Software Development Lifecycle (SDLC)

On this page

Definition

The modern Software Development Lifecycle (SDLC) consists of multiple phases. It starts with planning an idea and ends at measuring the metrics of running it in production.

Most important organizational process

Every company is becoming a software company. Therefore, the SDLC is becoming the most important organizational process. Effective software development is an essential skill to create value, attract great people, and keep applications secure. To enable this skill, organizations are adopting SDLC stacks that help this workflow.

Stacks

There are a couple of organizations that are building a stack for the SDLC. Below, we've listed the stages of the DevOps toolchain, product categories, and the products from the different vendors.

Stage Product category GitLab GitHub Atlassian self hosted / SaaS Legacy Open Source
Plan Portfolio management GitLab Portfolio management n/a JIRA Portfolio n/a
Plan Issue tracking GitLab Issues GitHub Issues JIRA / Trello Redmine
Create Version control GitLab SCM GitHub BitBucket Server / .org SVN
Create Code review GitLab SCM GitHub Crucible / BitBucket.org Gerrit
Verify Continuous integration GitLab CI Travis CI Bamboo / BitBucket CI Jenkins CI
Verify Security testing GitLab SAST Snyk n/a SonarQube
Package Container registry GitLab Container Registry Docker Trusted Registry n/a Jfrog Artifactory
Release CD/Release automation GitLab CD Codefresh Bamboo / BitBucket Deployments Jenkins Pipeline
Configure Configuration management GitLab Secret variables n/a n/a / Environment variables Puppet
Monitor Monitoring GitLab Metrics New Relic n/a InfluxDB

Interfaces

Below we've listed interfaces that are needed between the different product categories. They are sorted by product category as listed above, with the earlier product category listed first.

  1. Issue tracking <=> Kanban boards, preferably they show the same issues.
  2. Issue tracking <=> Version control, close issues when you merged code in your branch.
  3. Issue tracking <=> Code review, the code review has a link to the issue it is related to.
  4. Issue tracking <=> CD/Release automation, see which changes are implemented by which deploy / are live and where.
  5. Issue tracking <=> Monitoring, link the initiave to the impact on metrics.
  6. Kanban boards <=> Version control, close issues when you merged code in your branch.
  7. Version control <=> Code review, the code review happens on a branch that is updated.
  8. Version control <=> Continuous integration, run CI automatically on the default branch, see CI status per branch.
  9. Version control <=> CD/Release automation, see whether a particular commit is live somewhere.
  10. Version control <=> Security testing, see whether a commit is vulnerable / with out of date dependencies.
  11. Code review <=> Continuous integration, see the test results in the code review screen.
  12. Code review <=> Security testing, see the test results in the code review screen.
  13. Code review <=> CD/Release automation, see and control pushing to new environments in the code review screen.
  14. Code review <=> Monitoring, see the effect of a code change on the metrics.
  15. Continuous integration <=> Security testing, run security testing as part of CI.
  16. Continuous integration <=> Container registry, push the container that is built to the registry.
  17. Continuous integration <=> CD/Release automation, deploy if green, or don't deploy when red.
  18. Continuous integration <=> Configuration management, configure the testing.
  19. Security testing <=> CD/Release automation, prevent insecure code from being deployed.
  20. Security testing <=> Container registry, scan the container registry.
  21. Container registry <=> CD/Release automation, pull the container.
  22. CD/Release automation <=> Configuration management, configure the deployment.
  23. CD/Release automation <=> Monitoring, see the release in the monitoring.
  24. Configuration management <=> Monitoring, configure the monitoring.

Strategies

  1. GitLab covers all the DevOps product categories with the emergent benefits of a single application and
  2. GitHub follows a marketplace strategy where other vendors cover most of the product categories, this doesn't have the advantages of a single application.
  3. Atlassian covers most of the product categories but the user or reseller has to integrate them; this doesn't have the advantages of a single application.

Pricing

Delivery

Subject GitLab GitHub Atlassian
Preferred platform Kubernetes Heroku n/a
Single tenant install (self-managed) Integrated Needs other products Separate products, CI/CD not actively developed
Multi tenant install (SaaS) Integrated Needs other products Includes CI/CD, issues in JIRA, no monitoring

Cloud native workflow

Cloud native means developing applications to run in the cloud. The platform for deploying these applications is switching from Virtual Machines (AWS) to Container Schedulers (Kubernetes). Cloud native applications are split up into micro services. This means one application consists of many services that have their individual project and code base. To handle these cloud native workflows GitLab has sub-groups, Auto DevOps, and multi-project pipelines.

An integrated product brings emergent benefits

GitLab is the only integrated product for the SDLC; all others are combinations of different products. Having one product makes for a much better user experience because there is one UI, better security because of consistent permission settings, and less time spent on administration and integration. Apart from that, this 'development operating system' has some emergent properties that wouldn't be possible otherwise:

These emergent properties allow the following emergent benefits:

Open source is the future of software development

GitLab is developed out in the open with most code available under an open source license. This allowed more than 2,000 experts to contribute their process in the form of code. GitLab distills the greatest collection of DevOps best practices into a cloud native workflow. Our integrated product allows you to stand on the shoulders of many experts.