policies with easy customization Architecture Component License Security
IQ Server Policy Definition 19 4/11/2016 DEMO
IQ Server policy definition 20 4/11/2016
Jenkins & IDE integration 21 4/11/2016 DEMO
Toolchain integration – IDE & CI Server 22 4/11/2016
23 4/11/2016 ZTTR (Zero Time to Remediation) EMPOWER DEVELOPERS FROM THE START1
24 4/11/2016 DESIGN A FRICTIONLESS APPROACH 2
25 4/11/2016 CREATE A SOFTWARE BILL OF MATERIALS 3
Defining Meaningful Success Metrics 26 4/11/2016 http://www.aintitcool.com/node/44547
It’s Not What You Measure… 27 4/11/2016 http://ronjeffries.com/articles/016-03/you-want/
…It’s the Behavior that Results 28 4/11/2016 Manager: “Nathan, this isn’t fair. You’re just showing the number of stories, not how big they are.” Nathan: “That’s right.” Manager: “But that’s not fair!” Nathan: [silent] Manager: “All I’d have to do would be to divide up my stories into little bits and release those every month.” Nathan: [silent, smiling] Manager: “Oh.” Soon, the manager was doing small stories, to the benefit of everyone. http://ronjeffries.com/articles/016-03/you-want/
Success Metrics 29 4/11/2016 • Short Term – Time to Value • “By the end of the workshop, we configured ~80% of our policies. Just six business days after training, we have made the test environment available in our organization” • Long Term – Quality Metrics • MTTR • WIP • New violations delivered to production
Q&A 30 4/11/2016
Wrap Up 31 4/11/2016 • Manage your Software Supply Chain • Collaborate with counterparts – BA/PM/Dev/QA/Ops/Sec. • Discuss mutual interdependence and shared objectives • Automated Real-Time Feedback is a win-win • http://bit.ly/app-check
We’re here, engaged & READY TO HELP 32 Nexus Newsletter Nexus Live – Google Hangouts Cool Things in 2 Minutes Customer Success Team Training On-Site or OnlineOnline Knowledge BaseNexus Community Pages Books Online
Dallas, TX April 5, 2016 Mike Worthington - http://bit.ly/mwsonatype Customer Success Engineer, Sonatype

More Related Content

PPTX
The DevOps Hero Toolkit: Nexus, Jenkins and Docker
SeniorStoryteller
 
PPTX
Leveraging Nexus Repository Manager at the Heart of DevOps
SeniorStoryteller
 
PPTX
VI package manager
DMC, Inc.
 
PDF
NI Package Manager
DMC, Inc.
 
PDF
Continuous integration / deployment with Jenkins
cherryhillco
 
PDF
Deployer
Michael Trestianu
 
PPTX
Hidden Treasure - TestComplete Script Extensions
SmartBear
 
PDF
TYPO3 CMS Release Cycles after 6.2 LTS (Draft)
Ernesto Baschny
 
The DevOps Hero Toolkit: Nexus, Jenkins and Docker
SeniorStoryteller
 
Leveraging Nexus Repository Manager at the Heart of DevOps
SeniorStoryteller
 
VI package manager
DMC, Inc.
 
NI Package Manager
DMC, Inc.
 
Continuous integration / deployment with Jenkins
cherryhillco
 
Deployer
Michael Trestianu
 
Hidden Treasure - TestComplete Script Extensions
SmartBear
 
TYPO3 CMS Release Cycles after 6.2 LTS (Draft)
Ernesto Baschny
 

Similar to Aligning Your Team and Your Powers for Success (20)

PPTX
Rugged DevOps: Aligning Your Team and Your Powers for Success
SeniorStoryteller
 
PPTX
Mentors View: Aligning Your Team and Your Powers for Success
Sonatype
 
PPTX
ALM Practices - Modern Applications Development and its impact on ALM
especificacoes.com
 
PDF
(True DevOps is all about) creating better software
Software Guru
 
PDF
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
CloudBees
 
PDF
Not a DevOps talk - Coté
DevOpsDaysJKT
 
PDF
2015 06-24 innovation in the large enterprise final-v2
Jeffrey Einhorn
 
PDF
Next Gen Continuous Delivery: Connecting Business Initiatives to the IT Roadmap
Headspring
 
PDF
DevOps and End to End Visibility with Ed Gaile
AUGNYC
 
PDF
DevOps and End to End Visibility with Ed Gaile
AUGNYC
 
PDF
Our Journey to Agile in the Microsoft Developer Division
TechWell
 
PPTX
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
XebiaLabs
 
PDF
Shift Left with Continuous Inspection
Serena Software
 
PPTX
Not Actually a DevOps Talk, or, Beyond “Survival is Not Mandatory”
VMware Tanzu
 
PPTX
Mike Walls (Revera)
AgileNZ Conference
 
PDF
Hans Eckman: 7 Agile and DevOps Insights I Wish I Knew Earlier
Edunomica
 
PPTX
Agile metrics - Agile KC Meeting 9/26/13
molsonkc
 
PDF
Agile and continuous delivery – How IBM Watson Workspace is built
Vincent Burckhardt
 
PDF
Microservices Workshop - Craft Conference
Adrian Cockcroft
 
PDF
5 Steps on the Way to Continuous Delivery
XebiaLabs
 
Rugged DevOps: Aligning Your Team and Your Powers for Success
SeniorStoryteller
 
Mentors View: Aligning Your Team and Your Powers for Success
Sonatype
 
ALM Practices - Modern Applications Development and its impact on ALM
especificacoes.com
 
(True DevOps is all about) creating better software
Software Guru
 
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
CloudBees
 
Not a DevOps talk - Coté
DevOpsDaysJKT
 
2015 06-24 innovation in the large enterprise final-v2
Jeffrey Einhorn
 
Next Gen Continuous Delivery: Connecting Business Initiatives to the IT Roadmap
Headspring
 
DevOps and End to End Visibility with Ed Gaile
AUGNYC
 
DevOps and End to End Visibility with Ed Gaile
AUGNYC
 
Our Journey to Agile in the Microsoft Developer Division
TechWell
 
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
XebiaLabs
 
Shift Left with Continuous Inspection
Serena Software
 
Not Actually a DevOps Talk, or, Beyond “Survival is Not Mandatory”
VMware Tanzu
 
Mike Walls (Revera)
AgileNZ Conference
 
Hans Eckman: 7 Agile and DevOps Insights I Wish I Knew Earlier
Edunomica
 
Agile metrics - Agile KC Meeting 9/26/13
molsonkc
 
Agile and continuous delivery – How IBM Watson Workspace is built
Vincent Burckhardt
 
Microservices Workshop - Craft Conference
Adrian Cockcroft
 
5 Steps on the Way to Continuous Delivery
XebiaLabs
 
Ad

More from SeniorStoryteller (20)

PPTX
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
SeniorStoryteller
 
PPTX
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
SeniorStoryteller
 
PDF
Implementing DevOps in a Regulated Environment - DJ Schleen
SeniorStoryteller
 
PPTX
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
SeniorStoryteller
 
PPTX
Making Security Agile - Oleg Gryb
SeniorStoryteller
 
PDF
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
SeniorStoryteller
 
PDF
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
SeniorStoryteller
 
PDF
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
SeniorStoryteller
 
PDF
Ops Happens: DevOps Beyond Deployment - Damon Edwards
SeniorStoryteller
 
PDF
Building Security In - A Tale of Two Stories - Laksh Raghavan
SeniorStoryteller
 
PDF
Breaking Bad Equilibruim - John Willis
SeniorStoryteller
 
PDF
DevSecOps - Building Rugged Software
SeniorStoryteller
 
PPTX
NuGet Package Management Done Right
SeniorStoryteller
 
PPTX
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
SeniorStoryteller
 
PPTX
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller
 
PPTX
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
 
PPTX
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
SeniorStoryteller
 
PDF
Heroes’ Journey: Learning from Successful DevOps Transformations
SeniorStoryteller
 
PPTX
Create Rugged Applications: Managing Your Software Supply Chain
SeniorStoryteller
 
PDF
Guns, Germs and Microservices w/ John Willis and Josh Corman
SeniorStoryteller
 
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
SeniorStoryteller
 
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
SeniorStoryteller
 
Implementing DevOps in a Regulated Environment - DJ Schleen
SeniorStoryteller
 
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
SeniorStoryteller
 
Making Security Agile - Oleg Gryb
SeniorStoryteller
 
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
SeniorStoryteller
 
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
SeniorStoryteller
 
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
SeniorStoryteller
 
Ops Happens: DevOps Beyond Deployment - Damon Edwards
SeniorStoryteller
 
Building Security In - A Tale of Two Stories - Laksh Raghavan
SeniorStoryteller
 
Breaking Bad Equilibruim - John Willis
SeniorStoryteller
 
DevSecOps - Building Rugged Software
SeniorStoryteller
 
NuGet Package Management Done Right
SeniorStoryteller
 
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
SeniorStoryteller
 
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller
 
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
SeniorStoryteller
 
Heroes’ Journey: Learning from Successful DevOps Transformations
SeniorStoryteller
 
Create Rugged Applications: Managing Your Software Supply Chain
SeniorStoryteller
 
Guns, Germs and Microservices w/ John Willis and Josh Corman
SeniorStoryteller
 
Ad

Recently uploaded (20)

PDF
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
PDF
Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGIS
Safe Software
 
PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PDF
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
PDF
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
PDF
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PPTX
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
PPTX
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PPTX
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PPTX
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
PDF
The Future of Artificial Intelligence (AI)
Mukul
 
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
Peak of Data & AI Encore - Real-Time Insights & Scalable Editing with ArcGIS
Safe Software
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
 
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
The Future of Artificial Intelligence (AI)
Mukul
 

Aligning Your Team and Your Powers for Success

  • 1. Dallas, TX April 5, 2016 Mentor’s View: Aligning your team and your powers for success Mike Worthington, Customer Success Engineer, Sonatype
  • 2. Agenda 2 4/11/2016 • Software Supply Chain & Rugged DevOps • Getting Started on Your Journey • Interactive Demo – Setting Policy • Policy Results in Jenkins & Eclipse • Meaningful Success Metrics
  • 3. The Software Supply Chain 3 4/11/2016 • Hundreds of thousands of projects • 3-4 updates annually • 30 billion download requests last year • 1 in 16 have known vulnerabilities • 43% have no component governance • 75% of those who do don’t enforce it • 106 components per application • 24 known vulnerabilities • 73% have no inventory
  • 4. If manufacturers built cars the way we build software… 4 4/11/2016 Any part can be used even if it’s outdated or known to be unsafe. Since parts aren’t tracked, it’s challenging to issue a recall. There is no quality control or consistency from car to car. There is no inventory of parts used, or where. Choose any supplier for any part, regardless of quality.
  • 5. 5 4/11/2016 Apply Software Supply Chain Principles For Rugged DevOps
  • 6. Supplier & component selection (3rd party or Proprietary) Component quality & governance Monitoring components & assemblies (patches, updates, vulns, age) Guidelines & policies Bill of Materials Warehouse & Staging Image: Gartner Research, March 2016: Avoid Failure by Developing a Toolchain that Enables DevOps Nexus Automates Software Supply Chain Practices Across The Devops Toolchain
  • 7. Getting started on your journey 7 4/11/2016 Rugged DevOps, Software Supply Chain, Now What? • The Hero’s Journey • Align Your Heroes • Building Bridges • Setting Expectations
  • 8. Building a trusted software supply chain 8 4/11/2016
  • 9. Different stakeholders, different priorities 9 4/11/2016 Where’s that release? Done! On to the next sprint. Now, where are we in that process?
  • 10. 10 4/11/2016 Building a better bridge between Dev, Ops & Sec • Tooling needs to adopt the practice of the practitioner • A tool is not a process and a process is not a tool; learn to leverage both
  • 11. Two philosophies Support & guide • Objective information across the lifecycle • Each performs the task they are good at • Faster component selection and issue resolution • Bridges the developer “compliance” gap 11 4/11/2016 Scan & scold • Reactive information late in the lifecycle • Creates rework and slows remediation • Hinders technology innovation • More expensive
  • 12. 12 4/11/2016 Building a good component practice Phase 3 Reducing risk & enforcing compliance Phase 2 Creating policy & rating risk Phase 1 Understanding your environment
  • 13. 13 4/11/2016 Communicate expectations Determine lifecycle enforcement strategy: Allows developers time to research & fix or to request waivers Everything is documented on an internal WIKI Development CI Build Promotion to staging or release
  • 14. Fix the Red – Actionable? 14 4/11/2016
  • 15. Fix the Red – Actionable? 15 4/11/2016
  • 18. 18 4/11/2016 Out-of-the-box policies with easy customization Architecture Component License Security
  • 19. IQ Server Policy Definition 19 4/11/2016 DEMO
  • 20. IQ Server policy definition 20 4/11/2016
  • 21. Jenkins & IDE integration 21 4/11/2016 DEMO
  • 22. Toolchain integration – IDE & CI Server 22 4/11/2016
  • 23. 23 4/11/2016 ZTTR (Zero Time to Remediation) EMPOWER DEVELOPERS FROM THE START1
  • 24. 24 4/11/2016 DESIGN A FRICTIONLESS APPROACH 2
  • 25. 25 4/11/2016 CREATE A SOFTWARE BILL OF MATERIALS 3
  • 26. Defining Meaningful Success Metrics 26 4/11/2016 http://www.aintitcool.com/node/44547
  • 27. It’s Not What You Measure… 27 4/11/2016 http://ronjeffries.com/articles/016-03/you-want/
  • 28. …It’s the Behavior that Results 28 4/11/2016 Manager: “Nathan, this isn’t fair. You’re just showing the number of stories, not how big they are.” Nathan: “That’s right.” Manager: “But that’s not fair!” Nathan: [silent] Manager: “All I’d have to do would be to divide up my stories into little bits and release those every month.” Nathan: [silent, smiling] Manager: “Oh.” Soon, the manager was doing small stories, to the benefit of everyone. http://ronjeffries.com/articles/016-03/you-want/
  • 29. Success Metrics 29 4/11/2016 • Short Term – Time to Value • “By the end of the workshop, we configured ~80% of our policies. Just six business days after training, we have made the test environment available in our organization” • Long Term – Quality Metrics • MTTR • WIP • New violations delivered to production
  • 31. Wrap Up 31 4/11/2016 • Manage your Software Supply Chain • Collaborate with counterparts – BA/PM/Dev/QA/Ops/Sec. • Discuss mutual interdependence and shared objectives • Automated Real-Time Feedback is a win-win • http://bit.ly/app-check
  • 32. We’re here, engaged & READY TO HELP 32 Nexus Newsletter Nexus Live – Google Hangouts Cool Things in 2 Minutes Customer Success Team Training On-Site or OnlineOnline Knowledge BaseNexus Community Pages Books Online
  • 33. Dallas, TX April 5, 2016 Mike Worthington - http://bit.ly/mwsonatype Customer Success Engineer, Sonatype