For enhanced software delivery performance, continuous integration and continuous delivery have proven to be pivotal.

Even though security and traceability are closely related, the CD ecosystem lacks interoperability because of the absence of a common language, according to Fatih Degirmenci (pictured, left), executive director of the CD Foundation at The Linux Foundation.

“Interoperability helps you track your steps from the deployment back to commit,” Degirmenci said. “I personally think interoperability and security go hand in hand. If you don’t have interoperability, you can’t trace back to the origin of the problem. What interoperability brings into picture is to remove this complexity and actually make sure all these different types of technologies can speak on the same language.”

Degirmenci and Gerard McMahon (right), head of ALM tools and platforms at Fidelity Investments, spoke with theCUBE industry analyst John Furrier and guest analyst Rob Strechay at Open Source Summit NA, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the state of the CD ecosystem and the innovations needed to push it forward.

How SBOM fits in the security picture

Since security starts with the developer, it should happen across every stage and be continuous. As a result, software bills of materials, or SBOM, is emerging as an important element in software security because it enables identifying and tracking of different components, according to McMahon.

“It allows us build tooling, build monitoring, build observations on our security posture no matter what stage of the [software development lifecycle],” he added.

For interoperability to be achieved, different technologies should be integrated into a single platform. Adopting CDEvents also helps attain this objective, as illustrated by an experimental controller called Tekton, Degirmenci pointed out.

“If you think Jenkins and Spinnaker, many organizations use these two technologies together,” he said. “Jenkins is for CI perhaps, Spinnaker for continuous deployment on sites … and this will allow them to use these different technologies together seamlessly because of this CD advance protocol.”

Platform engineering as a game-changer

In the cloud era, platform engineering is surfacing because of the emergence of microservices and infrastructure as code. As a result, Fidelity uses this concept to enhance developer productivity, according to McMahon.

“The complexity and the amount of work that every application team has to do are getting greater and greater, and it’s reducing the amount of time we’re spending on business value,” he said. “So, platforms enable us to provide platforms for developers to use in order for them to just focus on business.”

Since CD is a big part of platform engineering and supply chain, Fidelity contributes to this ecosystem through open source. The open-source approach also makes the code trustworthy, according to McMahon.

“Open source brings the world of many thousands and thousands of developers from all over the world with all different experiences, and essentially they create better code,” he noted. “We’re an end-user member of the Continuous Delivery Foundation, and one thing we contributed recently as part of CDEvents was Jenkins plugin.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of Open Source Summit NA:

Photo: SiliconANGLE