Develop with DevOps

DevOps foster close collaboration between developers and IT operations, resulting in faster releases, higher quality, and greater efficiency. It supports automated processes, improves monitoring and troubleshooting, and leads to better collaboration and communication. With DevOps, we thus aim to improve software quality, the speed of development and delivery, and the interaction between the teams involved.

GitOps

Following the modern GitOps philosophy, we check in all possible dependencies with the code and also include most technical documentation in the Git repositories. This way, we minimize the time spent setting up dependencies, finding documentation, or getting an important script from a collaborator.

DevOps Toolchains

Soxes has hands-on experience with all the major development toolchains, in particular

Azure DevOps
Bitbucket /Jenkins
Gitlab
Github

Our internal toolchain is either Bitbucket or Azure Repos for version control and Azure Pipelines for CI/CD. soxes maintains an extensive library of pipeline templates for Azure Pipelines that our customers can access through their own infrastructure. The customer environment receives the pipeline descriptions from the soxes library and populates the specific parameters and secrets. Then the compiled pipeline is executed on the customer’s chosen infrastructure. This solution is fully compliant, soxes does not have access to customer data or secrets at any time.

Code analysis

soxes uses modern tools to analyze the solution both statically and dynamically. Our core tooling includes:

SonarQube Enterprise for source code analysis.
OWASP Dependency Check to identify vulnerable dependencies during the development process
OWASP CycloneDX and Dependency Track for complete software bill of materials and vulnerability analysis throughout the software lifecycle.
OWASP ZAP Attack Proxy to identify vulnerabilities during runtime. We use both automated runs for regular scans and manually configured runs for deep targeted attacks.

Infrastructure as Code (IaC)

Soxes supports Terraform and Pulumi projects of varying complexity, from Azure Web Apps to security-critical Kubernetes clusters in regulated industries. With Infrastructure as Code, we eliminate most of the differences between our development environments and the life system. The only remaining difference is the data the solution uses. Our IaC mechanisms also take automated database migrations and test their functionality, eliminating a common source of errors during rollout to production.

Automated tests

Automated module and system tests are the key to fast release cycles without compromising quality. They enable our customers to perform extensive UI, API and load testing at will with DevOps as a Service.

Thanks to our extensive experience and state-of-the-art tools with ready templates, we can quickly set up new automation pipelines. Using gitOps makes it easier for developers to get started, as all knowledge and tools are provided to them in the repository.

Code analysis ensures that the delivered code complies with the company’s standards and has no avoidable vulnerabilities or bugs.

We seamlessly integrate IaC into our CI/CD pipelines to create a new version of the solution and destroy a temporary version with a single click during the CI pipeline.

Automated testing makes early and frequent execution of comprehensive testing easy and cost-effective. Bugs are discovered within hours of writing the code, not weeks later during a release test. This builds confidence in code quality and enables rapid rollouts to production.

In this way, soxes enables its customers to let their developers focus on what they love to do most, creating functionality and adding value to the product. We take care of the rest!

With over 20 years of experience in custom software development, we can guarantee the success of your project. Check our DevOps packages.