When you first hear about Value Stream Management, you might think of metrics, Key Performance Indicators (KPIs), and visibility, but HCL Accelerate is taking it up a notch with the release of 2.1.
In 2.0 we provided a single place where a user could manually approve or deny a version, but we knew we could make the experience better. So, we quickly enhanced gates by leveraging our DevOps data lake and our deep complex relationships of data to introduce Security and Quality Rules.
For many dev teams, pipelines are the Wild West with disjointed CI/CD tools and complex process, which creates an area where information can be lost. For example, you could have a situation where the Pull Request that was not planned actually got included in the final build for the release. Then, this small change could have introduced a catastrophic vulnerability. Since no one was expecting a change to go in because there was no Work Item, no one went back and checked the Security Vulnerability results before it was too late.
These are the things that keep most of us up at night! Even worse is when we have to delay the release to go check the reports in the tools, contact another department, wait for a response…you get the point. The only way to go faster with better quality is to automate the process. Let’s dive into what you can do with automated rule-based gating.
The first thing you will notice is that the new rules build upon the manual rules from 2.0, which allows you to start small and set goals. A lot of our customers have been using this in BETA mode. They did not have all their tools hooked up to HCL Accelerate but used manual rules to start with setting goals of what tools they need and when they could hook up the ones they have. On that note, if you are looking for an application security scan tool, I highly recommend AppScan – the results you get are going to work seamlessly with HCL Accelerate!
Automated rules can check all sorts of metrics that you are familiar with in HCL Accelerate, such as Code Coverage, Functional Test, Unit Test, Application Vulnerabilities, Container Vulnerabilities, Static Code Analysis, and much more. The best part is once these are set, you can trust that no version will pass through these gates unless they meet the criteria because they run fully automated analyzing the data tied to the version. Don’t worry though – we have all had to ship code so there is always an “Are you sure?” work around, but it will be captured in the Audit Report. This feature is really to put the checks and balances in place to make sure that your team has full autonomy to release to the customer as fast as possible, while also making sure no one is lying awake saying “did I look at the right build when I said there were 0 Blockers?”
As always, reach out to me or anyone on my team with questions. We would love to give you a demo and show you how HCL Accelerate and Value Stream Management can make your teams stop focusing on tasks and deliver more value.