A guide to getting

started in DevOps
 2

Table of contents

03 Introduction 12 How DevOps solves real-world problems

04 What DevOps is and how it helps your company 13 Resources

05 Fundamental technologies and processes 15 About GitLab

09 Other key DevOps technologies you should understand

Start your GitLab free trial Follow us:

Introduction

With the number of organizations using DevOps growing

dramatically, it only makes sense that a lot of people on those
DevOps teams are new — some even really new — to the
technology and practice. According to GitLab’s 2023 Global
DevSecOps Survey, 56% of respondents reported using DevOps
or DevSecOps methodologies, up from 47% in 2022.

If your organization has recently adopted DevOps — or is getting

ready to make the switch — you may not be entirely familiar with
the tools and practices behind it. This guide will help you get
up to speed. We’ll explain what DevOps is (and isn’t), and key
technologies and terms you’ll need to understand, as well as why
collaboration is so critical. We’ll showcase an example of DevOps
working in the real world, and then explain why DevOps can help
your career and your paycheck. Finally, we’ve got an extensive
list of resources.

Let’s dive in.

Start your GitLab free trial Follow us:

 4

What DevOps is and how it helps your company

The first thing you should know about DevOps is that it’s all about By using automation, shifting security to the left, and making processes
empowering teams – enabling organizations to work collaboratively to repeatable and measurable, a DevOps platform leads to better software
develop and deliver secure software faster and more efficiently. For and reduces the time between designing new, higher-quality features and
many years, software development was anything but streamlined and rolling them out into production. And that maximizes the overall return on
efficient. Processes were siloed, leading to bottlenecks and costly software development.
delays, while security was, at best, an afterthought. DevOps sprung
from deep-seated frustrations with the old way of doing things, and And to talk about how DevOps works, you really need to talk about the
brought with it the promise of simplicity and speed. culture, or mindset, behind it. It’s not development as usual. The bedrock
of DevOps culture is collaboration and joint responsibility, along with a
We think DevOps is done best on a single end-to-end platform. focus on a constant cycle of rapid iteration, measurement, assessment,
A DevOps platform allows teams to move from, or avoid, an often and reevaluation. Again, it’s all about agility, and being able to learn and
complex and confusing multitude of tools by using a single, complete deploy fast. All of that leads to continuous, iterative improvements and
software development ecosystem, eliminating the need for team feature deployment.
members to jump from one tool to another, saving both time and
money. That ecosystem can be used to conceive, build, and,
ultimately, deliver better, more compliant and secure software more
efficiently, continuously, and at top speed. And that helps DevOps
teams be more agile, but it also provides more agility to the overall
business – enabling companies to more quickly meet customer
needs, remain compliant, stay ahead of competitors, and turn on a
dime to take advantage of changing business climates. So DevOps
is the engine that drives agility in both software development and
deployment, as well as in business.

Start your GitLab free trial Follow us:

 5

Fundamental technologies and processes

Stages of the DevOps process every commit, this process relies on security testing, code quality
analysis, parallel execution, and automation. Enabling developers to
A DevOps education isn’t complete unless you understand the lifecycle
find and fix flaws while they are developing has proven to be more
stages, which take the process from planning all the way through to
cost-effective and efficient.
launching new features, analysis, and gathering feedback.
• The Package stage comes after code has been created and tested.
As you work in DevOps, you’ll need to learn these phases since each one Packaging applications and dependencies, managing containers, and
is an integral part of the process. So, from a 40,000-foot view, there are building artifacts maintains a consistent software supply chain.
three overarching stages executed in a logical order – build, test, and
deploy. It’s the natural workflow. Build the code, then test it, and, if all is in • Release or deployment is about pushing code updates into the
working order, deploy it. production environment. With DevOps, releases can be deployed as
iterations are created, tested, and ready – and not as on a preplanned,
However, we need to dig deeper to uncover more complex layers of these static, bulk release date.
stages. Each one is a key driver to producing software and business value. • Configure is about setting up, managing, and maintaining application
Understanding and using this flow will create efficiency, reliability, speed, environments. Automated configuration management is designed to
and agility. Here is a closer look at nine key stages: handle these complex environments across servers, networks, and
storage systems.
• Plan is the stage of DevOps that encompasses everything that
happens before the first line of code is written. It’s about creating a • Monitor is a proactive, automated part of the process, focused on
product roadmap that guides upcoming development, helping the tracking software, infrastructure, and networks to trace status and
team organize resources and priorities, align, and track projects. raise alerts to problems. This increases security, reliability, and agility.

• Create is the first stage of the CI/CD pipeline. This is where code is • Protect is about securing your applications and their runtime
designed and developed using version control to coordinate changes environment, from intrusions, and new vulnerabilities.
made by multiple developers to the same code base. This is one of the
• Manage is about visibility and control across your end-to end software
keys to improving velocity.
development lifecycle by managing permissions, standardizing DevOps
• Verify is a process focused on confirming the quality of code. To get build and deployment processes, and automating guardrails to ensure
feedback quickly to developers and testers, and instant insights into security and compliance policies are met.

Start your GitLab free trial Follow us:

 6

What about security? Good question. That's the beauty of DevOps – Continuous Integration(CI)
security isn't an afterthought. It's part of EVERY stage of the process, This is the step that enables iteration by committing changes to a shared
from documenting requirements to automated testing to validating source code repository early and often — many times a day — and
those requirements. It ensures that new code and features actually work automatically testing each change and kicking off a build.
exactly the way they are designed, and that bugs, security threats, and
compliance issues haven’t been created. Continuous integration is all about efficiency. By automating manual work
and testing code more frequently, teams can iterate faster and deploy
These stages are all part of an ongoing cycle. All of the information new features with fewer bugs more often. Other benefits of CI include
created in these stages is instantly available through the platform to identifying and fixing problems more easily, less context-switching for
all participants, across stages, and provides a single source of truth your team, and happier users and customers.
for improved visibility and collaboration. Another key benefit of a
united platform is the ability to manage and control the entire software To get the most out of continuous integration, make sure your setup
development lifecycle from one place. includes these core elements:

What powers these DevOps stages • A source code repository with all the necessary files and scripts to
create builds.
Source Code Management (SCM)
This is how a repository of code is shared among many developers • Automated builds with scripts that include everything you need to
without one person’s changes negating another’s. The code is divided build from a single command.
and managed into projects and groups of projects. An individual
developer checks out existing code or adds code to what’s there and • Self-testing builds that automate your policies (for instance, fail if any
the SCM tool identifies conflicting edits to the same code and flags it test fails).
for resolution. This process allows multiple developers to work on one
project at once, a key to increasing the velocity of software updates. • Frequent commits and iterations so there are fewer places for
DevOps thrives on Git repositories, an important distinction from old- conflicts to hide.
school version control systems, because of the powerful capabilities
their modern architecture enables. • Stable testing environments that accurately reflect the production
environment.

• Visibility so every developer can access the latest executables and

see any changes made to the repository.

Start your GitLab free trial Follow us:

 7

Continuous Delivery (CD)

Continuous delivery is a software development process that
works in conjunction with continuous integration to automate the
application release process. Once code has been tested and built
as part of the CI process, continuous delivery takes over during
the final stages to ensure it’s packaged with everything it needs
to deploy to any environment at any time. Continuous delivery can
cover everything from provisioning the infrastructure environment
to deploying the tested application to test/staging or production.

With continuous delivery, software is built so it can be deployed

to production at any time. Then you can trigger the deployments
manually or automate the process.

When continuous delivery is done well, your software release

processes become boring — that is, they are low-risk, consistent,
and repeatable. Then you can confidently plan release processes
and schedules, automate infrastructure and deployments, and
manage your cloud resources more effectively.

Automated testing
This is key to fully adopting DevOps and continuous integration
— and releasing higher quality code more frequently. With testing
built into your CI pipeline, every committed code change triggers a
build, and then the build runs tests to ensure the changes pass all
tests, policies, and code compliance standards you established for
your application. With this in place, bugs are identified earlier and
with greater context to simplify their resolution, your teams can
deploy more frequently and confidently, and you minimize manual
testing and reworking late in the process.

Start your GitLab free trial Follow us:

 8

Shifting security left Documentation

A fundamental process for successful DevOps is incorporating security Although sometimes overlooked, documentation is invaluable to
into the end-to-end automation. This is often referred to as DevSecOps. successfully implementing DevOps practices. Creating and maintaining
By integrating testing and the security review process earlier in the internal documentation for the services and applications that your team
software development lifecycle, there is more opportunity to adequately works on and what your DevOps process looks like can go a long way to
address any security issues. If security testing is treated as an improving your team’s performance and the software you put out. The
afterthought or doesn’t happen until code is ready for production, it can 2021 Accelerate State of DevOps Report noted that teams with higher
be difficult to go back and correct problems, and it’s often too late to quality documentation are 2.4 times more likely to see better software
fix them quickly and efficiently. This can lead to delayed deployments, delivery and operational performance.
vulnerabilities making it into production, greater technical debt, and
inefficient silos between security and the rest of the DevOps teams. Feedback
This is an essential piece of the puzzle as organizations should always
To shift security left, you’ll want to integrate security testing into your CI
be looking for ways to improve the user experience and the overall
pipelines so code is continually tested, not only against other commits
DevOps process. In traditional software development, the feedback loop
in the shared repository, but for overall security, as well. Some types of
can be a complex path to navigate. With DevOps, closer collaboration
security testing you may want to include early on in your development
and rapid iterations means teams have constant access to manageable
lifecycle include:
data, so they can incorporate feedback, tune their efforts, and deliver
improvements efficiently and quickly. Automating the process is a key
• Static Application Security Testing (SAST)
step since it will ensure the information is collected and distributed to the
• Dynamic Application Security Testing (DAST) right parts of the team, creating rapid adjustment to new code updates.

• Container and cluster image scanning

• Dependency scanning

• Secret detection

• Infrastructure-as-code (IAC) scanning

• API testing

Start your GitLab free trial Follow us:

 9

Other key DevOps technologies you should understand

When you’re getting up to speed with DevOps, there are several areas learning from and relying on others’ expertise. Being part of a true
where you should be sure to educate yourself and make sure you stay cu- DevOps culture also means being able to listen, stay calm under pressure,
rrent. Here are several areas you should understand and stay current on: create trust among team members, and be able to take ownership of a
situation or problem.

The cloud Collaboration, though, is about more than DevOps teammates working
If you’re working in DevOps, understanding the cloud is a good idea. together. It’s also about collaboration between DevOps and other parts
The majority of modern software depends on the cloud and cloud- of the business – members of the security team, marketing, finance,
native infrastructure, including containers and orchestrators, which help customer service, and the C-suite. Collaboration between DevOps
automate the process of software development and delivery. Applications and security, for example, is a way to integrate security into the entire
developed this way allow DevOps professionals to deploy anywhere and development process. Don’t make the mistake of dismissing this as a soft
to get the most out of multiple cloud platforms, or even private clouds skill that’s less important than technical skills. Develop key skills like
within their own data center. communication, knowing how to talk about business needs, and working
together to solve problems. In the 2023 Global DevSecOps Survey,
A cloud-native approach is more scalable because it distances the code
from the hardware it uses. To be able to help their companies and their
own careers, DevOps professionals need to understand cloud providers,
services, and platforms. And it’s a focus for a lot of DevOps professionals.
According to GitLab's 2023 Global DevSecOps Survey, cloud computing
was organizations’ top investment priority for 2023, and 71% of
respondents said they were running a quarter or more of their
applications in the cloud.

A culture of collaboration
You need to embrace collaboration. It’s a tenet of DevOps practice
and philosophy. By inviting discussion, input, and assistance from both
experienced and new team members, a culture can be built around

Start your GitLab free trial Follow us:

 10

39% of respondents said communication and collaboration skills are With automation, each task is performed identically and with consistency,
as important for professionals in their industry — beating out subject- reliability, and accuracy. This promotes speed and increases deliveries,
matter expertise (32%) and programming (32%) and ultimately deployments. While it doesn’t remove humans from the
picture, automation minimizes dependency on humans for managing
Key programming languages recurring tasks, such as monitoring for availability, performance, or
security problems; consistently configuring software environments;
DevOps engineers need to be able to code, but even more importantly,
testing new application versions against predefined quality standards;
they must consider the processes, tools, and methodologies used
integrating code; speeding deployments; aiding CI/CD testing software
across the end-to-end DevOps lifecycle stages identified above. Some
throughout the development process; and managing logs and
languages are more conducive to this end-to-end process than others.
documentation. Yes, there’s a lot to this.
There are a lot of programming languages out there so it can be a big
job to figure out where to start. First, you need to understand what your
According to the 2023 Global DevSecOps Survey, 63% percent of
DevOps teams need. What projects are being worked on, and what
respondents reported that their software development lifecycle was
languages are needed now, as well as what languages will be needed for
either “‘completely”’ or “‘mostly”’ automated. Another 32% said it was
future projects?
“somewhat” automated.” That means if you’re in DevOps, you should be
a student of automation.
Some of the most popular programming languages are Python, Golang,
Ruby, JavaScript, Perl, Java, Bash, and PHP. According to the Stack
Overflow 2022 Developer Survey, JavaScript was the most commonly
used programming language for the tenth year in a row, and HTML/CSS,
JavaScript, and Python were nearly tied as the most popular languages
for people learning to code.

Need some practice? Why not volunt r your coding time or

contribute to open source projects to fill out your resume?

Automation
DevOps teams are increasingly looking to automate processes
throughout the development and deployment lifecycle, so it only makes
sense that you understand how automation works and how to use it.
Automation, which cuts time and money spent on repetitive tasks and
eliminates human errors, streamlines the whole DevOps process.

Start your GitLab free trial Follow us:

 11

Monitoring Containers
As your organization’s application stack and the number of DevOps The DevOps world has gone all-in with containers, which basically are
teams working on it grow, the number of moving pieces will only packages of software code, its configuration, system libraries, runtime,
multiply. Keeping track of all of those pieces can be overwhelming. That and the rest of its environment. Containers hold everything needed for
makes continuous monitoring a requirement for being able to maintain the application to run, and they ensure that applications built in one
an end-to-end, real-time situational awareness of your ecosystem. environment run consistently and seamlessly in others, solving the
With DevOps, complex applications could be updated and deployed problem of how to get software to run reliably when moved between
every day – even multiple times a day. Sophisticated and automated environments. These modular units, or building blocks, are set up to
monitoring is a proactive way to cut down on bugs, improve deployment enable DevOps teams to build, test, deploy, and maintain applications
speed and efficiency, detect security threats and compliance issues, efficiently, with fewer resources, at top speed, and securely.
eliminate breaking changes, and maintain documentation. It’s used from
planning through development, integration, testing, deployment, and Since they easily can be shared between teams, they not only
even operations. speed development and deployment, but they feed into a culture of
collaboration, which is key in DevOps. And knowledge of containers
That means monitoring is not just a process needed by developers, but means understanding Docker, a popular application container technology,
also by project leaders and security teams. Monitoring doesn’t just track as well as Kubernetes, an open-source container-orchestration system
processes. It’s set up to raise alarms about performance and threats that controls how and where containers run.
throughout the pipeline.

DevOps teams that want to be on top of their game will increasingly be

using monitoring, so you should understand it.

Start your GitLab free trial Follow us:

 12

How DevOps solves

real-world problems

If you’re trying to figure out exactly how important and

transformational adopting DevOps can be for your company,
check out what a DevOps platform did for HackerOne. As
the world’s most trusted, hacker-powered security platform,
HackerOne gives organizations access to the largest community
of hackers on the planet. With a presence in more than 70 global
locations, the company found cross-functional collaboration
challenging. For instance, when developers on different
continents had to pick up where others left off on a code project,
lengthy pipeline times interrupted handoffs. With an engineering
team that had tripled, HackerOne needed to speed development
and deployment, reduce toolchain complexity, and enable teams
to efficiently manage multiple projects. They found a solution
in a DevOps platform. With a single, unified DevOps platform,
HackerOne’s teams were able to find code issues earlier in
the pipeline, work iteratively to resolve security flaws, and
simplify audits. They also increased deployments from once or
twice a day to up to five times daily, and saved four hours of
development time for each developer every week.

Start your GitLab free trial Follow us:

 13

Resources

Here’s a look at just some of the resources available to you out there:

Podcasts to help you dive in to DevOps Helpful books and eBooks

• The Humans of DevOps Podcast Series offers insights on things like • Seven Tips to Get the Most out of Your DevOps Platform This is an
upskilling, the art of DevOps, and women working in Devops. eBook from GitLab that focuses on making sure your team is poised to
get the most out of a DevOps platform.
• Arrested DevOps talks with top techies about the state of DevOps.
• Continuous Delivery One reviewer called this “required reading” for
• Real World DevOps talks with people who are organizing DevOps anyone working to tie the whole development and delivery process
conferences, writing related books or building tech. together.

• The Cloudcast is exactly what you’d expect – focused on all things • Practical DevOps talks about how DevOps works, and then moves into
cloud-related. code storage, code testing, and deployment.

• Greater Than Code focuses on both human and tech issues in • The DevOps Handbook is considered a go-to for anyone in the field. It
DevOps, and the tech field in general. not only talks about the advantages of DevOps, but what it can do to
give companies a competitive edge.
• Code Newbie Podcast is aimed at people just getting started with
software development. • GitLab Quick Start Guide is an eBook and a great guide for how to
migrate to the GitLab platform.
• DevOps Paradox has industry luminaries walk you through what
DevOps is all about. • Big Little Book on Git is an eBook that talks to both the experienced
DevOps professional and the beginner.

• Ten Steps Every CISO Should Take to Secure Next Generation

Software is a primer for security pros to understand how software
development changes impact security programs.

Start your GitLab free trial Follow us:

 14

Certifications Bootcamps and courses

• DevOps Institute offers certifications in areas such as development, • For a monthly fee, the online training platform A Cloud Guru offers
DevOps engineering, DevOps testing, and security engineering. cloud certifications. It’s set up to give users video content, hands-on
labs, learning tools, quizzes, and exams.
• GitLab has its own certifications in areas like CI/CD, project
management, and DevOps security. • LinkedIn Learning’s DevOps Foundations offers a solid knowledge
base for anyone new, or fairly new, to DevOps. Free to anyone
• Always go to the source. For training on using Google Cloud, for with a LinkedIn subscription, videos give users a rundown of the
instance, look to the company’s site for certifications. industry, along with key principles and technologies, like automation,
collaboration, monitoring, and culture.

• The DevOps Implementation Boot Camp, offered by consulting firm

Cprime, is a three-day course that starts at $1,695. Training is offered
in-person or live online. Private team training also is available.

• DevOps Culture and Mindset is run by the University of California,

Davis via Coursera, an online course provider. Fully online, the
approximately 15-hour course focuses on foundational principles of
DevOps. It’s free with a Coursera subscription.

• Continuous Delivery & DevOps is an online, beginner-level, 8-hour

course offered by the University of Virginia, through Coursera. It
focuses on continuous delivery, testing, and infrastructure as code.
It’s free with a Coursera subscription.

Start your GitLab free trial Follow us:

 15

About GitLab
GitLab is the most comprehensive, AI-powered DevSecOps Platform for software
innovation. GitLab provides one interface, one data store, one permissions model,
one value stream, one set of reports, one spot to secure your code, one location
to deploy to any cloud, and one place for everyone to contribute. The platform is
the only true cloud-agnostic end-to-end DevSecOps platform that brings together
all DevSecOps capabilities in one place.

With GitLab, organizations can create, deliver, and manage code quickly and
continuously to translate business vision into reality. GitLab empowers customers
and users to innovate faster, scale more easily, and serve and retain customers
more effectively. Built on open source, GitLab works alongside its growing
community, which is composed of thousands of developers and millions of users,
to continuously deliver new innovations.