Here’s an overview of ten tools that can be used by DevOps practitioners.
DevOps is a culture and its implementation helps us to manage the application life cycle effectively by using automation. DevOps has three pillars:
- People
- Processes
- Tools
Tools play a critical part in DevOps or culture transformation initiatives. However, people and processes help to maintain uniformity and sustainability across business units or projects in an organisation. DevOps enables faster time to market with high quality products.
I have used a few tools and believe they will be very important in the implementation of DevOps and DevSecOps practices in 2023 and beyond. Let’s take a brief look at what they offer.
1. GitLab
GitLab is the DevOps platform that provides features for different phases of software development, from planning to production. It helps to plan, develop, secure, and operate software in a single application. Its features include cache and artifact management.
GitLab is one of the most futuristic and forward-looking tools for the implementation of DevOps practices.
Initial release | 2014 | ||||||||||||||||||||||||||||||
Stable release | 15.7.1 | ||||||||||||||||||||||||||||||
Written in | Ruby, Go and JavaScript | ||||||||||||||||||||||||||||||
Licence | Community Edition – MIT License | ||||||||||||||||||||||||||||||
Website | about.gitlab.com | ||||||||||||||||||||||||||||||
GitHub repository | https://gitlab.com/gitlab-org/gitlab https://gitlab.com/gitlab-org/gitlab-foss/ |
||||||||||||||||||||||||||||||
Features |
|
||||||||||||||||||||||||||||||
How is it useful in DevOps practices implementation? | DevOps platform
|
||||||||||||||||||||||||||||||
Can we integrate it with Pipeline as Code? | Yes; Gitlab-ci.yaml |
||||||||||||||||||||||||||||||
Is a commercial flavour available? | Yes | ||||||||||||||||||||||||||||||
Pricing | DevSecOps platform: https://about.gitlab.com/pricing/ Free, Premium, Ultimate |
||||||||||||||||||||||||||||||
Community | Number of wider community contributors: 778 | ||||||||||||||||||||||||||||||
Use cases |
|
||||||||||||||||||||||||||||||
Important Git commands |
|
2. Jenkins
Jenkins is an open source tool that provides integration with the existing tools used in application life cycle management to automate all activities — build, test, and deploy. It is almost a synonym for DevOps, and is one of the easiest to learn. It has a huge community for support. We can easily install Jenkins in the Kubernetes cluster and utilise multiple cloud services to make it highly available.
Jenkins provides a simple way to create a pipeline that includes continuous integration and continuous delivery. It can be used creatively for managing entire life cycle management activities easily. Plugin based architecture helps us to use the existing tools in the pipeline and hence too many changes in culture can be avoided in one go.
Initial release | 2011 |
Stable release | 2.375.1 LTS. More information at https://www.jenkins.io/changelog-stable/ |
Written in | Java |
Licence | MIT |
Website | www.jenkins.io |
GitHub repository | https://github.com/jenkinsci/jenkins |
Features |
|
How is it useful in DevOps practices implementation? | Automation server that helps to automate activities involved in application life cycle management |
Can we integrate it with Pipeline as Code? | Pipeline as Code using Jenkinsfile
|
Is a commercial flavour available? | CloudBees Jenkins |
Awards |
|
Third party integrations |
|
3. SonarQube
SonarQube helps to clear bugs, vulnerabilities and code smell in the code. SonarQube 9.8 brings new rules across JavaScript, Kotlin, C++, and Python. It supports more than 20 programming languages for static code analysis (SCA).
It is much easier to integrate SCA using SonarQube in Pipeline as Code. It helps to transform the culture of an organisation from manual to automated code reviews with quality gates and quality profiles.
Initial release | 2006-07 |
Stable release | 9.8, https://www.sonarsource.com/products/sonarqube/whats-new/sonarqube-9-8/ |
Written in | Java |
Licence | Lesser GNU General Public License |
Website | https://www.sonarqube.org/ |
GitHub repository | https://github.com/SonarSource/sonarqube |
Features |
|
How is it useful in DevOps practices implementation? | Static code analysis |
Can we integrate it with Pipeline as Code? | Yes |
Is a commercial flavour available? | Yes |
4. Docker
A Docker container image is a standalone package that contains all the dependencies required for running an application. This open source lightweight tool helps to create, deploy, and manage containers on a different host operating system using resource isolation features, such as cgroups and Linux kernels. Docker Desktop is a very helpful application for beginners and advanced users of MacOS, Linux, and Windows machines for building and sharing containerised applications and microservices. It can be used for free as part of a Docker Personal subscription.
A container can package application code, libraries, and configurations. The container engine is installed on the host OS.
Docker and Kubernetes have changed the game as Infrastructure as Code and Pipeline as Code have become a norm in recent times.
Initial release | 2013 | ||||||||||||||||||||||||||||||
Stable release | 20.10.22 | ||||||||||||||||||||||||||||||
Written in | Go | ||||||||||||||||||||||||||||||
Licence | Apache License 2.0 Docker Community Edition |
||||||||||||||||||||||||||||||
Website | https://hub.docker.com/ https://www.docker.com/ | ||||||||||||||||||||||||||||||
GitHub repository | https://github.com/docker | ||||||||||||||||||||||||||||||
Features | Easy management of applications Docker Hub – Public Registry Uniform packaging Integrates well with Kubernetes |
||||||||||||||||||||||||||||||
How is it useful in DevOps practices implementation? | OS-level virtualisation, Containers | ||||||||||||||||||||||||||||||
Can we integrate it with Pipeline as Code? | Yes | ||||||||||||||||||||||||||||||
Is a commercial flavour available? | Docker Enterprise Edition | ||||||||||||||||||||||||||||||
Docker commands |
|
5. Trivy
Trivy is an open source yet simple and comprehensive vulnerability/misconfiguration scanner for containers and other artifacts. It can scan targets such as container image, file system, Git repository (remote), virtual machine image, Kubernetes, and AWS.
In my experience, it is easy to integrate Trivy scanning in Pipeline as Code and make sure that images are secure.
Stable release | V0.36.0 |
Written in | Go |
Licence | Apache-2.0 License |
Website | https://aquasecurity.github.io/trivy/v0.36/ |
GitHub repository | https://github.com/aquasecurity/trivy |
Features |
|
How is it useful in DevOps practices implementation? | To find vulnerabilities of Docker images; DevSecOps |
Can we integrate it with Pipeline as Code? | Yes. The pipeline stage can be used to analyse Docker images and publish the report |
Example | trivy image python:3.4-alpine |
Docker image | docker pull aquasec/trivy |
Installation |
|
6. Terraform
Terraform is an open source ‘Infrastructure as Code’ tool, created by HashiCorp, which helps us to create immutable infrastructure to avoid the problem of configuration drift. This platform-agnostic declarative coding tool helps developers use a high-level configuration language to manage infrastructure.
Terraform supports different cloud providers and different services provided by cloud providers, as listed below:
AWS | Azure | Google Cloud Platform | Oracle Cloud Infrastructure |
Alibaba Cloud | VMware vSphere | GitHub | Kubernetes |
Apigee | GitLab | Artifactory | Octopus Deploy |
Terraform Cloud is HashiCorp’s managed service offering that helps you with infrastructure automation.
In my experience, this is yet another tool that has changed the game.
Initial release | 2014 | ||||||||||||||||||||||||||||||
Stable release | 1.3.6 | ||||||||||||||||||||||||||||||
Written in | Go | ||||||||||||||||||||||||||||||
Licence | Mozilla Public License v2.0 | ||||||||||||||||||||||||||||||
Website | https://www.terraform.io/ | ||||||||||||||||||||||||||||||
GitHub repository | https://github.com/hashicorp/terraform | ||||||||||||||||||||||||||||||
How is it useful in DevOps practices implementation? | Infrastructure as Code | ||||||||||||||||||||||||||||||
Can we integrate it with Pipeline as Code? | Yes. It can be part of Pipeline as Code and different strategies can be used to create resources and deploy applications in different cloud platforms. |
||||||||||||||||||||||||||||||
Important Terraform commands |
|
||||||||||||||||||||||||||||||
Tutorials | https://learn.hashicorp.com/terraform |
7. Kubernetes
Kubernetes or k8s is an open source, extensible, and portable container orchestration platform founded by Google. It provides declarative configuration and automation for deployment automation. It has become one of the most popular tools in DevOps practices implementation with its features related to deployment, management, and scaling applications in Kubernetes clusters. It works as a booster in managing resources effectively.
We can create a Kubernetes cluster in an on-premise environment as well as different cloud deployment models such as private and public clouds. Public cloud provides managed services for Kubernetes. Google Cloud Platform has Google Kubernetes Engine, AWS has Amazon Elastic Kubernetes Services (EKS), while Azure has Azure Kubernetes Service (AKS) for managing Kubernetes cluster in a cloud environment.
Some major removals, deprecations and changes in version 1.26 are:
- Based on inclusive naming initiative, the –prune-whitelist flag has been replaced with –prune-allowlist
- Dynamic kubelet configuration has been removed from the API server
- Deprecations for kube-apiserver command line argument –master-service-namespace
- Deprecations for kubectl run command line arguments such as –cascade, –filename, –force, –grace-period, and so on
- The v1beta1 flow control API group and the v2beta2 HorizontalPodAutoscaler API have been removed
Initial release | 2014 | ||||||||||||||||||||
Stable release | 1.26 | ||||||||||||||||||||
Written in | Go | ||||||||||||||||||||
Go | Apache License 2.0 | ||||||||||||||||||||
Website | https://kubernetes.io/ | ||||||||||||||||||||
GitHub repository | https://github.com/kubernetes/Kubernetes | ||||||||||||||||||||
Features |
|
||||||||||||||||||||
How is it useful in DevOps practices implementation? | Container orchestration and management. Combined with Infrastructure as Code practice, automation can be achieved in an end-to-end manner for resource provisioning based on the support provided by IaC tool. |
||||||||||||||||||||
Can we integrate it with Pipeline as Code? | Yes | ||||||||||||||||||||
Is a commercial flavour available? | Cloud flavours are available such as EKS, AKS, and GKE | ||||||||||||||||||||
Important Kubernetes commands |
|
8. Lens
Lens Desktop is an exciting platform for working with Kubernetes. It is a distribution of the OpenLens repository with specific customisations, and is free of charge. For more details, you can visit https://k8slens.dev/pricing.html.
Lens is extremely useful for all those who are managing infrastructure, as it gives a 360 degree view of all the resources available in a cluster along with description and logs. You can also view YAML files for deployments, services, pods, secrets, and so on.
Initial release | 2019 (https://github.com/lensapp/lens/tags?after=v3.2.0-rc.1) |
Stable release | 6.3.0 |
Written in | TypeScript, JavaScript, Makefile |
Licence | MIT License |
Website | https://k8slens.dev/ |
GitHub repository | https://github.com/lensapp/lens |
How is it useful in DevOps practices implementation? |
|
Can we integrate it with Pipeline as Code? | N/A. Helps to view all the resources available in the Kubernetes Cluster. |
Is a commercial flavour available? | Lens Pro is a complete solution for cloud native professionals. Monthly and annual billing included in Lens Pro:
|
9. OWASP ZAP
In software security testing, we assess and verify a system against security risks and vulnerabilities. System security testing can be categorised as per the Open Web Application Security Project (OWASP) in the following way:
- Vulnerability assessment, where scanning and analysing of security risks are performed
- Penetration testing, where simulated malicious attackers attack the system and analyse it
- Code review, where review and analysis of the system takes place to find vulnerabilities.
OWASP’s Zed Attack Proxy (ZAP) is a flexible, extensible and open source penetration testing tool, also known as a ‘man-in-the-middle proxy’. ZAP can intercept and inspect messages sent between browser and web applications, and perform other operations as well.
Automated pen testing is an important part of the CI/CD pipeline. Pen tests have stages such as explore, attack and report. OWASP ZAP fills the important gap of verifying applications and protecting them from multiple security threats.
Initial release | 2014 |
Stable release | 2.12.0 |
Written in | Java |
Licence | Apache License 2.0 |
Website | https://owasp.org/www-project-zap/ |
GitHub repository | https://github.com/zaproxy/zaproxy |
Features |
|
Risk categories |
|
How is it useful in DevOps practices implementation? | Penetration testing |
Can we integrate it with Pipeline as Code? | Yes |
Is a commercial flavour available? | N/A |
ZAP Docker image scan | Docker stable image can be obtained using docker pull owasp/zap2docker-stable:
|
10. Grafana
Grafana is available as a fully managed tool with Grafana Cloud, or you can run the enterprise version on your infrastructure with self-managed options. You can visit publicly available dashboards from https://grafana.com/grafana/dashboards/ and import them in your Grafana instance to visualise data quickly.
In my experience, Grafana is one of the most useful tools while using Kubernetes on-premise or cloud providers such as AWS, Microsoft Azure or GCP. It supports Windows, Linux, and MacOS. It is easy to install, configure, and manage Grafana and monitoring metrics keeping Prometheus as a data source.
Initial release | 2014 |
Stable release | 9.3.1 |
Written in | Go, TypeScript |
Licence | GNU Affero General Public License, version 3.0 |
Website | https://grafana.com/ |
GitHub repository | https://github.com/grafana/grafana |
Supported data sources |
|
Features | Panels – heatmaps to histograms Plugins – https://grafana.com/grafana/plugins/ Alerts Annotations |
How is it useful in DevOps practices implementation? | Visualisation of monitoring metrics. Another important thing to note is that you can convert the logs of third party tools into normal logging such as Google Cloud Logging -> Create Log Router Sink to route logs to supported Google services. |
Is a commercial flavour available? | https://grafana.com/pricing/ |