 Hi, this is your host, Sapnil Bhartya. And today we have with us Tracy Miranda, Executive Director of the CD Foundation. Tracy, first of all, welcome to the show. Thanks, Sapnil. Great to be here. Let's start with the continuous delivery. How would you define continuous delivery? Also, what about the CI part of it? Because when we talk about it, we always say CI CD. Yes, for sure. So continuous delivery, we define that as it's a software engineering approach in which teams work in short cycles and they ensure that the code is always released at any point in time. Now, traditionally, people tend to speak a lot about continuous integration and continuous delivery, so CI CD. Now, continuous integration is when developers regularly commit at least once a day to a mainline and keep that mainline up to date. But I see continuous delivery as really this umbrella of all the practices you need to keep that software ready to be released at any time. So that includes continuous integration. It includes security features. It includes testing and a general set of practices. Awesome. And if you look at the continuous delivery, it's not a problem to be solved. It's already a solved problem. But it was a lot of patchwork. It was a lot of do-it-yourself. You have to build Jenkins and all those things. But then Spinnaker came, which is a lot of things. And now we have a foundation. So can you talk about what role is the foundation playing in this space? So while we know a lot about continuous delivery today and we appreciate that it is really important because it makes such a difference to every business today, not just software companies, but banks or health care industry. But what we find in practice is that the adoption of continuous delivery practices is super, super low. Like many people think they're doing it, but maybe they're doing some continuous integration and they haven't quite figured out how to get through automation. And then to top it off, what makes things even more complicated is very recently we've seen the rise of microservices and cloud-native technology. And now, while these give us huge benefits in terms of scalability and making it easier to work on separate parts of the application, that has also resulted in just increased challenges, like a proliferation of environments and teams having to contend with all these different parts that make up an application. So the Continuous Delivery Foundation is really there to help support teams and organizations in their adoption of these practices, both from the sense of taking advantage of open-source projects in this space. But also, we're working towards democratizing the best practices. And we actually have a very recent working group that's spun up to help anyone in this space get better at delivering software. You mentioned earlier security. And security is really becoming a serious concern. It's no longer an afterthought. Mostly when we look at any hacks or systems compromised, in most of the cases, it's about unpassed software. The patches are there. In most cases, open-source. The patch is there, but it was never applied because most companies still have that engine model for. When you have already applied something on billions of machines, it's really hard. So if we make security as part of developers' workflow, it becomes easier. So talk about the roles CD can play in further improving security. Yes, for sure. Security is a super top concern. And I think there are lots of different elements to this. So on the one hand, what we want to make sure is, like we talk a lot about shift left of security. And really, we need to be making sure the security professionals and the folks focused on security are really tightly involved with the rest of the team. So there's no silos. People don't regard security as someone else's problem. Security starts with the developers. And then as an industry, I think, separate from how companies organize themselves around DevSecOps and building better teams, as an industry, I think it's really important that we work together to solve the industry-level problems. I think you raise a good point there when you say, in many cases, these patches haven't been applied, but the fixes are out there, which kind of makes you think, like, is security and actually an outreach problem? Do we need to be better at telling people, update to this release? It's super important. This is why you do it. And making sure we cut through the noise of all the different messaging they're hearing. And I think that's another example where something like the Continuous Delivery Foundation can make a difference in addressing these broad industry problems that we all have to kind of come together to tackle. And since we're talking about the problem, one more thing is that microservices, they are everywhere, but companies are kind of facing a challenge for the consistent release strategies on a scale. And at times, they're not prepared for it. So can you talk about, within the ecosystem or as part of the foundation itself, what is being done around solving the problem of continuous delivery for microservices? That's a great question. And we definitely have kind of this big split of folks who are used to delivering a monolith and they have their existing setup, all geared towards supporting that. And then a number, and this is increasing every day, a number of folks who are trying to take advantage of microservices and then all the implication that means. So one of the hot topics that's emerged for us is configuration management. And how we think about this is before your application, the scope of it was very well-defined. But now with microservices, the definition of an application changes. It's a set of microservices. How do we talk about which version of each microservice goes into a specific app? And then how do we manage if we are continuously pushing code and integrating that? How are those different versions changing relative to each other and how are we testing that all together? So we've definitely seen configuration management as a really hot topic and people are looking at tooling in the space. I think we have a couple of interesting projects that might be coming in the pipeline to CDF as well that will specifically help to drive visibility into this space and give people just better tooling to manage all the dependencies around microservices. One more thing, as you're saying or talking earlier that there are so many projects or open source tools for CD, which may also lead to a problem of interoperability. So first of all, how big is the concern for the foundation and what are you doing to kind of increase interoperability within these tools? Yeah, so interoperability is one of those interesting kind of problems where if you're just working in your own organization, sometimes it's not really a problem until perhaps it's time to adopt a new tool or add something into your workflow. But if we step back and look at the industry as a whole and take a look across the whole landscape, at the moment it's hugely fragmented. There's a lot of tools doing similar things. It's very difficult for people to move from different CI tools or different pipeline orchestration tools without having to go through a lot of pain to figure out how to do that. So it's a big problem because then also tool providers are having to kind of implement plugins for different systems and it's kind of a waste of time and it slows down innovation when we could be kind of moving up the stack. So I think where we're at today, there's a greater appreciation from, well, increasingly end users as well, about saying, OK, we want to simplify this. We want to find better ways for tools to interoperate. And actually, at CDF, one of the very first special interest groups we had was an interoperability working group. And this is just a set of like-minded folks who got together and said, hey, as an industry, we should be better and we can be better and we're all going to get talking and we're going to figure that out. And it's a really good group because we've got the folks who build the projects like the Jenkins X and Tecton and Spinnaker. And we've also got a lot of end user members represented. And that perspective comes in. So we've got folks from companies like Ericsson and eBay and they make sure that as the problems are being solved, they really apply to real world use cases. So it's an open group and people are welcome to join those conversations. There's a lot at the moment about maybe standardizing interfaces or metadata. Why can't we have a standardized way to express all the metadata around a release or all the metadata around a set of testing results? So yeah, I'm really excited about what this group is doing and look forward to if they can really achieve this very, very difficult goal and just bring some consolidation around the tooling. One last question before we wrap this up is COVID-19. How has COVID-19 affected continuous delivery? Yeah, no, I think great question. So it has definitely increased. Like we've seen some surveys which say, it talked about what people were expecting to do in terms of cloud adoption and continuous delivery adoption, and all those numbers have increased in terms of the expectation of how they're going to accelerate that adoption. And I think it's become pretty clear to companies things like the pandemic have emphasized the need to be more resilient. They've emphasized the need to adapt quickly and they've emphasized that most organizations are going to evolve to be very distributed. And so for all these things, continuous delivery practices work really well. They enable all those things and they make all the difference and actually the companies who are already doing these practices have a significant advantage in times like these. So it will be really interesting and I think one of the benefits we have as a foundation is that open source has always been about that collaboration at scale and in distributed way. So we're hoping we can take kind of all those lessons and marry open source practices to continuous delivery practices and really just make it easier for everybody to adopt them. It shouldn't just be kind of elite few companies who could do it. It should be something that's possible and achievable for every company and every organization out there. Tracy, thank you so much for taking time out and talk to us today about the foundation continuous delivery and I would love to talk to you again. So thank you. Thank you so much for having me. It's been my pleasure to share what we are up to.