In this modern Microservices world, you can’t manage/control everybody and everything in IT. Applications are broken into multiple services that are frequently deployed many times a day, and cannot undergo manual policy checks. You need to apply clear governance policies to ensure that your people and technology are efficient and aligned with business objectives.

The control/management of the software deployments and enforcing specific rules for safe and efficient deployment are needed in IT firms to ensure nothing is breaking/breaching the policies and standards that we keep as part of our objectives and goals of the product. Control of SDLC has two essential considerations:

  1. Process Control in Software Delivery pipelines
  2. Monitoring of Software Delivery pipelines

Process control in Software Delivery pipelines

We can control the software deployment process by enforcing policies in the CD pipelines ( I will showcase the Spinnaker CD platform). Policies are typically divided into two types:

  1. Runtime Policy
  2. Static Policy

Runtime Policy
Runtime policies are used to check the policy condition while the Spinnaker pipeline is executed. Based on the success/failure of the policy checks, the pipeline can be promoted from one stage to the next.

Let us look at an example of runtime policy implementation in Spinnaker:

Compliance managers want to implement a policy to avoid any sort of deployments between a certain period ( also known as the BlackOutWindow period). They can define the policy in OpsMx Autopilot ( Data intelligence layer on the top of Spinnaker).

runtime policy implementation in Spinnaker

Once the above policy is executed, all the Spinnaker deployment pipelines run in the black-out window period will automatically fail ( refer to the screenshot below.)

Spinnaker deployment pipelines fail

Let’s look at the 2nd type of policy.

Static Policy: Policies that are used to ensure specific rules are followed before creating a pipeline ( or app onboarding) in a CD tool. These policies are usually created to avoid unauthorized pipelines that can affect the production system or business. 

Static policies empower compliance managers and release managers to have overall control of deployment.

Let us look at an example:

A release manager has defined a policy in OpsMx Autopilot only to create pipelines in Spinnaker, which has a manual stage in it. This will ensure developers do no random deployments into any environment without approval from a supervisor. 

Spinnaker Static Policy Deploy

The below example highlights that Autopilot’s static policy has avoided creating a Spinnaker pipeline without a manual-judgment stage.  

Autopilot's static policy execution

Monitoring of Delivery pipelines

Monitoring is a key in software delivery to get 360-degree information about execution details, deployment results, time-taken, and triggered by so that we can have all the Audit track what is happening in the system.

We at OpsMx have an Audit page, where it will automatically capture the pipeline information such as:

  1. Pipeline execution– it will capture all the pipeline execution details like Application name, pipeline name, the current status of the pipeline (Success/ Terminal), and execution time.
  2. Pipeline Modification– This stage will capture all the changes that we have made to the pipeline and who had done the changes; by this, we can get the details of the employee who had done changes and have a track of changes.
  3. Policy Audit– In this stage, we can track who had branched the policies and time and Allowed pipelines as well.

With monitoring, we can have eagle eyes on our pipeline and executions.

Monitoring of Delivery pipelines

Watch the below video and find out how you can leverage OpsMx Autopilot to define and enforce policy in Spinnaker.


Policy Management and Governance are vital for ensuring no risk of policy violations and non-adherence is avoided. We at OpsMx provide rich structured policies for safe deployments and control the damage.

Contact us for more information or demo.. 


Submit a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.