Acceptance testing: typically high-level testing of the entire system carried out to determine whether the overall quality of both new and existing features is good enough for the system to go to production.
Application release orchestration (ARO): tools, scripts, or products that automatically install and correctly configure a given version of an application in a target environment, ready for use. Also referred to as “application release automation” (ARA) or “continuous delivery and release automation” (CDRA).
Black box testing: a testing or quality assurance practice that assumes no knowledge of the inner workings of the system being tested, and which thus attempts to verify external rather than internal behavior or state.
Build agent: a type of agent used in continuous integration that can be installed locally or remotely in relation to the continuous integration server. It sends and receives messages about handling software builds.
Build automation: tools or frameworks that allow source code to be automatically compiled into releasable binaries. Usually includes code-level unit testing to ensure individual pieces of code behave as expected.
Configuration as code: a system configuration management technique in which the configuration for machines, applications, jobs, etc. is specified in code and kept in version control, allowing teams to configure applications/systems/jobs in seconds.
Configuration drift: a term for the general tendency of software and hardware configurations to drift, or become inconsistent, with the template version of the system due to manual ad hoc changes (like hotfixes) that are not introduced back into the template.
Container: similar but more lightweight than a virtual machine, containers are stand-alone, executable packages containing everything needed to run a piece of software: code, runtime, system tools, system libraries, settings, and so on.
Continuous delivery (CD): a set of processes and practices that radically removes waste from your software production process, enables faster delivery of high-quality functionality, and sets up a rapid and effective feedback loop between your business and your users.
Continuous integration (CI): a development practice that requires developers to integrate code into a shared repository several times a day. Each check-in is then verified by an automated build, allowing teams to detect problems early.
Delivery pipeline: a sequence of orchestrated, automated tasks implementing the software delivery process for a new application version. Each step in the pipeline is intended to increase the level of confidence in the new version to the point where a go/no-go decision can be made. A delivery pipeline can be considered the result of optimizing an organization’s release process.
DevOps – development + operations: a portmanteau of development and operations, DevOps is a set of processes, practices, and tools that improve communication, collaboration, and processes between the various roles in the software development cycle, resulting in delivery of better software with speed and stability.
DevSecOps: the practice of integrating security into the DevOps process.
Feedback loops: creating fast and continuous feedback between operations and development early in the software delivery process is a major principle underpinning DevOps. Doing so not only helps to ensure that you’re giving customers what they actually want, it lightens the load on development, reduces the fear of deployment, creates a better relationship between dev and ops, and heightens productivity.
Governance: in IT, governance refers to the process by which organizations evaluate and ensure that their tech investments are performing as expected and not introducing new risk. A formal governance process also helps companies ensure that IT activities are aligned with business goals, while also ensuring that everything is compliant with common standards, such as OWASP, PCI 3.2, and CWE/SANS.
Infrastructure as code: a system configuration management technique in which machines, network devices, operating systems, middleware, etc. are specified in a fully automatable format. The specification or “blueprint” is regarded as code that is executed by provisioning tools, kept in version control and generally subject to the same practices used for application code development.
Infrastructure as a service (IaaS): cloud-hosted virtualized machines, usually billed on a “pay as you go” basis. Users have full control of the machines but need to install and configure any required middleware and applications themselves.
Jenkins: Jenkins, the open source automation server written in Java, has long been the de facto standard for continuous integration. With Jenkins, developers can integrate their code into a shared repository several times a day. As organizations look to scale their software delivery processes, they often find that Jenkins requires too much scripting and/or maintaining of workflows, and that they need to expand to continuous delivery. Continuous delivery not only leverages tools for continuous integration, but also for end-to-end release orchestration, test automation, security, IT service management, and more.
Lean: “lean manufacturing,” or “lean production,” is an approach or methodology that aims to reduce waste in a production process by focusing on preserving value. Largely derived from practices developed by Toyota in car manufacturing, lean concepts have been applied to software development as part of agile methodologies. The value stream map, which attempts to visually identify valuable and wasteful process steps, is a key lean tool.
Non-functional requirements (NFRs): the specification of system qualities, such as ease of use, clarity of design, latency, speed, and ability to handle large numbers of users, that describe how easily or effectively a piece of functionality can be used, rather than simply whether it exists. These characteristics can also be addressed and improved using the continuous delivery feedback loop.
Open source: refers to a program or application with source code that can be modified by anyone. There are a variety of open source frameworks, like AngularJS and React, open source tools, like Gradle and Jenkins, and open source libraries, like JHipster, that can be used to improve specific software development and deployment processes. In a complex enterprise environment, a DevOps platform can integrate open source tools and streamline them into the delivery pipeline.
Platform as a service (PaaS): cloud-hosted application runtimes, usually billed on a “pay as you go” basis. Customers provide the application code and limited configuration settings, while the middleware, databases, and so on are part of the provided runtime.
Provisioning: the process of preparing new systems for users. In a continuous delivery scenario, this work is typically done by development or test teams. The systems are generally virtualized and instantiated on demand. Configuration of the machines to install operating systems, middleware, and so on is handled by automated system configuration management tools, which also verify that the desired configuration is maintained.
Regression testing: testing of the end-to-end system to verify that changes to an application did not negatively impact existing functionality.
Release management: the process of managing software releases from the development stage to the actual software release itself.
Shifting left: with increasing delivery speed comes increasing security risks and compliance issues across different applications, teams, and environments. Shifting left refers to integrating risk assessment, security testing, and compliance evaluation processes earlier in the delivery pipeline. Doing so makes it cheaper and easier to address potential release delays or failures, security vulnerabilities that threaten production, and IT governance violations that result in expensive fines.
Test-driven development (TDD): a development practice in which small tests to verify the behavior of a piece of code are written before the code itself. The tests initially fail, and the aim of the developer(s) is then to add code to make them succeed.
Unit testing: code-level (i.e., does not require a fully installed end-to-end system to run) testing to verify the behavior of individual pieces of code. Test-driven development makes extensive use of unit tests to describe and verify intended behavior.
Value stream mapping: a process visualization improvement technique used heavily in lean manufacturing and engineering approaches. Value stream maps are used to identify essential process steps vs. “waste” that can be progressively eliminated from the process.
Version control system (VCS): a system that records changes to a file or set of files over time so that you can recall specific versions later. (GitHub, GitLab, Subversion, etc.)
Virtualization: a systems management approach in which users and applications do not use physical machines, but simulated systems running on actual, “real” hardware. Such “virtual machines” can be automatically created, started, stopped, cloned, and discarded in a matter of seconds, giving operations tremendous flexibility.
White box testing: a testing or quality assurance practice that is based on verifying the correct functioning of the internals of a system by examining its (internal) behavior and state as it runs.
Zero tolerance: as in, zero tolerance for failures in production. Customers have zero tolerance for failure. A deployment failure or any kind of service interruption to customer-facing software can have a catastrophic impact on an organization, especially those in highly regulated industries.