Following the SolarWinds breach, compromising source code has proven to be a viable and very effective way of making cyber attacks. It works when the attacker utilizes the trust of the compromised company to elevate their reach into multiple customers’ core networks.

On top of that, it was revealed yesterday that the PHP source code repository has also been compromised. If left unnoticed, all servers running PHP could have been targeted once they updated the PHP version. To be clear, the compromised commits were found before they hit the production version of PHP — so do not worry if you are running PHP servers. However, it keenly illustrates the importance of security in your software delivery chain.

Indeed, both of these stories highlight the fact that source code leaks may no longer be our primary security breach concern anymore.

Security is a…


Implementing DevOps into your design system is key to kick-starting new innovations faster as it narrows down the gap between design and delivery.

Last night, in a moment of inspiration, I developed an application. I started at six o’clock in the evening, and at one o’clock it was already deployed with all the bells and whistles, like unit and acceptance testing, SSL certificates, and running in Kubernetes.

In other words, it only took seven hours from an idea to production. And before being ready, I had already had a number of successful deliveries.

How is this possible, you might ask?

The answer is having the Continuous Delivery pipeline connected to a design system. The fact is, that DevOps has actually started even before…


Financial due diligence is a de facto assessment carried out when purchasing or investing in any software company.

Why is technical due diligence needed?

Eficode has been undertaking DevOps and software audits for many years now. During this time we have seen multiple cases where business-critical solutions have been in such a bad state that the only way to progress forward is to rebuild from scratch.

We have also witnessed the worst-case scenario where rebuilding would be such a big, expensive effort that the business income is not able to cover the required additional investment in any reasonable time.

For the last three years, Eficode has…


DevOps is about feedback loops and injecting information where it has the most impact. So we talk about shifting left as if it is benevolent altruism. In this post, I cover the shift left fallacy, how we fail at shifting left, and how we can improve the way we obtain and utilize feedback.

Gaining feedback and directing it to where it will be effective is a key part of DevOps. But is talk of “shifting left” a fallacy that hides our failings?

DevOps is all about shifting left and shortening feedback loops. Or at least it’s about shifting a third…


It is not unheard of to manage your test cases in Jira. Issues are a great container to hold test specifications and steps within it.

Traditionally, if you wanted to do test management using Jira, you would have to create new custom fields with test steps and a separate field for requirements. This often feels clumsy and makes people drift away from Jira for test management and just report on test results in Confluence. There are, however, multiple Jira add-ons for making product managers’ and testers’ life easier.

In our experience, the four big outstanders within this sector are Xray…


Service desk. This term might bring to mind the IT Crowd, a British comedy where IT support’s first response to any contact is “have you tried turning it off and on again?”. Maybe it’s the place you reach out to when you’ve forgotten your password or need to ask for help when the printer is jammed.

You might think a service desk is just a support function, something IT-related, nothing to do with me.

But a service desk can be more than that. Digitalization has come to revolutionize basically every aspect of how businesses run. As a result, organizations are…


How did security become an inseparable part of DevOps? DevSecOps argues that security measures must be integrated into every aspect of your software production process.

The birth of DevSecOps

The term DevOps was coined in 2008 and quickly spread like wildfire, with its embrace of agile environments that foster communication and the exchange of ideas within an organisation.

However, some of these practices were initially left behind a bit, and security was the reason why.

Security was never that great in old organisational siloed models either. Keeping security separate from development and operations permanently would have been disastrous, as it would have slowed the…


Continuous improvement should be at the core of any organization that applies DevOps practices. Metrics is key here as it is very hard to improve the ways of working without having up-to-date, data-driven information on the project status, performance, and quality.

Earlier in this blog series we have discussed how you can move towards a centralized DevOps platform by first enhancing the overall robustness of your in-house system and by enabling high throughput in your team. Now it’s time for the third step, which is to create visibility across the software pipeline.

How well is DevOps methodology adopted in your projects?

Having visibility across the pipeline makes it easier…


Shifting left, Shifting left, everybody knows DevOps means shifting left.

Test-Driven Development (TDD) is familiar to most developers. Acceptance Test-Driven Development (ATDD) sits more on the business requirements side of the process and may not be as familiar. Both techniques allow for shorter development cycles. This practical walk-through shows you why and how.


A centralized DevOps platform is an inseparable part of modern software development. It helps companies achieve fast, cost-efficient and automated software production. The first step in building a centralized platform is to start enhancing the overall robustness of your in-house system.

System robustness is achieved by eliminating single points of failure in the system that would prevent successful transition. Often, the points of failure are related to people, technologies, tools or documentation. In this blogpost, I will guide you through the first step on how your company can start building a centralized platform like Eficode ROOT.

Why is ‘robustness’ step 1 in the process?

When I say robustness…

Eficode DevOps

The leading DevOps company in Europe, driving the DevOps movement and building the future of software development together across 🇫🇮🇸🇪🇩🇰🇳🇴🇳🇱🇩🇪🇵🇱

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store