With the rise of DevOps, low-cost cloud computing, and container technologies, the way Java developers approach development today has changed dramatically. This practical guide helps you take advantage of microservices, serverless, and cloud native technologies using the latest DevOps techniques to simplify your build process and create hyperproductive teams.

Stephen Chin, Melissa McKay, Ixchel Ruiz, and Baruch Sadogursky help you evaluate an array of options. The list includes source control with Git, build declaration with Maven and Gradle, CI/CD with CircleCI, package management with Artifactory, containerization with Docker and Kubernetes, and much more. Whether you're building applications with Jakarta EE, Spring Boot, Dropwizard, MicroProfile, Micronaut, or Quarkus, this comprehensive guide has you covered.

  • Explore software lifecycle best practices
  • Use DevSecOps methodologies to facilitate software development and delivery
  • Understand the business value of DevSecOps best practices
  • Manage and secure software dependencies
  • Develop and deploy applications using containers and cloud native technologies
  • Manage and administrate source control repositories and development processes
  • Use automation to set up and administer build pipelines
  • Identify common deployment patterns and antipatterns
  • Maintain and monitor software after deployment

Table of Contents

  1. 1. DevOps for (or Possibly Against) Developers
    1. DevOps is an entirely invented concept, and the inventors came from the Ops side of the equation
    2. Exhibit #1: The Phoenix Project
    3. Exhibit #2: The DevOps Handbook
    4. Google It
    5. What Does It Do?
    6. State of the Industry
    7. What Constitutes Work?
    8. If We’re Not About Deployment and Operations, Then Just What Is Our Job?
    9. Just What Does Constitute Done?
    10. Rivalry?
    11. More Than Ever Before
    12. Volume and Velocity
    13. Done and Done
    14. Fly Like a Butterfly…
    15. Integrity, Authentication, and Availability
    16. Fierce Urgency
    17. The software industry has fully embraced DevOps
    18. Making It Manifest
    19. We all got the message
  2. 2. The System of Truth
    1. Three Generations of Source Code Management
    2. Choosing Your Source Control
    3. Making Your First Pull Request
    4. Git Tools
    5. Git Command Line Basics
    6. Git Command Line Tutorial
    7. Git Clients
    8. Git IDE Integration
    9. Git Collaboration Patterns
    10. git-flow
    11. GitHub Flow
    12. Gitlab Flow
    13. OneFlow
    14. Trunk Based Development
    15. Summary
  3. 3. Dissecting the Monolith
    1. Monolithic architecture
    2. Granularity and functional specification
    3. Cloud Computing
    4. Service Models
    5. Microservices
    6. Definition
    7. Anti-Patterns
    8. DevOps & Microservices
    9. Microservice Frameworks
    10. Spring Boot
    11. Micronaut
    12. Quarkus
    13. Helidon
    14. Serverless
    15. Setting Up
    16. Conclusion
  4. 4. Continuous Integration
    1. Adopt Continuous Integration
    2. Declaratively Script Your Build
    3. Build With Apache Ant
    4. Build With Apache Maven
    5. Build With Gradle
    6. Automate Tests
    7. Run Unit Tests Automatically
    8. Monitor and Maintain Tests
    9. Speed Up Your Test Suite
    10. Continuously Build
  5. 5. Package Management
    1. Why build-it-and-ship-it is not enough
    2. It’s all about metadata
    3. What’s metadata?
    4. Determining the metadata
    5. Capturing metadata
    6. Writing the metadata
    7. Dependency management basics for Apache Maven & Gradle
    8. Dependency management with Apache Maven
    9. Dependency management with Gradle
    10. Dependency management basics for containers
    11. Artifact Publication
    12. Publishing to Maven Local
    13. Publishing to Maven Central
    14. Publishing to Sonatype Nexus
    15. Publishing to JFrog Artifactory
  6. 6. Securing Your Binaries
    1. Supply Chain Security Compromised
    2. What Happened at SolarWinds?
    3. Security from the Vendor Perspective
    4. Security from the Customer Perspective
    5. The Full Impact Graph
    6. Securing your DevOps infrastructure
    7. The Rise of DevSecOps
    8. The Role of SREs in Security
    9. Static and Dynamic Security Analysis
    10. Static Application Security Testing
    11. Disadvantages of the SAST approach
    12. Dynamic Application Security Testing
    13. Comparing SAST and DAST
    14. The Common Vulnerability Scoring System
    15. CVSS Basic Metrics
    16. CVSS Temporal Metrics
    17. CVSS Environmental Metrics
    18. CVSS Summary
    19. Extent of Security Scanning
    20. Time to Market
    21. Make or Buy
    22. One-time and Recurring Efforts
    23. How much is enough?
    24. Compliance versus Vulnerabilities
    25. Compliance Issues: Singular Points in your Full-Stack
    26. Vulnerabilities: Can be Combined into Different Attack-Vectors
    27. Vulnerabilities: Timeline from Inception Through Production Fix
    28. Test Coverage is your Safety-Belt
    29. Security scanning as a Promotion Quality Gate
    30. Fit with Project Management Procedures
    31. Implementing Security with the Quality Gate Method
    32. Risk Management in Quality Gates
    33. Practical Applications of Quality Management
    34. Shift Left to the CI and the IDE
    35. Not All Clean Code is Secure Code
    36. Effects on Scheduling
    37. The Right Contact Person
    38. Dealing with Technical Debt
    39. Advanced Training on Secure Coding
    40. Milestones for Quality
    41. The Attacker’s Point of View
    42. Methods of Evaluation
    43. Be Aware of Responsibility
  7. 7. Mobile Workflows
    1. Fast-paced DevOps workflows for mobile
    2. Android Device Fragmentation
    3. Android OS Fragmentation
    4. Building for Disparate Screens
    5. Hardware and 3D Support
    6. Continuous Testing on Parallel Devices
    7. Building a Device Farm
    8. Mobile Pipelines in the Cloud
    9. Planning a Device Testing Strategy
    10. Summary
  8. 8. Continuous Deployment Patterns and Antipatterns
    1. Why Everyone Needs Continuous Updates
    2. User Expectations on Continuous Updates
    3. Security Vulnerabilities Are the New Oil Spills
    4. Getting Users to Update
    5. Case Study: Java Six Month Release Cadence
    6. Case Study: iOS App Store
    7. Continuous Uptime
    8. Case Study: Cloudflare
    9. The Hidden Cost of Manual Updates
    10. Case Study: Knight Capital
    11. Continuous Update Best Practices