Automated Data for DevSecOps

Automation in DevSecOps transforms the practice of building, deploying, and managing software intensive programs. Although automation supports continuous deployment and rapid builds, manual collection of information delays program status metrics and the decision they are intended to inform by weeks. The emerging DevSecOps metrics such as deployment rates and lead times provide insight to how the software development is progressing but fall short to in terms of replacing program control metrics for assessing progress (e.g., burn rates against spend targets, integration capability target dates, and schedule for the minimum viable capability release. By instrumenting the DevSecOps Pipeline and the pipelines supporting environment continuous measurement of status, identification of emerging risks, and probabilistic projections is possible and practical. This paper discusses research on the information modeling, measurement, metrics, and indicators necessary to establish a continuous Program control capability which can keep pace with DevSecOps management needs. The importance of interactive visualization dashboards targeted to addressing program information needs is discussed. We will also address gaps in the current state of the practice and barriers we have identified. Finally, we present examples we recommend needed future research based on our initial findings.