It’s often said that DevOps is a philosophy, not a specific set of tools or processes.
That’s true. Nonetheless, practicing the philosophy of DevOps requires tools. Those tools will vary depending on exactly which types of software you are delivering through a DevOps approach and how you are deploying it. Therefore, one organization’s DevOps toolset will look different from another’s.
But no matter what your approach, you will need a solid set of DevOps tools to put your DevOps philosophy into practice. This article identifies the key categories of DevOps tools that most teams will need to consider and names popular offerings within each one.
What is DevOps?
You can find multiple answers to the question “What is DevOps?” Most, however, center on the idea of achieving collaboration between developers and IT operations teams. When the people who write software (i.e., developers) and the people who deploy and maintain it (IT engineers) communicate well and share common goals, the software delivery experience is better for all involved — or so most definitions of DevOps tell us.
In order to build out a DevOps platform, then, you must identify tools that help your organization achieve the core goal of DevOps — reducing friction between development and IT teams — in a way that makes the most sense for your organization.
Key categories of DevOps tools
To figure out which DevOps tools will help you do that, it’s useful to sort the tools into categories. In general, most organizations can expect to construct a DevOps platform by drawing at least one solution from each of the following main categories of DevOps tools.
#1. Source code management
The DevOps delivery chain starts with writing source code. Keeping track of who is writing which code, and how code has changed over time, quickly becomes infeasible if you try to do it manually.
That’s why most DevOps teams use source code management tools. GitHub or GitLab (both of which are essentially Web-based interfaces to the open source tool Git) are among the most popular source code management solutions for DevOps today, but services like Bitbucket (another Git-based platform) and Subversion (an alternative to Git) are widely used as well.
#2. Binary management
Some source code management platforms also provide at least basic support for managing application packages or other binary files. However, because source code is different in most respects than binary files, managing binary objects is a task that is usually better left to a dedicated artifact management solution, like Artifactory.
#3. Continuous Integration
What happens when you have a bunch of new source code written by different developers and you need to integrate it into your application’s main codebase? How can you integrate code from multiple sources efficiently while also ensuring that there is no redundant code, and that you are able to keep track of which application features came from which code integrations?
Continuous Integration (CI) servers solve these challenges by automatically integrating source code into an application’s main codebase. CI servers don’t manage the source code itself (that’s the job of source code management systems, as described above); instead, they help teams manage the relationship between their code and their application. CI servers can also help prepare code to be compiled and tested. Some also automate deployment.
There are a wide variety of CI servers available today. Some, like GitLab’s, are built into larger platforms. Others, like Jenkins and TeamCity, are standalone products.
If you’re not sure which CI server to pick, or you want to use multiple CI servers at once, you can also consider a solution like JFrog Pipelines, which can integrate with and orchestrate CI processes delivered using a variety of other tools.
#4. Automated testing
CI servers can help prepare code to be built and tested, but for actually running the tests, you need an automated testing framework (unless, of course, you want to run each test manually, which is not practical at scale). Automated testing platforms let DevOps teams write and run tests to validate that an application behaves or performs as required. If a new application release fails an automated test, the team can delay deployment until it fixes the issue.
#5. Infrastructure as code
Before you can deploy applications, you need to set up infrastructure to host it. Configuring each server or cloud service manually is hardly a good use of time. It also leaves you prone to making mistakes by accidentally clicking the wrong button or entering the wrong value when configuring an individual server.
Infrastructure-as-Code, or IaC, is a category of DevOps tools that address this challenge by allowing teams to write configuration files that define how software environments should be configured. Then, IaC tools automatically configure infrastructure to match the definitions. This approach saves enormous time when provisioning large-scale environments. It also virtually eliminates the risk of a configuration problem due to human error.
Among the most popular IaC platforms available today are Chef, Puppet and Ansible. Terraform, an IaC service provided by Amazon Web Services, is also widely used within the AWS cloud, but it doesn’t support other environments.
#6. Monitoring and observability
Monitoring tools and observability tools help you track application health and performance once you’ve deployed a new release. (Note that monitoring and observability are not the same thing, but explaining the differences is beyond the scope of this article.) That’s important in order to ensure that any problems that you did not catch during your pre-deployment testing can be identified quickly once software is in production.
The monitoring and observability tool ecosystem is vast. At the most basic level are simple, open source infrastructure monitoring tools like Nagios. You can also find Application Performance Management (APM) solutions, most of which are commercial, such as Instana and New Relic. And then there are data ingestion and analytics platforms like Splunk and the ELK Stack, which can technically be used to interpret data of any type but which target use cases related to application monitoring and management.
There are a vast array of tools designed to help secure DevOps workflows. They range in functionality from tools that can audit IaC files for vulnerabilities (a feature offered by Palo Alto Prisma, among others), to Source Composition Analysis tools that help secure software supply chains, to Security Information and Event Management (SIEM) platforms, which monitor security events in real time and beyond.
All of these tools fall under the umbrella of DevSecOps tools. In fact, the security-centric category of DevOps tools is so expansive that it can’t be covered in full here. Suffice it to say that security tools should be a part of any DevOps toolset; we’ll save the details for a future article on DevSecOps tools.
Choosing a DevOps tool
DevOps teams have a wide variety of tools to choose from. To identify the best tools for your needs, think about factors such as which categories of functionality you need to cover; whether you prefer open source or commercial solutions; and whether you need your DevOps tools to support any type of software delivery and deployment environment, or only a certain one (such as a specific public cloud).