Exploiting devops practices for dependable and secure continuous delivery pipelines

Continuous delivery (CD) pipelines recently gained wide adoption. They provide means for short and high-frequent development cycles in DevOps by automating many steps after a commit has been issued and bringing it into production. CD pipelines have become essential for development and delivery. Hence, they are crucial and business-critical assets that need to be protected from harm in terms of dependability and security. DevOps practices like canary releasing and A/B testing aim to improve the quality of the software that is built by CD pipelines while keeping a high pace of development. Although CD is a part of DevOps, the DevOps practices have primarily been applied to the artifacts that are processed but not on the pipelines themselves. We outline our vision of using these DevOps practices to improve the dependability and security of CD pipelines. The goal is to detect, diagnose, and resolve dependability and security issues in the CD pipeline behavior. In this paper, we outline our envisioned roadmap and preliminary results from an ongoing industrial case study.