The Continuous Delivery Maturity Model

We’ll cover a number of practices that will help you improve the effectiveness of your CI/CD service. Feel free to read through as written or skip ahead to areas that interest you. Building up your pipeline incrementally, with achievable goals along the way, makes the process more manageable and provides opportunities to take stock and learn from what you have done so far.

ci cd maturity model

Students will need to achieve at least ‘intermediate’ level for a sufficient score. The principles and methods of Continuous Delivery are rapidly gaining recognition as a successful strategy for true business agility. ” How do you start with Continuous Delivery, and how do you transform your organization to ensure sustainable results. This Maturity Model aims to give structure and understanding to some of the key aspects you need to consider when adopting Continuous Delivery in your organization.

What is DevOps Maturity?

Failures in a CI/CD pipeline are immediately visible and halt the advancement of the affected release to later stages of the cycle. This is a gatekeeping mechanism that safeguards the more important environments from untrusted code. At this level the work with modularization will evolve into identifying and breaking out modules into components that are self-contained and separately deployed. At this stage it will also be natural to start migrating scattered and ad-hoc managed application and runtime configuration into version control and treat it as part of the application just like any other code. Continuous Deployment – Continuous deployment goes one step further than continuous delivery, with each build forgoes a manual check, and is automatically pushed to production.

Advanced practices include fully automatic acceptance tests and maybe also generating structured acceptance criteria directly from requirements with e.g. specification by example and domains specific languages. If you correlate test coverage with change traceability you can start practicing risk based testing for better value of manual exploratory testing. At the advanced level some organizations might also start looking at automating performance tests and security scans. At this level real time graphs and other reports will typically also include trends over time. At intermediate level, builds are typically triggered from the source control system on each commit, tying a specific commit to a specific build.

Verifying expected business value of changes becomes more natural when the organization, culture and tooling has reached a certain maturity level and feedback of relevant business metrics is fast and accessible. As an example the implementation of a new feature must also include a way to verify the expected business result by making sure the relevant metrics can be pulled or pushed from the application. The definition of done must also be extended from release to sometime later when business has analyzed the effects of the released feature or change.. These tests are especially valuable when working in a highly component based architecture or when good complete integration tests are difficult to implement or too slow to run frequently.


A high level of DevOps maturity would be indicated by the use of a large number of DevOps practices. To keep up with the competition, it is crucial for businesses to deploy updates and new features as quickly as possible. However, this can be difficult when multiple people are working on different parts of the codebase. Explore the possibility to hire a dedicated R&D team that helps your company to scale product development. Execute unit, integration, API, end-to-end UI, and performance tests against the build.

Your application team will be trained in 12 factor applications, microservice and cloud native patterns. You will also require developers who are quite comfortable with cloud native concepts and tooling such as kubectl in order to bootstrap your development team. DevOps is a software development methodology that stresses collaboration and communication between software developers and operations professionals. It aims to shorten the development cycle and improve the quality of software products. The Ci Cd maturity model can be used as a guide to help organizations measure their progress in implementing CI and CD practices. The model can also be used to identify areas where organizations can make improvements.

ci cd maturity model

Delivering on this aspect of maturity requires extensive builds, tests, security scans, code coverage, and constant monitoring of the automated elements in the deployment pipeline. The goal of automation or CI/CD is to enhance software quality by pre-emptive elimination of issues through continuous testing. This is made possible by the ability to detect quality issues and defects in code changes on a smaller level early on in the process. As a result, the feedback loop between the users and development teams is shortened drastically. Testing is without doubt very important for any software development operation and is an absolutely crucial part of a successful implementation of Continuous Delivery. Similar to Build & Deploy, maturity in this category will involve tools and automation.

Getting all stakeholders on board is also equally critical to ensure that the shift to DevOps practices isn’t self-sabotaged or hindered in any way. Choose the areas which requires improvement ci cd maturity model or your organization really cares about. For instance, if your organization emphasize on getting the work done rather than too particular about reports then exclude this area from your model.

Run Your Fastest Tests Early

Your focus is on getting the baseline technology implemented, and you won’t be in production yet. Default security settings will be used and will work in pre-production. You’ll spend time identifying your open source security posture and conduct a security POC of the pre-production environment so that both Dev, Ops and security understands what is required in cloud native workloads.

ci cd maturity model

For any non-trivial business of reasonable size this will unfortunately include quite a lot of steps and activities. The end-to-end process of developing and releasing software is often long and cumbersome, it involves many people, departments and obstacles which can make the effort needed to implement Continuous Delivery seem overwhelming. These are questions that inevitably will come up when you start looking at implementing Continuous Delivery. Chaos Engineering – Chaos engineering is the practice of experimenting on a system to test it’s resiliency and is driven by the certainty that a system; at some point, will fail. This is especially true with the uncertainty introduced by the rapid and frequent releases of DevOps.

Level 1 – Build

Releasing code weekly, daily, or even on an hourly basis is fast becoming a norm. The concept of continuous testing has evolved out of a need to perform testing and maintenance at a much faster rate for the sake of keeping up the cadence of releases. DevOps must be looked at as a cultural shift more than a technological one. Leveraging the potential of these practices not only requires efficient cross-functional collaborations but also a pervasive outlook on the organizational level capable of embracing and overcoming rapid and repeated failures.

  • At beginner level, the monolithic structure of the system is addressed by splitting the system into modules.
  • Any performance or build quality issues can hamper the end-user experience.
  • DevSecOps – Skipping out on security puts customers, brand, and bottom line at risk.
  • Roadmaps help organizations visualize their goals and strategies, and they can also help identify and track the progress of individual projects and tasks.
  • A high level of DevOps maturity would be indicated by a culture that is open to change and willing to experiment with new approaches.
  • The idea allows one to run various types of tests at each stage and complete it by launching with the deployment of the system in the actual product that end-users see.

Selecting the right DevOps services can make all the difference in this area, and that’s where the DevOps Maturity Model comes into play. But if you really want to create score card using above model then some modifications are required. First, we need to eliminate areas or practices which are not applicable and second we need to define metrics. To truly reach the CD zenith software engineers really have to turn all the IT “dials” to the max.

We list all the processes and practices that need to be in place before you can truly claim that you have made Continuous Deployments possible. The guide makes certain basic assumptions i.e. it assumes your code is managed in a version control system. We specifically omit certain items such as microservices since you can achieve CD without using microservices. Senior developer and architect with experience in operations of large system. Strong believer that Continuous Delivery and DevOps is the natural step in the evolution of Agile and Lean movement. Wants to change the way we look at systems development today, moving it to the next level where we focus more time on developing features than doing manually repetitive tasks.

Keep Your Pipelines Fast

Amplifying feedback can help you catch failures before they make it downstream, and accelerate your time to resolution. One easy way to speed up feedback is by automating notifications so that teams are alerted to incidents or bugs when they happen. See how Atlassian’s Site Reliability Engineersdo incident managementand practice ChatOps for conversation-driven development. To do so, you need a strong continuous integration pipeline that tests, packages, and delivers your releases. The list is quite intimidating so we’ve highlighted the practices we think you should focus on when starting on this journey. The high priority practices were chosen because they give the most impact in terms of productivity, quality, delivery and risk mitigation.

CI/CD Maturity Model

Developers may attempt to resolve external dependencies themselves, slowing down feedback, with incomplete features per sprint. The best way to measure DevOps maturity is to benchmark your company against others in your industry. Typically, code changes were held up for at least a week before reaching customers. The answer to these questions will give you a realistic idea of where you stand in your DevOps maturity journey.

When cloud-native applications are implemented using a DevOps approach with CI/CD, they can produce substantial ROI. You will map application requirements, both functional and non-functional, such as performance, capacity, and availability, and define how your organization will scale. Feedback will be manual such as by Slack, email, and phone, and you’ll also remediate manually also. You will start to implement repeatability by defining your Git workflow. Platform and technology lifecycle and updates, particularly security updates, need to be applied on a regular basis as vulnerable systems pose specific risks. You will likely be applying these updates by hand on an adhoc basis, or using update systems included in distributions.

Dev and ops teams use a common set of tools but don’t have visibility into each others’ work. To measure DevOps maturity by data you have to take into account the ability of DataOps to take action for automating data changes and automatically verify functionality. Like this, think about all other practices and see if you can define corresponding metrics. This will make your model more realistic and it will be easy to measure the maturity. If your company is in a domain which is fairly stable or market doesn’t demand frequent delivery of features then “Zero touch deployment” may not be required.

This system and integration level testing is typically done by a separate department that conducts long and cumbersome test periods after development “code freeze”. Part of what makes it possible for CI/CD to improve your development practices and code quality is that tooling often helps enforce best practices for testing and deployment. Promoting code through your CI/CD pipelines requires each change to demonstrate that it adheres to your organization’s codified standards and procedures.

Leave a comment