DevOps and DevSecOps Transfomation Services

Achieve greater agility and delivery velocity by shifting development, quality, and compliance activities left!

DevOps / DevSecOps Transformation

GitLab is the single DevOps Value Stream Delivery Platform that helps companies increase operational efficiency, deliver better products faster, and reduce security and compliance risk. Many companies are undergoing digital transformations and are building or optimizing their DevOps and DevSecOps processes to enable faster value delivery.

GitLab Professional Services has helped hundreds of customers speed up their digital transformation by optimizing the DevOps and DevSecOps processes, realizing significant savings both in terms of cost as well as faster time to market windows. We have decades of experience working with hundreds of companies in similar positions as yours to help you transform to modern ways of working.

Problem to solve

Do any of these common pain points describe the situation at your company?
  • You established a DevOps or DevSecOps process but you are still delivering at the same pace you did before your digital transformation started
  • Your sofware quality has not improved
  • You are still experiencing frequent security issues
  • You have no way to enforce compliance scanning across all applications
  • Security is considered "after the fact", causing release delays or security vulnerabilities to slip out to production
  • Your DevOps tools are a complex patchwork of point solutions and have become difficult to administer, maintain, and upgrade
  • Your application teams spend too much time creating and refining pipelines for common workflows
  • You are unable to remediate a security vulnerability across your application portfolio due to the lack of standardized processes
  • Your software supply chain poses significant risks due to the lack of visibility into your software bill of materials (SBOM)
  • Your audit process is exceedingly painful because you are dealing with multiple scanning tools owned by multiple groups and you have no single place to manage compliance
  • Compliance happens outside of the developer habit loop, is mostly manual, and requires constant context switching

Who is this service for?

  • Customers who need to counter competitive pressures by shortening their time to market windows
  • Customers who have a history with legacy Continuous Integration (CI) or DevOps tools and want to ensure a smooth transition for their teams to a modern single-platform architecture
  • Customers who are looking to improve the stability of their CI/CD platform and increase the efficiency of building, testing, securing, packaging, and deploying software
  • Customers who are interested in speeding up their value delivery by shifting activities left as part of the daily habit loop of their development teams

Service Components

Activities

Outcomes

Discovery Interviews We collect information about organizational views and understanding of your transformation across your workforce in a series of one-on-one and group interviews; focus is usually on key contributors and management stakeholders
Discovery Surveys We collect information about organizational views and understanding of your transformation across your workforce through an anonymous surveys; focus is usually broad across the development organization - validates issues identified in the Discover Interviews activity
Value Stream Mapping We will work with development and functional departments to identify bottlenecks in the currently existing end to end development and / or business process. Special attention will be given to reviewing lead / wait times and how to eliminate those by either process adjustments or automation. The focus of the VSM activity is to document the current process and highlight bottlenecks
Current Tool Chain Assessment We will review the existing toolchain (if GitLab based or otherwise), document it, identify how the toolchain works with aforementioned development value stream, and identify improvement areas (integrate with GitLab, replace with GitLab) along the development value chain
Best Practice Assessment We will assess the existing development practices and compare them to 20+ acknowledged software development best practices (trunk based development, unit test, test automation, coverage, CI/CD pipelines, code quality, security scans, deployment automation, etc.) that have proven to deliver high quality software in DevOps environments
Gap Analysis and Evaluation Report We will document the current “As-Is” situation vs. the ideal “To-Be” GitLab platform usage and summarize our recommendations, including expected cost savings and next steps
Planning and Coordination We will create and maintain a high level project plan that clearly lays out all selected pilot projects, planned activities, dependencies, and key milestones
Migration Service - Congregate We use our Congregate migration tool to move data from many different Source Code Management (SCM) and Continuous Integration (CI) systems into a GitLab Self Managed (SM) instance hosted in the customer data center/cloud or GitLab.com. Congregate gathers (meta) data from source system(s), transforms and down-selects it to prepare for migration, and migrates the data into the destination GitLab instance.
Pipeline Enablement We review existing pipelines and publish new pipeline jobs as templates in GitLab CI. We establish a trusted, container-based compute ecosystem that processes all of your CI/CD workloads. We deploy a pipeline template framework and work with your application teams to customize it to fit the technologies that you are already using. We establish a compliance framework to enforce execution of scanning jobs required for compliance.
GitOps We will work with pilot teams to establish GitOps, which involves managing your IT infrastructure using practices well-known in software development such as version control, code review, and CI/CD pipelines. Infrastructure teams that practice GitOps use configuration files stored as code. Similar to how application source code generates the same application binaries every time it is built, GitOps configuration generates the same infrastructure environment every time it is deployed.
InnerSourcing One of the largest benefits of InnerSourcing is that it leads to higher levels of knowledge reuse. We will work with pilot teams to showcase the power of knowledge reuse across the organization by drawing from existing company knowledge. We advise on innersourcing collaboration and communication best practices to ensure a flourishing developer experience, enabling the company to fully access all existing expertise within their existing teams.
DORA Metrics / Dashboards DORA's State of DevOps research program represents seven years of research and data from over 32,000 professionals worldwide. It is the longest running academically rigorous research investigation of its kind. GitLab supports the four key DORA metrics (Deployment Frequency, Change Lead Time, Change Failure Rate, Time to Restore Service). We will ensure correctness of DORA metrics and utilize GitLab dashboards out of the box - this activity is dependent on GitLab adoption across the development life cycle. Alternatively, we can assist with ETL integration tasks for dashboard build-out into existing BI analytics data stores.
Value Stream Reassessment - Opportunity Review Based on customer needs GitLab will conduct a Value Stream reassessment, either on-demand or based on a predetermined schedule

Pricing and Duration

Work with a GitLab Professional Services Engagement Manager to understand specific scope and duration that is tailored to your situation. The DevOps / DevSecOps Transformation Service is a custom consulting engagement and will require custom pricing and SOW.

Interested in GitLab Professional Services? Get in touch.

Open in Web IDE View source