To meet your requirements and guaranteed Service Level Agreements, the following sections give a first overview how we can achieve this.
Existing modules are maintained and bugs are fixed. Extensive test procedures ensure a high quality of the building blocks and a working integration.
This can also be a foundation for your pipeline. From our experience, providing infrastructure and tools for your application landscape, everything is software which needs to fulfill your companies
A proven and reliable transparent release process is crucial to offer curated Building Blocks.
We rely on the development process that each Building Block is based on feature branch. We rely on the development process that each Building Block includes a production branch (main), a release (or development) branch (next) and feature branches. We develop on the release branch, from which we checkout feature branches for each feature/bug and after we're done developing, we merge it back to the release branch.
Eventually, if we are confident to merge this release branch, it will be merged into the production branch (main).
This is a well known and proven process which you can also find in the git-flow idea.
For an upcoming release we collect the following information:
For container vulnerability scans, we use trivy. This process takes place on each feature branch pipeline and is also scheduled once a day for each building block, so that we get the latest updates on vulnerabilities. A scan on severe or critical vulnerability is in this stage sufficient.
Updates on security matter are reported directly to our experts and actions are taken immediately, if needed.
On the next pages you will learn more about how we achieve our guaranteed service level agreement