Yes sir, I can GitOps! SDLC automation in a regulated industry
Working in a heavily regulated industry such as Finance comes with a series of constraints on how we work.
Oftentimes, there is some resistance to automating parts of the SDLC as it might be not compliant; moreso if each team comes up with their own solution for this automation.
This is where platform engineering offers a particularly interesting solution to the problem, offering a set of "out-of-the-box compliant" building blocks which are:
- Maintained by the platform team
- Reviewed by relevant experts working in security, compliance or networking
- Used by the different development teams to build the pipelines with which they deliver (build, test, deploy and release) their software
For us at Banking Cirlce, examples of these building blocks include pipeline templates, IaC modules, a Feature Flags management system, or pipelines that can create projects and repositories.
By using a platform-based approach, development teams can own the entire lifecycle of their software, from the moment they introduce a change to the moment that change is deployed on production.