As organizations adopt DevOps practices, they typically select a series of DevOps practices and improve along a maturity curve, where specific practices and processes are improved first, followed by others. No organization goes from zero to fully mature DevOps in one step, it's a journey of continuous improvement.
Typical maturity models are complex, multidimensional constructs which are used to measure maturity, plan improvements and in some cases document the organizational effectiveness. The traditional 5 level model (Initial, Managed, Defined, Quantitatively Managed, Optimizing) is perhaps overly complex for describing the maturity of an organization on their DevOps Adoption.
We can define a simpler model, something similar to this three-level model for Continuous Delivery Maturity: http://bekkopen.github.io/maturity-model/.
This simplified DevOps Maturity Model descibes a typical sequence of evolving DevOps maturity where the focus started with improving development practices, then focuses on how they deploy and release consistently, finally focusing on how the organization optimizes the end-to-end lifecycle.
|Starting to adopt DevOps, development teams focus on their core software development practices to streamline and accelerate their ability to organize and create software. Specifically, they focus on adopting modern development practices, source code management, automating build and testing to make their work more consistent and responsive to change.||Building on stable, iterative, and repeatable development practices, teams scale and extend these practices to address the challenges of delivering code to production, bridging the gap with automated configuration, deployment, and release of applications to end users.||With a maturing DevOps lifecycle, teams focus on optimizing their business value, leveraging end-to-end feedback, monitoring, and insight to streamline and improve DevOps practices. They identify and address constraints, such as security testing, where they tune and improve their processes; increasing velocity, quality, and security.|
|Primary emphasis for teams adopting DevOps.||Primary emphasis for teams scaling their DevOps transformation.||Primary emphasis for organizations optimizing the value from their DevOps lifecycle.|
|Consistent modern development processes (typically agile) and collaboration to keep the team in sync with the project goals and changing business priorities.||Consistently packaging and managing their binary assets makes it easy to deploy the right version to the right environment.||Understanding cross team and cross organizational issues to optimize and manage their portfolio of projects|
|Sharing common code repository for distributed version control and branches so that team members have access to the most recent version of their code.||Automating the deployment and configuration of the application to ensure consistent, repeatable, and fast deploys.||Organizations develop and deploy dashboards to monitor and track key business metrics and KPIs so they can remove constraints that slow down value delivery.|
|Automating build and testing to ensure their code is consistently built and tested.||Extend automated testing to incorporate extensive functional, performance, and acceptance testing.||Many organizations realize that a common constraint is Security Testing, which is often deferred to late phases in the development project. This often results in re-work and delays. A strategy to address the constraint is to shift security testing left and make it part of every build.|
|Adopting continuous integration to ensure each commit is built, tested, and validated.|
|Collecting data and insight about the effectiveness of their development processes.||Gathering data and insight about the effectiveness of the delivery processes.||Continuous improvement practices to analyze the value stream and identify opportunities to improve and optimize the flow from Idea to Production.|
Having the maturity model also helps to inform allignment of GitLab features to help teams address specific challenges they are facing. The following table describes how features map to the maturity model.
|Adopting / Starter||Scaling / Premium||Optimizing / Ultimate|
|Build / Test||Scaling||Security|
|Code quality||Disaster recovery||SAST|
|CI Statistics & Graphs||Live upgrade assistance||DAST|
|Include centralized CI definitions in projects||DB load balancing||Coming: RASP|
|Governance||Service desk||Coming: IAST|
|Admin control, Audit log||Coming: flaky tests||Dependency Scanning|
|Authentication (Kerberos, Multiple LDAP/AD server, Create and remove admins based on LDAP groups, LDAP group sync)||PostgreSQL HA||Coming: License Management|
|Approval flows (Merge requests approvals, multiple approvals)||GitLab Geo for distributed cloning||Optimize Velocity|
|Multiple assignees||High Availability support||Epics|
|Issue weights||Group issue boards||Roadmap|
|Burndown charts||Deployment||Cluster monitoring|
|Restrict push and merge, push rules, block secret push||Multi-project pipeline graphs||Coming: Ops dashboard|
|Group webhooks||Multiple Kubernetes clusters||Coming: Security dashboard|
|Remote repository mirroring||Deploy boards||Coming: Monitoring Alerts|
|Contribution analytics||Canary deployments||Coming: Tracing|
|Support||Custom metrics||Coming: Logging|
|Next business day support||Browser performance testing||Coming: Cloud Development|
|Coming: Load/performance tests||Coming: Value Stream Analysis|
|Coming: Binary repository||Coming: Feature flags|
|Coming: Automatic reverts||Coming: Production monitoring|
|Coming: Release trains||Coming: Error Tracking|