1. WELCOME
2. THOUGHTS FROM THE CTO
3. QTR1 – DEVOPS TEAM WINS
4. QTR1 – INFRA AUTOMATION TEAM WINS
5. QTR2 – TEAM FOCUS
6. TECH BITS
7. ABOUT THE TEAM, TEAM NEWS AND ANNOUCEMENTS
8. THANK YOU
WELCOME
Hello and welcome to the inaugural issue of the first newsletter from the DevOps Engineering and Infrastructure Automation team at VyStar!
At VyStar today, we are at an exciting point in our journey where the possibilities of what we can achieve are boundless. Our aim with this newsletter is not just to keep you updated on the latest activities around the technologies and practices in DevOps engineering and Infrastructure Automation but also to foster a high level of communication and sharing and contribute to the culture of continuous learning, continuous improvement and celebration of change.
Through this newsletter, we will continuously strive:
To Inform: Provide updates on latest developments, achievements and activities in our area, ensuring everyone is aware of new tools, technologies and methodologies
To Inspire: Share success stories, case studies, and innovative approaches from within our team and the wider VyStar community, to inspire creativity and problem-solving.
To Connect: Foster a sense of community and collaboration among team members by highlighting team achievements, upcoming events, and opportunities for professional development and engagement
So, as we embark on this path together, let's stay curious, embrace the challenges that come with change, and support each other in our collective pursuit of excellence. Your insights, feedback, and contributions are what will make this journey a success. Here's to a future that we build together, one innovation at a time.
- Sujit Gangadharan - VP (DevOps Engineering and Infrastructure Automation)
Great team collaboration working on - Veracode Scan implementation with OMB Development team and Security teams
- Network engineering and Security Firewall team for SonarQube infrastructure configuration and setup
Anurag Sharma
Friends, Countrymen, Romans, Lend me your ears and I will give you technology freedom.
Long years ago we made a tryst with destiny, and now the time comes when we shall redeem our pledge, not wholly or in full measure, but very substantially. At the stroke of the midnight hour, when the world sleeps, India will awake to life and freedom. A moment comes, which comes but rarely in history, when we step out from the old to the new, when an age ends, and when the soul of a nation, long suppressed, finds utterance.
It is fitting that at this solemn moment, we take the pledge of dedication to the service of India and her people and to the still larger cause of humanity. At the dawn of history, India started on her unending quest, and trackless centuries are filled with her striving and grandeur of her success and failures. Through good and ill fortune alike, she has never lost sight of that quest, forgotten the ideals which gave her strength. We end today a period of misfortunes and India discovers herself again. The achievement we celebrate today is but a step, an opening of opportunity to the greater triumphs and achievements that await us. Are we brave enough and wise enough to grasp this opportunity and accept the challenge of the future? Freedom and power bring responsibility.
2
2
QTR 1 – DEVOPS ENGG TEAM WINS
OPERATIONALIZATION of SERVICES DELIVERY STRUCTURE
DevOps Engineering and Infra Automation teams have organized their delivery process around Agile Scrum, with 2 week Sprints.
The team follows a process that includes - Quarterly Planning - Backlog grooming - Sprint planning - Daily standups - Sprint Review(Demo) and Sprint retrospectives.
VEARACODE SECURITY SCANNING INTEGRATED WITH CICD PIPELINE
Workflow representing the Veracode Security Scanning implemented for OMB Pipeline
DEVOPS COMMUNITY OF PRACTICE
Launched the DevOps Community of Practice involving key stakeholders across the organization who meet once a month for discussing topics around DevOps.
The Group discusses topics around – DevOps architecture – Adoption – Challenges –Best Practices. The Forum also provides an opportunity to provide feedback, raise awareness around common challenges and provides input into prioritizing the Backlog of work for the DevOps team
TOTAL SPRINT POINTS
DELIVERED in QTR 1
Veracode Security Scanning
TOTAL SPRINT POINTS
DELIVERED in QTR 1
TOTAL SPRINT POINTS
DELIVERED in QTR 1
OMBHotfix Updates
Service Pack Updates
Application Releases
Some stats and numbers below:
TOTAL
TOTAL
SONARQUBE IMPLEMENTATION
DevOps Engineering and Infra Automation teams have organized their delivery process around Agile Scrum, with 2 week Sprints.
The team follows a process that includes - Quarterly Planning - Backlog grooming - Sprint planning - Daily standups - Sprint Review(Demo) and Sprint retrospectives.
PIPELINE 2.0
Shared Pipelines
Pipeline Maturity Tracking
RED HAT ANSIBLE ONBOARDING
Ansible Purchasing
Ansible Installation
POC, roadmap
Roadmap Execution
TOTAL SPRINT POINTS
DELIVERED in QTR 1
TOTAL SPRINT POINTS
DELIVERED in QTR 1
TOTAL SPRINT POINTS DELIVERED in QTR 1
OMB Veracode Security ScanningTECH BITS
Elevating Development with SonarQube and Veracode
SonarQube focuses on maintaining and improving code quality, Veracode provides comprehensive security scanning solutions.
SonarQube: Mastering Code Quality
Comprehensive Code Analysis: SonarQube performs automatic reviews with static code analysis to detect bugs, code smells, and security vulnerabilities in your codebase
Continuous Integration (CI) Compatibility: Easily integrated into CI pipelines, SonarQube provides real-time feedback on code quality with each commit.
Customizable Quality Gates: Developers can define specific criteria, or "Quality Gates," that code changes must pass before being merged or released.
Technical Debt Management: SonarQube quantifies technical debt, providing actionable insights into the time and effort required to fix issues.
Veracode: Ensuring Code Security
• Static Application Security Testing (SAST): Veracode's SAST tools analyze source code to identify security vulnerabilities early in the development cycle, helping to prevent potential exploits and data breaches.
Software Composition Analysis (SCA): Veracode scans open-source libraries and third-party code for vulnerabilities, providing visibility into security risks associated with these components and recommending safer alternatives.
Scalable Cloud-Based Platform: As a cloud-based solution, Veracode offers scalability and ease of use without the need for extensive hardware or software setup, making it accessible for teams of all sizes.
Compliance and Reporting: Veracode helps ensure compliance with industry standards and regulations by providing detailed reports and insights into the security posture of your applications, facilitating informed decision-making and risk management.
Integrating SonarQube and Veracode into your development pipeline empowers your team to write not only high-quality code but also secure code, right from the start. Utilizing these tools effectively can lead to more reliable, secure applications, enhanced team productivity, and a significant reduction in post-release bugs and security incidents.
---Sujit Gangadharan