cdCon talk by Jamie Plower from Fidelity Investments. “DevOps Intelligence: Scaling Governance, Compliance, & Security across an enterprise of 15K developers”
“continuous compliance” They have a portfolio of components that folks can mix and match for building out a compliant pipeline.
“Policy as code” is a default component of their stack.
They built:
- innersource first
- rewrite internal tools to learn from past mistakes
- built for flexibility. core principe: “enable teams to follow a standard certified pipeline, but let them compose bespoke workflows using catalog segments”
- “devops council” got alignment w/ senior BU stakeholdres
They had a large number of workloads (web services, event driven apps, batch, virtual desktops, etc) that they needed to align.
They broke down their pipeline into individual components (e.g. “sonar scan”). Then they instrumented each of these w/ logs and telemetry. Allowed them to get an understanding of who is using what, get visibility into the KPIs of the pipelines, and funneled information back to the engineering teams responsible for those components.
so pipeline uses components. Components send events into their “intellgence hub” which is the telemetry thing from above.
ITSM - it service management
Their pipeline is able to track things from git sha to build id to artifact id. Basically commit through production.
“In our competitive environment, we can’t afford to have multiple people build it wrong.” - Expressing the importance of inner sourcing and having folks help build a more blessed thing, rather then everyone inventing their own.
Questions:
- curious about the devops council.
- C-level management & developers