1. Our Work
  2. Aviation
  3. Major American Airline
  4. DevOps
End-to-End Case Study
banner
DevOps
Major American Airline

Shortening delivery cycles with integrated security testing and DevSecOps implementation.

Talk to Us
Geo location
US (Central)
Platform
Web & Mobile
Engagement
8 Years
Industry
Travel
Service
DevSecOps & SRE
DevSecOps & SRE
Challenges

Despite rolling out 15-20 major releases every two weeks, the client’s security assessment was manual and occurred in a siloed manner after the development process concluded. Assessments were also conducted independently of each other, making it difficult to gather key insights. Moreover, it was tough for anyone other than test engineers to run tests or analyze the results.

Manual interventions caused bottlenecks
Isolated processes prevented insights
Lack of CI/CD pipeline integration
Loss of efficiency and accuracy
  • Our client rolled out 15-20 major releases every two weeks
  • The security assessment process was manual
  • The process was not integrated into the CI/CD pipeline
  • The assessments were also conducted in isolation and didn’t allow for broad-picture insights
Our Solution

Our client wanted to see exactly what software quality engineering in the airline industry could do. We understood the need to integrate quality software testing into the CI/CD pipeline to speed things up and gain insights across the testing process. Our software testing services team embedded a DevSecOps solution and a centralized platform for all tests, bringing security test automation into the CI/CD pipeline.

Solution Impact

1 Day

Reduction in release cycle time

Using a test automation framework

Enabled faster vulnerability identification and remediation

Integrating testing into the development pipeline

Improved release cycle time, integrated processes, and reduced infrastructure costs for security testing

Our Approach

We quickly realized that the client needed to introduce DevSecOps as a service into the entire development process. We introduced a CI/CD workflow that featured Static Application Security Tests (SAST) for code scanning at the CI stage and applied Dynamic Application Security Tests (DAST) for application scanning at the CD stage. We built a centralized platform using DefectDojo, to which the code scan results could be pushed. This created a single source of truth for assessing all vulnerabilities, resulting in a more comprehensive view of test results.

Our Approach
Top DevOps Mistakes to Avoid
Top DevOps Mistakes to Avoid
Read Blog
Brought in DevSecOps automation to integrate assessments

Focusing on application security was one of the major concerns of our client. While the airline conducted vulnerability testing for new software releases, it was done manually after the DevOps workflow. That meant that testing increased the delivery lifecycle, and there was no overall visibility of the security testing results. Vulnerabilities, if any, were picked up relatively late, further delaying releases and increasing manual rework.

To integrate software testing services for the airline, we introduced a DevSecOps automation strategy, so product assessments could be conducted during design and development in the CI/CD pipeline. We began with a Static Application Security Test (SAST) for code scanning and a Dynamic Applications Security Test (DAST) for app scanning. We also brought in a process to onboard apps into this pipeline.

Tech Stack
  • Tech Stack
  • Tech Stack
  • Tech Stack
  • Tech Stack
  • Tech Stack
Built a centralized platform to improve security scans

The lack of security assessment systems was a drawback for the client, as they failed to get an overview of how the apps performed. We built a dashboard using DefectDojo that would allow testers and those with security clearance to get an overview of the apps’ performance to take big-picture decisions. This created a single source of insight for assessing all the vulnerabilities across all apps, and every security scan was tracked in the app, allowing unprecedented oversight.

By proposing a more efficient approach to security testing, we enabled cost and time efficiency for the client – as well as significantly reduced the risk of any vulnerabilities making it into production applications.

Built a centralized platform to improve security scans
Business Impact

We folded assessments into the development process instead of being a separate task after development, and our dashboard enabled the client to identify and rectify vulnerabilities at a faster rate. Our DevSecOps solution shortened the release cycles, saved the developers’ and testers’ time, and provided for early identification and remodification of the vulnerabilities.

24 hours Reduced security scan times

Our DevSecOps solution allowed the client to bring out new releases faster than ever.

Enabled faster vulnerability identification

Our custom dashboard gave the client clear test results and an overview that they missed before integrating software quality engineering.

Reduced infrastructure costs

The reduced times and the improved QA in the aviation development process give the client tangible benefits in their bottom-line figures.

Talk to us
Events at ValueLabs
10 Dec 2020
The need for speed: A tale of DevOps and Microservices

Learn how to create an effective integration strategy for your IT infrastructure.

Register Now
View all

Related Resources

Scalability, Observability, and Availability: A Guide to SRE and DevOps
Blog
date-icon3 Min read
Scalability, Observability, and Availability: A Guide to SRE and DevOps
Read story
Revolutionizing the travel industry in a hyperconnected world
Datasheets
date-icon5 Min Read
Revolutionizing the travel industry in a hyperconnected world
Download
Top DevOps Mistakes to Avoid
Blog
date-icon4 Min Read
Top DevOps Mistakes to Avoid
Read story
Read more
Contact us
Talk to a member of our team about your business, your goals, and how we can help
What Happens Next?

01

Our sales managers reach out to you within a few days

02

Our experts set up a meeting to understand your requirements

03

We estimate and propose project efforts and timelines