AWS Partner Network (APN) Blog

Building an end-to-end DevSecOps CI/CD pipeline with DXC’s Continuous Delivery Express solution

By Charles Christopher,Cloud Solution Architect — DXC Technology
ByKangkan Goswami,DevSecOps Solution Architect — DXC Technology
By Ravi Sankar Balusu,DevSecOps Solution Architect — DXC Technology
By Farook Babu,AWS Delivery Lead — DXC Technology
By Dhiraj Thakur, Solutions Architect — AWS

DXC-AWS-Partners-3
DXC Technology
Connect with DXC-1

Without a DevSecOps Continuous Integration/Continuous Delivery (CI/CD) pipeline, most customers face significant challenges in delivering microservices and UI applications securely and efficiently. This gap can lead to security issues, delayed releases, and increased vulnerability to threats because development, security, and operations are not well integrated. Recognizing these challenges, DXC has developed the Continuous Delivery Express solution to help customers implement a DevSecOps CI/CD pipeline. The solution ensures that automated deployment and security are integrated into the process, resulting in  faster releases and more secure applications.

In this blog, you will learn how DXC’s Continuous Delivery Express solution has helped customers build an end-to-end DevSecOps CI/CD pipeline for deploying containerized microservices and static UI applications in the AWS environment. It is particularly useful for those involved in cloud-native application development, as it provides guidance on how to seamlessly integrate security into the development process. The focus is on applying a DevSecOps approach to improve the security, efficiency, and overall effectiveness of deploying microservices and UI components in Amazon Web Services (AWS).

Current challenges and solution approach

Many of DXC’s customers adopt the cloud modernization approach and focus on implementing DevSecOps CI/CD pipelines. They deploy their applications on AWS and opt to leverage AWS native services to ensure seamless integration with their existing AWS environments, reduced deployment time, easy rollback, enhanced application availability, code-level security checks, and cost control. Most often, they have a requirement to enable continuous delivery of multiple front-end applications on Amazon S3, as well as numerous microservices, worker services, and schedulers on Amazon Elastic Kubernetes Service , Amazon Elastic Compute Cloud (Amazon EC2), and a number of AWS Lambda functions and other SaaS offering by AWS.

The key benefits of using AWS CodePipeline for CI/CD requirements include:

  • Seamless integration: AWS CodePipeline integrates with GitHub AWS services such as AWS CodeBuild, AWS CodeDeploy, Amazon Elastic Container Registry(ECR), AWS Lambda and Amazon S3, simplifying CI/CD setup and management.
  • Fully managed: As a fully managed service, AWS takes care of infrastructure, scalability, maintenance and updates, so teams can focus on development and deployment.
  • Security and compliance: AWS CodePipeline inherits the security capability of AWS including AWS Identity and Access Management for access control, AWS CloudTrail for audit logging, and Amazon Virtual Private Cloud (VPC) integration for network security, to ensure secure and compliant CI/CD processes.
  • Scalability and Reliability: AWS CodePipeline is designed scale with your workloads,  providing high availability and reliability through AWS’ global infrastructure.
  • User-friendly: The AWS Management Console, Amazon AWS Command Line Interface and AWS SDK provide simple interfaces for creating, managing, and monitoring pipelines. Pre-built integrations and step templates simplify the setup and customization of pipelines.
  • Cost-effective: With a pay-as-you-go pricing model, AWS CodePipeline is  more cost-effective than managing an on-premise CI/CD infrastructure, because it requires no upfront investment in hardware and no ongoing maintenance costs.

DXC Technology has leveraged AWS native services to develop the Continuous Delivery Express solution. This solution automates the creation of CI/CD pipelines for deploying various artifacts, including microservices on Amazon EKS, legacy applications on Amazon EC2, serverless functions on AWS Lambda, and frontend application on Amazon S3.

These automated CI/CD pipeline enables new services to be deployed very quickly and within minutes of developers checking the code, enhanced security assessment, accelerating time-to-market with little manual intervention. The solution scales easily to handle many deployments, meet growing demands and enable rapid updates. Seamless integration of AWS services with third-party tools via AWS CodePipeline’s plugin architecture provided flexibility and customization options. Amazon CloudWatch provided detailed monitoring, that provided real-time performance insights and helped us make proactive improvements. This combination of automated setup, fast CI/CD pipelines and strong security measures transformed our client’s deployment processes and resulted in high efficiency and agility.

Solution Architecture

The following diagram illustrates the solution architecture.

Continuous Delivery Express solution architecture diagram

Figure 1 : Continuous Delivery Express solution architecture diagram

The Continuous Delivery Express solution  is built using AWS native services.The following section provides the flow of the solution

  1. Developers write and commit code to a GitHub repository. This serves as the primary source code management system where all updates and changes are tracked.
  1. An AWS CodePipeline is triggered automatically whenever there is a new commit or a pull request to the GitHub repository. This pipeline orchestrates the CI/CD process by coordinating various stages, including build, test, and deployment.
  1. AWS CodeBuild compiles the code, runs unit tests, and checks for code quality. It integrates with SonarQube (running on an Amazon EC2 instance) to perform static code analysis, ensuring adherence to coding standards and identifying potential vulnerabilities or code smells.
  1. The code is scanned using DXC’s security services like CATA (Continuous Automated Threat Assessment) and ASoD (Application Security on Demand) along with Micro Focus Fortify for security assessments. These tools provide a security layer by detecting vulnerabilities in the codebase before it proceeds to the build stage.
  1. After successful build and security scans, a Docker image of the application is created. This image is then pushed to Amazon ECR (Elastic Container Registry) for versioned storage. This ensures that the image is securely stored and can be used in different deployment environments.
  1. AWS CodeBuild is used again for deployment preparation, such as running additional tests or scripts required for the deployment process. AWS CodeDeploy then manages the deployment of the application to various environments, ensuring a consistent and automated deployment process.
  1. The application is deployed to different environments:
    • Production environment: Includes resources like Amazon EKS (Elastic Kubernetes Service), S3 for static content, AWS Lambda for serverless functions, and EC2 for virtual servers.
    • Non-Production environment: Similar to production but may use different configurations for testing and development purposes.

Amazon CloudWatch is integrated into the pipeline to monitor the application and infrastructure in real-time. It collects and tracks metrics, collects and monitors log files, and sets alarms. This helps in proactively identifying and resolving issues, ensuring the stability and performance of the application.

AWS CodeBuild metrics

This section shows an overview of AWS CodeBuild performance metrics, making it easy to track build activity and success rates. It helps quickly spot trends in build efficiency and failures, which is crucial for keeping a reliable CI/CD pipeline.

AWS CodeBuild Metrics

Figure 2 : AWS CodeBuild Metrics

The diagram shows part of the dashboard with some of the build metrics such as

  • Successful builds
  • Failed builds
  • Build duration

Customer benefits

The Continuous Delivery Express solution  helps the customer to quickly build a DevSecOps CI/CD pipeline that  offers several benefits:

  • Increased security: By integrating security measures into the development and operational processes, the DevSecOps CI/CD pipeline ensures a proactive and continuous security approach that reduces the risk of vulnerabilities.
  • Fast and reliable deployment: The automation capabilities of the DevSecOps CI/CD pipeline enable faster and more reliable deployment of applications, allowing customers to deploy new features and updates in timely manner. This solution guarantees reliable deployment with robust rollback mechanisms that swiftly address any issues without affecting the application. It also supports A/B deployments, allowing for a controlled and gradual release of new features by routing traffic between different versions for real-time comparison and monitoring.
  • Collaborative environment: The Continuous Delivery Express solution encourages collaboration between teams and creates a culture where development, security and operations work seamlessly together. This ensures that security aspects are integrated into the entire development cycle.
  • Cost effectiveness: Identifying and fixing security issues early in the development process can be more cost-effective than fixing them later. DevSecOps CI/CD pipeline helps identify and remediate potential security threats in the early stages, reducing the overall cost of security incidents.
  • Continuous compliance monitoring: For organizations subject to certain regulations and compliance standards, DevSecOps CI/CD pipeline facilitates continuous monitoring and reporting, ensuring ongoing compliance.
  • Increased application reliability: DevSecOps’ continuous testing and monitoring components contribute to overall application reliability, resulting in fewer interruptions for customers.
  • Agility and innovation: DevSecOps practices promote agility and innovation by enabling faster development cycles and the ability to respond immediately to changing customer needs and market dynamics.

Conclusion

This post has described how the DXC’s Continuous Delivery Express solution uses AWS services to set up a DevSecOps solution on AWS that is suitable for the delivery of UI and microservice applications,  DXC’s Continuous Delivery Express stands out by offering a customized approach that surpasses traditional CI/CD implementations. Unlike standard pipelines, this solution integrates a DevSecOps framework, embedding security at every stage to ensure compliance and mitigate risks from the outset. Leveraging DXC’s extensive AWS expertise, it delivers automation and scalability that are precisely aligned with the needs of enterprise-level deployments. The result is a faster time-to-market, reduced operational overhead, and a robust, secure, and resilient delivery process that evolves with the demands of modern cloud-native applications. DXC deployed the Continues Delivery Express solution for multiple customers to meet their requirements.
Contact DXC Technology | Partner Overview | AWS Marketplace | Case Studies