GitLab Commit Brooklyn: DevOps as a Single Application
Like many vendors in the space of software development tools and services, GitLab, which made its name with version control, is looking to automate and consolidate continuous integration/continuous deployment that comes with software development into a single lifecycle, in order to help organizations rapidly develop, fix and update their software stacks.
“Cycle time compression is the key to business success. Almost every improvement you need to make must be done in software,” GitLab CEO Sid Sijbrandij said during the company’s GitLab Commit Brooklyn event, held Wednesday in New York. And indeed the conference highlighted, reviewed, and predicted many of the ways that a build process, such as one based on GitLab, could be extended and automated to support many additional aspects of IT, such as governance, data operations, and security, as well as to automate as much as possible the building and deployment of applications.
Sijbrandij admitted that the company was not quite there, in terms of offering a complete integrated suite to handle all aspects of software development, though he touted the company’s aggressive schedule to build out features quickly. The range of tools needed would span a lot of different products lines as we now know them: Planning, code management, creation, verification, packaging, security, release management, configuration, and monitoring.
Not all this work will come in-house, though. For instance, the company partnered with HashiCorp to make it easy for operations teams to manage their infrastructure configuration in GitLab, which then can be executed by TerraForm Cloud. GitLab is also bringing HashiCorp’s Vault secrets management tool into the fold as well, giving developers a programmatic way to ensure the security of their distributed applications.
In one demonstration of upcoming technologies, Mark Pundsack, GitLab vice president of product strategy, showed how GitLab automation could tighten security. One of the biggest issues that organizations face today is that of bugs and security vulnerabilities in third-party packages that have been embedded in their own software (“dependencies”). Once software has been shipped, how do you know which dependencies are being used, much less tell if they are still secure?
This feature now being internally prototyped would automatically check if the dependency packages are vulnerable, and temporarily stop the build, if they are. Better yet, the company is also planning a feature that would automatically initiate a build and merge an updated dependency into an existing program, and roll it back if it did not work as expected. While these automated merges may not work for all cases, Pundsack warned, they could work for the majority of them, allowing developers to manage-by-exception, an approach that is usually a time-saver.
Data operations (“DataOps”) could be another area that would benefit from automation and version control. In an afternoon panel, data practitioners talked about the limits of current DataOps practices, and why data couldn’t be managed in similar CI/CD pipelines. Fishtown Analytics‘ Claire Carroll pointed out at most companies, analysts have so many formatting quirks for the data models they use, and often they’re the only ones in the org who know these rules, that it can be a bottleneck. In the panel, GitLab Analytics Data Engineer Emilie Schario recalled that she was once at a job where she spent 80% of her time reconciling two spreadsheets from two execs reporting on the same sales data. “I spent way too much time trying to figure out what was going on.”
GitLab’s own Data Team uses the standard GitLab CI/CD tools to manage all of its own data, both the data models and the source data itself, Schario explained after the panel. No special tools required. Version control can be immensely handy in tracking data as it moves across the enterprise, when conflicting versions of, say, a PowerPoint Presentation may cause issues, noted another panelist, Danielle Morrill, the general manager for the DataOps-focused GitLab startup Meltano.
“I think there is a lot to be said for version control, not just as a working tool, but as a communication tool,” Morrill said.
Field of Opportunity
No doubt, the field of CI/CD is hot, not the least because it is a necessary precursor to cloud native computing, as The Cloud Native Computing Foundation CEO Dan Kohn discussed in his talk. This week, GitLab announced that it has procured a $268 million Series E round of fundraising, pushing the company’s value to its investors up to $2.75 billion, so investors are clearly seeing a growing use of CI/CD. Certainly, the company has many customers who see the need for expanding their software development automations and governance through tools and services.
During the morning’s keynotes, Jasmine James, who’s the Delta Air Lines IT Manager in the company’s DevOps Center of Excellence, explained how the airline found that cloud native computing would help put the company on a path forward to a more customer-centric approach to its business, promising the agility to offer personalized service, easier check-in, better flight rescheduling and other benefits to flyers. Historically, the biggest bottleneck in providing these sorts of benefits has been the infrastructure, she noted.
Financial investment firm Goldman Sachs is moving from supporting 10 separate software development lifecycles for all of its applications to a central GitLab-based one, a migration it hopes will set the stage for more agile use of the cloud, noted Goldman Sachs Vice President and Technology Fellow George Grant, in another talk. Within two weeks of setting up the internal services, over 1,600 Goldman Sachs developers started using the git-based service, without prompting, he noted.