CA Gen

Expand all | Collapse all

DevOps/DevSecOps & Gen

  • 1.  DevOps/DevSecOps & Gen

    Posted 03-03-2020 08:32 AM

    Following on from the Broadcom Webinar at the end of January I wondered what experiences have been had in the wider community about DevOps/DevSecOps and Gen.  We all know that the world of application development has changed significantly over the last 5 years.  The lines between traditional development and operations have been (rightly) redrawn.  The DevOps approach and introduction of supporting automation have enabled the CI/CD [continuous integration/continuous delivery] approach.  The missing bit of the jigsaw is the 'Sec' bit of DevSecOps.  For those of us who are old enough it is a similar argument to the one historically made about testing/quality assurance … include it as early as possible in the process provides the best return.  Nowadays, the idea that 'security' can be bolted on to an application at the end is somewhat dated and misguided.  As part of risk mitigation for businesses the question of security must be addressed throughout the process.  With that approach in mind the need for supporting tooling to enable its realisation will be understood and appropriate automation (eventually) provided.

     

    CA Gen has been/is viewed as a tool that fits more closely the traditional development approach.  Obviously, given the direction of application development it makes sense to consider the more modern approaches.  Absolutely, to enable CA Gen to be incorporated into a DevOps approach would start to make it more relevant (again) and maybe change the perception of it as a development tool.  Broadcom's focus initially for CA Gen is to focus on the mainframe, making use of tools such as Endevor amongst others.  Actively looking for a DevSecOps solution around Gen will obviously make Gen more relevant when considering today's updated approaches and current digital agendas.  But, focussing on the mainframe initially leaves a whole swathe of the Gen application landscape not catered for at the moment.  I am sure there are many organisations out there who would appreciate the insight of others who have been actively looking at this topic and how it relates to CA Gen.  I am sure there are probably other threads I am not aware of that have explored the subject at length. 

     

    It would be interesting to hear of any real-world experiences out there, to understand what the appetite is like and what successes have been had?  Obviously, if there are any lessons to be learnt it would be good to hear about those also, to avoid making the same mistakes.  Have you been able to adopt any products that provide the necessary automated support that would make a DevSecOps approach feasible?  Do you believe that incorporating CA Gen into a DevSecOps approach would change the perception of the tool, would it then be viewed as a relevant part of the future roadmap for organisations?



    ------------------------------
    Gen Portfolio Manager
    Jumar Solutions Limited
    ------------------------------


  • 2.  RE: DevOps/DevSecOps & Gen

    Posted 03-03-2020 09:44 AM
    Great topic, Kevin! Thanks for posting. I completely agree there are huge opportunities for CA Gen outside of mainframe too. I too am interested in hearing some real-world anecdotes. I'll be following this discussion closely. Thanks for kicking off the thread.

    ------------------------------
    Kim Peelman
    Product Owner, CA Gen
    Broadcom
    Plano,TX
    ------------------------------



  • 3.  RE: DevOps/DevSecOps & Gen

    Posted 03-03-2020 11:47 AM
    Our customers have been using GuardIEn to automate the generation/build/deploy parts of the development life-cycle for many years.

    We have integration with many standard tools like Endevor, ChangeMan, ISPW and Harvest as well as custom interfaces to other 3rd party or in house tools to further extend the automation of the release phase.

    For CI/CD, GuardIEn can automatically perform builds, for example overnight, either via it's internal scheduling tool or via web service APIs or command line interfaces.

    We have recently issued a paper on this: DevOps Tool Support for CA Gen

    --
    Darius Panahy
    IET

    ------------------------------
    Darius Panahy
    Information Engineering Technology Ltd
    ------------------------------