- Deployment time/speed must be less than an hour.
- Mean time recover (MTTR) must be less than an hour.
- Lead time change must be less than an hour.
- Change Failure Rate (CFR) – value for this would be less than 15%.
- Jenkins runs static code analysis (SAST) on each code checking to validate the code conforms to the established lexical, syntactic, and semantic ruleset.
- All production deployments must have a ticket number. Deployers must input the ticket number into the Jenkins build pipeline system for code to be deployed into production.
- All production deployments are logged and published through information radiators.
- Jenkins records all deployments, as well as all corresponding tickets and the results of all automated and manual tests, release notes, service incidents, peer reviews, and signoffs.
- All code is automatically validated through defined controls prior to production deployment to prevent developers from inserting “back doors” or vulnerabilities into production.
- Automated security testing of the code and environment is performed as part of the deployment pipeline.
Related Posts
Mission Critical Workload Architecture Design Areas
The design areas are interrelated and decision made within one area can impact or influence […]
Business Continuity and Disaster Recovery
Below is the ideal solution to setup the production with disaster recovery design and high […]