The DevOps Periodic Table, courtesy of Digital.ai, makes me smile. Much like the chemical periodic table, it is a structured collection of tools and methodologies that drive modern IT operations. However, unlike chemistry, where H2O reliably remains water, in IT, acronyms often have multiple meanings. For example, is “CI” a Continuous Integration or a Configuration Item? Answer: It depends!
I thought it would be fun to break down some of the most notable TLAs (Three Letter Acronyms) and decipher what they really mean. Are you ready?
- CI/CD – The dynamic duo (or trio) of software delivery
Continuous Integration (CI) ensures developers continuously merge (integrate) their code together within a shared repository.
Continuous Delivery (CD) describes the ability to continually build, test and deploy code changes in non-production environments. Without it, software updates would be like assembling IKEA furniture without instructions, which would be frustrating and prone to mistakes!
Continuous Deployment (also CD) refers to the act of pushing every change automatically through to production environments. Provided test automation and quality checks pass, a new feature could reach an end user within minutes of the developer committing their code.
Tools like Jenkins (Jn), GitLab (Glc), Azure DevOps (Azc), and AWS CodeBuild (Acb) help us develop ‘pipelines’ to quality check, scan, label, merge, build, test, package and deploy code automatically, thereby reducing the time lag between a new requirement being identified and the end user getting to consume it.
- SCM – Source Code Management or “Some Crazy Mess”?
Source Code Management (SCM) tools like Git (used by BitBucket (Abb), GitHub (Gh), Azure DevOps, etc.) help teams track changes in their codebase, preventing disasters like “I did a rm -rf” moments. Think of SCM as a time machine for your code, letting you go back and see who changed what, when, and why (and hopefully undo any catastrophic errors).
If you think about it, without SCM, developers would still be renaming files like final_version_2.0_revised_FINAL_FOR_REAL_THIS_TIME.py.
- APM – Keeping your Apps from melting down
Application Performance Monitoring (APM) is the guardian angel of software, constantly watching over how your applications perform in real-time. If something slows down, crashes, or behaves oddly, APM tools (like New Relic (Nr) and Dynatrace (Dt) help track the issue before it spirals out of control.
Imagine APM as a doctor giving your software a health check-up! Except this doctor works 24/7 and doesn’t need coffee breaks!
- IaC – Where code meets infrastructure
Infrastructure as Code (IaC) takes the old-school, manual way of setting up servers and replaces it with scripts and automation. Tools like Terraform (Ht) and Ansible (Rha) allow IT teams to define infrastructure using code, making deployments faster and more reliable.
It’s like having a recipe for a perfect cake—except instead of flour and eggs, you’re mixing servers and cloud configurations. And best of all, there are no more “but it worked on my machine” excuses!
- SAST vs. DAST – The Security Superheroes
Security is a huge part of DevOps, and this is where SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) come in.
- SAST is like a grammar checker for your code, analysing it before it runs to catch vulnerabilities early. Tools like SonarQube (Sr) and Snyk (Sy) integrate with your developer’s workflow and “have your back” when it comes to spotting code ‘smells’, vulnerabilities or just plain difficult-to-read code.
- DAST, on the other hand, is more like a hacker-for-hire (but the ethical kind), poking and prodding your live applications to find weaknesses. Tools like OWASP ZAP (Ow) will actively or passively scan your web applications, searching out potential security flaws.
When used together, they create a security fortress, ensuring your code is more secure than a billionaire’s panic room.
- SOAR – The security Butler
Security Orchestration, Automation, and Response (SOAR) tools help automate cybersecurity responses, ensuring threats are handled before they become full-blown crises.
Tools like Splunk (Sp) can automatically respond to a security incident using pre-defined playbooks, a bit like the menu of the day, carefully planned and carefully crafted.
Think of SOAR as Alfred to your IT security Batman—calm, efficient, and always prepared for the next big security incident.
Why do IT professionals love TLAs so much?
TLAs are used in any sector that involves technical jargon, regulations, or complex processes. If you think IT is bad, speak to someone in the military. They host a colourful selection of acronyms, many of which I dare not repeat. However, my cleaner favourites include KFS (Knife, Fork, Spoon), MRE (Meals Ready-to-Eat) and OOO (Out of Oomph), used to describe a vehicle, aircraft, or soldier who has run out of energy, fuel, or motivation!
To newcomers, TLAs can feel overwhelming. But with time (and a little patience), you’ll be rattling off acronyms like a seasoned DevOps pro. And if you ever get lost? Refer to the DevOps Periodic Table—your handy guide to making sense of the madness!
If you have a question for Ant or the Triad team, please get in touch.
