Atomstate Implements enterprise DevSecOps pipelines for one of the largest Indian MNC private lenders.

The Client

The client is one of the largest Indian private lenders with operations in around 17 countries.

The Challenge

The client’s internal software development group was looking for automated pipelines to deploy changes to multiple environments. They had .NET and Java applications. There were legacy and as well as latest flavors of a stack. For example, in .NET stack there were applications ranging from .NET 1 to .NET core. Oracle and MSSQL were the databases.

There were multiple issues plaguing this team in adopting latest delivery models. They were.

• They were manually building the application and deploying them to server directly from IDE like Visual Studio sans testing. No one knew what went through and how it went though.
• Resources were shared among other teams. There wasn’t a proper plan on timelines, SLAs, burnouts, etc for each delivery.
• Every team followed a different methodology to deliver the application changes. There were around 150+ applications. In short, there were 150+ islands working with different governance models.
• Traceability and transparency were absent.
• Testing though was not expansive, but there was manual testing for certain applications.

It used to take an average of 1-1.5 months to deliver a feature.

The Solution

Atomstate has delivered an enterprise DevSecOps pipeline that has eliminated every bottleneck of previous manual approaches.

Our solution has specifically delivered the following

• A centralized pipeline - We have architected and a laid down a DevSecOps pipeline catering to 150+ applications of internal software development group. We have migrated them from desktop & IDE based deployment model to a centralized pipeline-based deployment model. The pipel
• SVN to Git Migration - We have migrated applications from SVN-based version control system to Git-based version control system. Git system gives support to advanced features such as pull-request, branch merging, etc that aids in agile sprint model.
• Agile Implementation - We had implemented agile model of development. As a part of this, we have conducted workshops, PoCs and implemented agile model for all teams with customized workflows.
• Dashboarding - We have setup a central DevSecOps dashboard in Grafana by scraping data from multiple end points. This gave the higher stakeholders the data to analyze the impact of their initiatives. better.

The Impact

• The events were traceable across the SDLC journey giving necessary ammunition to the higher stakeholders.
• The whole engagement of migrating 150+ applications with complexities to a centralized DevSecOps pipeline was completed in 6 months.
• Improved the code coverage of application by instituting the importance of unit testing and shift left strategy.
• Embedded testing and security in DevSecOps pipeline leveraging open source and enterprise platforms. New application versions weren’t propagated to production environments if they fail test and security’s quality gates.
• Teams were delivering in agile fashion. The teams have shifted from longer release cycles to shorter release cycles that has aided in robust feedback loops.