DevOps practices and technologies are evolving so fast that many organizations are having trouble keeping pace with the change. For this reason, an out-of-the-box DevOps solution can simplify and accelerate adoption and allow organizations to focus on delivering strategic applications rather than tooling. A best-in-class solution must integrate key technologies and also address security–maturing DevOps into DevSecOps.

Herzum, the Agile and DevOps leader, created the OnRamp To Continuous Delivery solution to lower the costs and risks associated with digital transformation efforts. This Continuous Delivery Release Automation (“CDRA”) framework provides a turn-key implementation for either on-premise or hybrid cloud tooling to fully enable a DevSecOps practice within any enterprise. This advanced framework integrates best-in-class technologies from Atlassian, RedHat, and Sonatype to address all DevOps activities.

Herzum supports the “Shift-Left” mantra and its emphasis on Continuous Testing and the automation of a seamless delivery pipeline. Automated feedback loops help development teams receive customer feedback from production usage. Fast-and-frequent releases are leveraged in production to utilize key performance indicators (KPI’s) and runtime analytics to guide ongoing continuous improvement.


Releases are intelligently automated across the development lifecycle using the Atlassian tools and Continuous Delivery through the API interfaces to the deployment tooling. Red Hat’s Ansible and OpenShift products are two leading technologies used to automate continuous deployment of hybrid cloud and on-premise application infrastructures. When containers are employed, the OpenShift product’s support of Kubernetes for container orchestration provides added production monitoring and management.


By using workflow automation in a bi-directional flow, the Release-and-Adapt processes recommended for a Continuous Delivery pipeline may be fully automated. Automation speeds deployment and enables a true definition of done by closing the KPI feedback loop with production use. Defined, automated metrics ensure that released applications containing defects requiring immediate remediation are quickly rolled back without human intervention. Global deployments no longer rely on the 3:00 am wakeup call.


Industry best practices for security and governance require automated scanning at build-time and during production. Scanning tools detect component-level malware and vulnerabilities to allow remediation prior to release or after newly detected vulnerabilities are discovered. When integrated with the Release Gating and Continuous Quality automation, tools such as Sonatype’s Nexus Lifecycle automate vital governance policy. Deployment recommendations or prohibitions are highlighted for stakeholder review. Read more


Once in production, release monitoring is continuously performed. If help desk trouble tickets spike or new releases trigger workload malfunctions, defects are automatically and/or easily logged and reported back to iterative development. Organizations can set threshold tolerances through workflow rules to automatically trigger the use of configuration management software, such as Ansible, to rollback the defective release. Workflow logs and routes related tickets back to the development organization to facilitate a quick remedy.