M.25) Continuous deployment

Category:        Development process

Responsible:   CTO

Effort:              Initial around 5 hours, but this measure will save many hours

Based on:       Agile practices [1], Recommendation of the author because of security benefits

Automation suites like Puppet and Chef allow companies to fully automate the software test, delivery and deployment process. A simple “git merge” and “git push” command to a specific branch and the changes will automatically get tested and deployed if all tests succeed. A sample process for continuous delivery can look like this:

continuous deployment

This measure is a further improvement to automated regression tests and allows the company to be much more agile and to deliver new features and bug-fixes within minutes. This can also be very important from security perspective, since

  1. mistakes during deployment are prohibited
  2. many times developers skip tests to deliver software faster (if there are problems). This can lead to new problems or to unrecognized security issues. With continuous deployment, during delivery of each new feature security tests are automatically performed and cannot be forgotten or omitted.
  3. security patches can be delivered faster.



[1] Agile Alliance, “Continuous Deployment,” [Online]. Available:
https://www.agilealliance.org/glossary/continuous-deployment/. [Accessed 01 10



The information contained in this website is for general information purposes only. You can find more information about the accuracy of the information on the disclaimer and terms and conditions pages.