Book Image

Learning DevOps

By : Mikael Krief
Book Image

Learning DevOps

By: Mikael Krief

Overview of this book

The implementation of DevOps processes requires the efficient use of various tools, and the choice of these tools is crucial for the sustainability of projects and collaboration between development (Dev) and operations (Ops). This book presents the different patterns and tools that you can use to provision and configure an infrastructure in the cloud. You'll begin by understanding DevOps culture, the application of DevOps in cloud infrastructure, provisioning with Terraform, configuration with Ansible, and image building with Packer. You'll then be taken through source code versioning with Git and the construction of a DevOps CI/CD pipeline using Jenkins, GitLab CI, and Azure Pipelines. This DevOps handbook will also guide you in containerizing and deploying your applications with Docker and Kubernetes. You'll learn how to reduce deployment downtime with blue-green deployment and the feature flags technique, and study DevOps practices for open source projects. Finally, you'll grasp some best practices for reducing the overall application lead time to ensure faster time to market. By the end of this book, you'll have built a solid foundation in DevOps, and developed the skills necessary to enhance a traditional software delivery process using modern software delivery tools and techniques
Table of Contents (23 chapters)
Free Chapter
Section 1: DevOps and Infrastructure as Code
Section 2: DevOps CI/CD Pipeline
Section 3: Containerized Applications with Docker and Kubernetes
Section 4: Testing Your Application
Section 5: Taking DevOps Further

Analyzing code with SonarCloud

In Chapter 10, Static Code Analysis with SonarQube, we explained the importance of implementing static code analysis practices. For open source projects, code analysis is more important because the source code and its binaries are published publicly.

One of the roles of open source is to provide code and components that can be used in enterprise applications, so this code must be written correctly and without any security fails.

In this book, we have discussed that SonarQube, with its installations and uses, is one of the major tools that allows code analysis for enterprise applications. However, it requires the installation of an on-premises infrastructure, which is more expensive for a company.

For open source project code analysis, it is possible to use SonarCloud (, which is exactly the same product as SonarQube but comes...