Welcome to the second edition of our Technical Development Progress Report where we’ll dive deeper into our #devsecops squad and see what more the Klever tech team is building, optimizing & launching.
This week I’m feeling so excited to keep in touch with our amazing community through this channel, keeping you posted about what we are doing behind the scenes.
The Klever tech team kept a great performance and high productivity throughout all squads and products over the past week. But today, I will talk a little bit deeper about one of the most crucial squads and teams in Klever and new to this progress report: #DevSecOps.
Before we talk about the #devsecops squad let me clarify that here at Klever, our entiere tech team is organized in squads focused on different products as well as technical components.
You might also like
We have numerous squads dedicated to specific products, and other squads consisting of tech specialists and experts in their fields of blockchain engineering, security architecture and computer programming.
For instance, the Klever Exchange squad has cross specialists like #devsecops, #QA (Quality Assurance) and #UI (User Interface), in addition to frontend, backend and fullstack software engineers and specialists, as well as product managers.
This squad is fully focused on aggregating value to the Klever Exchange business and have the full power and resources at their disposal to achieve their goals.
We also have the #devsecops squad that is fully focused on developing the infrastructure tech and expand the software architecture used by the whole company, across all Klever apps and products. We call this model as “squads of squads” and it’s Klever’s own model of the well known “Autonomous Squads” developed by Spotify.
All squads, from #HR to #devsevops are lead by managers using agile methodology with weekly or bi-weekly sprints. The whole company works like a clock taking advantage off the agile methodology to keep the products on track with the community needs and market changes.
So, finally lets talks about our #devsecops squad. This amazing group of passionate professionals is composed by mixed specialists:
Cyber Security Specialists
DevOps Engineers
Site Reliability Engineers
Cyber Security Specialists are focused on keeping all the systems and infrastructures safe and compliant with the Klever products’ business needs. So, they do constant and repeated penetration tests, ethical hacking and code analysis to ensure that we are safe! An essential part of our cyber security architecture and a crucial component in keeping our global users secure.
DevOps Engineers are focused in promoting the code from software engineers to production. So they are responsible to design and implement the process and tools needed to integrate the code with the guarantees defined by #QA, #cybersecurity and products managers, based on business values and needs collected from stakeholders and community members.
Site Reliability Engineers are focused in aggregating the best user experience in terms of the use of the tech and infrastructure. So, they are responsible for:
Attacking the infrastructure as software engineers
Developing automation tools to react to IT infrastructure common issues
Building software to make IT and support better at their jobs
Fixing support escalation issues
Documenting best practices for software design
Improving software performance and conducting post-incident reviews.
Lets see what #devsecops squad have been doing:
Code Analysis (SAST, DAST and SCA): We are testing several tools (8 at the moment) and realized that as Golang is not as mature as other languages on the market such as Java, JavaScript or Python, and most of paid tools available on the market will not work as expected. Relying on multiple OSS (Operations Support Systems) seems promising but as an organization we need a central platform to manage issues discovered by such solutions, Embold (https://embold.io) delivers this exact experience.
Infrastructure Analysis: For this we are testing only Palo Alto and very happy with initial results, this tool deliver to us features like:
Policy Enforcement: Ensure cloud configurations and workloads are running on settings provided by publicly known or user customized rules.
Compliance Enforcement: Ensure cloud configurations and workloads are running on settings by publicly known Compliances and Certificates, such as: PCI-DSS, LGPD, GDPR and many others.
On-Call Operators Shift: We’ve integrated our monitoring system with Squadcast (https://www.squadcast.com) on-call management system and established an off business hours schedule for operators to be available to resolve technical issues and have defined more efficient escalation policies to ensure that every incident will be solved very fast.
Blockchains Status Page: We have made available status pages about our public services automatically built for us to share with stakeholders, internal or external. (https://chain-status.klever.io)
Notification on Blockchains Releases: For us to automate upgrades of our blockchain managed nodes, first we will build an events source for new versions release of such resources. We are currently testing an OSS that will notify us whenever a new version is available.
Load Test on Exchange Manager Service: To be sure we don’t stumble upon bottlenecks after we publicly release the Exchange app, we are running load tests on exposed services, which are directly accessed by users and feeding back to developers enhancements that can be done for us to be highly scalable.
Klever DevSecOps
Here follows the weekly progress of Klever’s other products and technical squads.
Klever Exchange
Klever Exchange Part 2
Klever Wallet App
Klever Bank
Klever Workspace
Klever Bots
I hope you have enjoyed hearing more about #devsecops this week and the general technical progress made by our team. I can’t wait to see you next week!
Sincerely,
Bruno Campos
CTO at Klever
