DevOps is a software development methodology that accelerates the delivery of high-performance applications and services by combining and automating the work of software development (Dev) and IT operations (Ops) teams.
DevOps outlines both a software development process and an organizational culture shift that fosters coordination and collaboration between the development team and IT operations teams. These two groups traditionally practiced separately from each other in distinct silos. In the DevOps methodology, they work as one team with a set of shared tools and practices.
The hallmarks of DevOps are continuous integration and continuous delivery (CI/CD), which support smaller, faster software updates. With CI/CD, small chunks of new code are merged into the code base at frequent intervals, and then automatically integrated, tested and prepared for deployment to the production environment.
DevOps is an evolution of the agile software development methodology, which emerged as an alternative to the waterfall methodology. In the waterfall approach, software development teams spent months developing large bodies of code, which then underwent months of testing before release. In contrast, agile development takes an iterative approach to the software delivery lifecycle.
DevOps adds new processes and tools to the agile methodology, notably the automation of much of the CI/CD pipeline.
Ultimately, DevOps is about meeting software users’ demands for frequent, innovative new features and uninterrupted performance and availability.
DevOps entails both a set of automated workflows, called the “DevOps lifecycle,” and a culture shift to support those workflows.
Industry newsletter
Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement.
Your subscription will be delivered in English. You will find an unsubscribe link in every newsletter. You can manage your subscriptions or unsubscribe here. Refer to our IBM Privacy Statement for more information.
The DevOps lifecycle is designed to optimize the rapid delivery of high-quality software. It includes a series of iterative, automated workflows that run within a larger automated and iterative development lifecycle.
The names and orders of the workflows can vary between organizations, but the DevOps lifecycle typically includes eight core steps.
First, teams scope out new features and functions for the next release. During this workflow, they draw on user feedback, case studies and inputs from internal stakeholders such as platform and infrastructure engineers, security, compliance, governance, risk management and line-of-business teams.
The goal of the planning stage is to create a backlog document. The backlog is a prioritized list of new features, improvements and bug fixes that will be added to the product over time.
The DevOps team codes the new and enhanced features identified in the backlog. Common coding practices in DevOps include:
Developers often use their local workstations to write and test code before sending it down to the next stage of the continuous delivery pipeline.
New code is integrated into the existing code base, then tested and packaged for release and deployment. Activities that are often automated at this stage include merging code changes into a master copy; placing the updated code into a repository; and compiling, testing and packaging code into an executable file.
In DevOps, the output of the build phase is often stored in a binary repository. Unlike a source code repository, a binary repository stores packaged outputs, such as libraries and executable files, to be reused in other phases of the development lifecycle.
DevOps teams use testing, typically automated testing, to make sure that the updated application meets appropriate standards and requirements.
The classical DevOps approach includes a discrete test phase that occurs between building and release. However, DevOps has advanced such that certain elements of testing can occur throughout the process. Unit tests—tests of small pieces of code in isolation—might run during the coding phase. After integrating new code, linting programs might analyze it for errors.
Continuous testing helps implement the principle of shift-left testing, a software development approach that emphasizes moving testing activities earlier in the development process. This approach helps organizations identify problems sooner and remediate them more effectively.
The release stage is the last workflow before users access the application. This stage includes a series of final tests to ensure that the software meets quality, compliance and security standards and is ready for external use.
If errors or defects are found, the team has a chance to intercept and remediate any problems before users see them. When all issues are fixed and the application meets all requirements, it can be released to the production environment. In most DevOps pipelines, this process is largely automated.
The release stage might also involve the provisioning of infrastructure components such as servers, databases and load balancers. DevOps often uses infrastructure as code to automate this process.
At this stage, the project moves to a production environment where users can access the updated application.
Many organizations deploy first to a subset of end users to ensure that the application works properly. When stability is established, the application can be deployed to everyone.
In this stage, DevOps teams check that new features are running smoothly and are available to users with no interruptions in service. They use automated observability and management tools to continuously monitor and optimize operations to make sure that network, storage, platform, compute and security postures are all working properly.
In this stage, teams collect and analyze feedback from users and lessons from previous workflows to help improve processes and products going forward. This continuous monitoring of features, functions, performance and business value informs the planning for the next release of new features and enhancements.
The DevOps culture is characterized by a commitment to collaboration, communication and automation.
At the project management level, DevOps requires continuous communication and shared responsibility among all software delivery stakeholders to innovate quickly and focus on quality from the start. Stakeholders include software development and IT operations teams, for certain, but also compliance, governance, risk, line-of-business and security teams.
At the technical level, DevOps requires a commitment to automated tools that keep projects moving within and between workflows. For example, automated testing, deployment and provisioning of infrastructure components can help accelerate project delivery and reduce errors.
DevOps also requires feedback and measurement that enables teams to continually optimize cycles and improve software quality and performance.
To adopt a DevOps culture, organizations must often break down silos and reorganize personnel into cross-functional, autonomous DevOps teams. These teams work on projects from start to finish (planning to feedback) without making handoffs to, or waiting for, the approval of other teams. In the context of agile software development, this accountability and collaboration are the bedrock of a shared focus on value and superior outcomes.
DevSecOps is short for development, security and operations. It is an extension of DevOps that includes cybersecurity practices and security teams at every stage of software development.
In the past, security was tacked onto the end of the development cycle, almost as an afterthought. A separate security team applied security measures, and a separate quality assurance (QA) team tested these measures.
DevSecOps integrates application and infrastructure security into DevOps practices and tools from the beginning of the software development lifecycle. It addresses security issues as they emerge, when they're easier, faster and less expensive to fix, and before deployment into production.
Because of this ability to speed software delivery, reduce costs and improve security postures, many organizations are now adopting DevSecOps as a standard approach to DevOps.
By bringing the work of developers and operations closer together, DevOps can boost efficiency and reduce workloads. Because developers and operations teams share workflows and responsibilities, there are fewer surprises as projects progress. Teams more clearly understand how their code is expected to perform in the runtime environment.
DevOps teams can deliver new code faster through increased collaboration and the use of microservices architectures, in which each application is composed of many loosely coupled and independently deployable components or services.
With microservices, separate teams can work on different components of new releases concurrently to speed development cycles. This approach drives continuous improvement, innovations and bug fixes to market sooner.
DevOps also accelerates and automates the process of building, testing and deploying software releases through the practices of continuous delivery and continuous integration. Organizations are able to adapt to market changes more quickly and better meet customer needs.
Automated testing helps ensure the quality and reliability of software and infrastructure updates. Monitoring and logging verify application performance in real time.
DevOps automation speeds the development, testing and production of code so organizations can scale faster and with greater efficiency.
For example, if an organization needs to quickly add more applications to meet business demand, DevOps eliminates the need for a long, slow, error-prone coding process to implement those changes.
With DevSecOps, security is integrated into the development process from the beginning, rather than retrofitted at the end. Teams build security testing and audits into workflows to help enforce security standards and track compliance with regulatory mandates.
To support DevOps methods and culture, DevOps implementations require specialized toolchains that enable asynchronous collaboration, seamless integration of DevOps workflows and as much automation as possible throughout the DevOps lifecycle.
Categories of DevOps tools include:
Version-controlled coding environments enable multiple developers to manage code changes, track changes and work collaboratively on the same code base. These code repositories typically integrate with CI/CD, testing and security tools through application programming interfaces (APIs), so when code is committed to the repository it can automatically move to the next step. Popular version control systems include Git (often used on GitHub), Apache Subversion and Mercurial.
The CI/CD pipeline helps automate core software development tasks such as integrating code, testing code quality, compiling and packaging code and deploying software. Popular tools in this category include Jenkins, CircleCI and TeamCity.
Containerization encapsulates apps in streamlined, portable packages called “containers” that can run on any platform. This capability makes containerization useful for the rapid release and management cycles of DevOps. Organizations often use open-source tools such as Docker and Kubernetes to help build, orchestrate and automate the deployment of containerized apps.
Most leading cloud providers, including Amazon Web Services (AWS), Google, Microsoft Azure and IBM Cloud®, offer some sort of managed DevOps pipeline solution that includes containerization tools.
Configuration management tools help DevOps teams configure infrastructure, software and applications in various IT environments. These tools automate configuration tasks such as the setup and deployment of hardware or applying software patches to ensure consistency, reduce errors and improve reliability. Popular configuration management tools include Puppet, Chef and SaltStack.
IaC uses a high-level descriptive coding language to automate the provisioning of IT infrastructure. Instead of instructing a system how to provision infrastructure, developers describe the desired end state, and the IaC software handles the rest.
This automation eliminates the need for developers to spend time and effort manually scripting IT infrastructure changes every time they develop, test or deploy a software application.
Popular IaC tools include Terraform, Pulumi and AWS CloudFormation.
Monitoring and observability tools help DevOps teams identify and resolve system issues, such as slow response times or excessive resource consumption. They also gather and analyze data in real time to reveal how code changes impact application performance.
Popular observability and monitoring tools include Prometheus, Datadog, IBM Instana®, New Relic and Splunk.
These tools gather feedback from users, either through heat mapping (recording users’ actions on the screen), surveys, polls or self-service issue ticketing. Some tools also monitor social media to collect user feedback and measure satisfaction with application updates.
Site reliability engineering (SRE) and DevOps are complementary strategies in software engineering that break down silos and lead to more efficient and reliable software delivery. DevOps teams focus on making updates and deploying new features while SRE practices protect the reliability of systems as they scale.
SRE combines DevOps and traditional IT operations to automate tasks that systems administrators might otherwise perform manually, such as production system management, change management and incident response. SRE seeks to transform the classical system administrator into an engineer.
SRE aims to balance an organization's desire for rapid application development with its need to meet performance and availability levels specified in service level agreements (SLAs) with customers.
Site reliability engineers achieve this balance by determining an acceptable level of operational risk caused by applications, called an “error budget,” and automating operations to meet that level.
On a cross-functional DevOps team, SRE can serve as a bridge between development and operations. SRE provides metrics and automation tools to help teams push code changes and new features through the DevOps pipeline as quickly as possible, without violating the terms of the organization’s SLAs.
Artificial intelligence (AI) and machine learning (ML) are rapidly transforming the world of DevOps. With the ability to automate tasks and analyze complex processes, these technologies help make DevOps faster, more reliable and more secure. According to the IBM Institute for Business Value, 25% of application developers and 40% of application testers say AI and automation have increased their productivity.
Some of the functional areas of impact include:
AI can analyze large amounts of data to predict and address process issues such as application failures or process bottlenecks before they happen. For example, AI can predict surges in network traffic and automatically provision more resources to help prevent service interruptions or system outages.
AI can identify security vulnerabilities in applications and infrastructure, and scan event logs to detect potential threats in real time. For example, AI can spot suspicious activities that might indicate that a cyberattack, such as a data breach or supply chain attack, is likely to occur or already underway.
By identifying hidden bugs, performance issues and software anomalies, AI can help developers address application issues before problems escalate. For example, AI can flag issues that require attention, such as an unexpected spike in CPU usage or a failure across multiple microservices.
AI can review and test code to help ensure that it is ready for deployment faster than manual methods. For example, AI tools can analyze code changes to spot potential bugs or identify security vulnerabilities that were unintentionally created during a software update.
DevOps processes and tools continue to expand and evolve to address the latest challenges in IT and business. Some of the technologies and practices that are driving the future of DevOps include:
Platform engineering is the discipline of creating and managing platforms with standardized tools, automated workflows and consistent environments to boost developer productivity. Platform engineering can increase productivity and speed DevOps processes by providing teams with self-service capabilities for tasks such as provisioning resources, configuring software and containerizing applications.
Observability is the ability to understand the internal state or condition of a complex system based solely on knowledge of its external outputs, specifically its telemetry. Observability tools can provide deeper insights into system behaviors than traditional DevOps monitoring practices, which focus on predefined metrics.
With their ability to isolate root causes and proactively identify issues in complex systems, observability tools are becoming increasingly vital components of DevOps workflows.
Low-code and no-code tools empower people with limited coding knowledge to participate in DevOps workflows. With drag and drop interfaces, business users can build apps without the need for traditional coding. This approach streamlines the creation and delivery of applications designed to satisfy specific business needs.
Harness the power of AI and automation to proactively solve issues across the application stack.
Use DevOps software and tools to build, deploy and manage cloud-native apps across multiple devices and environments.
Accelerate business agility and growth—continuously modernize your applications on any platform using our cloud consulting services.