At the same time, delays in delivery can result in lagging behind the competition. These factors are increasingly presenting themselves as significant business risks highlighting the importance of implementing continuous testing. It will pay dividends to consider early your supporting technology such as your network, firewalls and IAM, access controls and policies . Many topics will come out of your initial experimentation with Kubernetes, so ensure you keep track of these – they are the ‘breadcrumbs’ you will follow as you move towards cloud native. This will include RBAC policies, load balancer and/or ingress configuration, cluster dashboards, privileged access (or lack thereof!) and container logging. Your aim is to move away from ‘pets’ to ‘livestock’ so you invest in declarative solutions for your Infrastructure as a Service with Infrastructure as Code tooling.

ci cd maturity model

Multiple backlogs are naturally consolidated into one per team and basic agile methods are adopted which gives stronger teams that share the pain when bad things happen. The levels are not strict and mandatory stages that needs to be passed in sequence, but rather should serve as a base for evaluation and planning. Continuous Delivery is all about seeing the big picture, to consider all aspects that affect the ability to develop and release your software.

What is a Continuous Delivery Maturity Model?

At this stage it might also become necessary to scale out the build to multiple machines for parallel processing and for specific target environments. Techniques for zero downtime deploys can be important to include in the automated process to gain better flexibility and to reduce risk and cost when releasing. At this level you might also explore techniques to automate the trailing part of more complex database changes and database migrations to completely avoid manual routines for database updates. A typical organization will have one or more legacy systems of monolithic nature in terms of development, build and release. To ensure repeatability and control, database changes are done through code or scripts stored in version control, fully automated, versioned, and performed as part of the deployment process.

If your system is not designed to support quick, frequent, and easy testing, you will end up with bottlenecks no matter what. In above model “Test and Verification” area talks about having automated functional tests, integration tests. The answer is NO because we need enough automated tests to claim the maturity. Test prioritization usually means running your project’s unit tests first since those tend to be quick, isolated, and component focused.

ci cd maturity model

Continuous integration, delivery, and deployment, known collectively as CI/CD, is an integral part of modern development intended to reduce errors during integration and deployment while increasing project velocity. CI/CD is a philosophy and set of practices often augmented by robust tooling that emphasize automated testing at each stage of the software pipeline. By incorporating these ideas into your practice, you can reduce the time required to integrate changes for a release and thoroughly test each change before moving it into production. At the base stage in the maturity model a development team or organization will typically practice unit-testing and have one or more dedicated test environments separate from local development machines.

Five levels

Also, it is far more unlikely that merges when committing will be required due to several developers making changes to the same code, and allows developers to commit changes more often while still maintaining stability. In fact, in a recent survey, we conducted of over 200 IT decision-makers, cultural and organizational issues were the most often stated challenge they experienced during their DevOps implementation. You will have a limited set of documented policies in place to support services you’re building in the cloud. By level 5, you will have achieved full policy maturity, however your mileage may vary.

ci cd maturity model

Since the CI/CD system has complete access to your codebase and credentials to deploy in various environments, it is essential to secure it. Due to its high value as a target, it is important to isolate and lock down your CI/CD as much as possible. The tension between these two requirements can be difficult to balance.

Ci Cd Maturity Model

DevSecOps – Skipping out on security puts customers, brand, and bottom line at risk. That’s where DevSecOps comes in, bringing security to the entire application without slowing down the production pipeline. You surely must have completed your DevOps journey by this point… The reality is there really is no end to the path towards DevOps maturity. DevOps is about continuous improvement, and with each new day, DevOps continues to evolve. Service virtualization is leveraged for testing components that are unavailable or difficult to access for development purposes.

  • While integration tests are component specific, acceptance tests typically span over several components and across multiple systems.
  • From an operational security standpoint, your CI/CD system represents some of the most critical infrastructure to protect.
  • Constant feedback about the architecture state is received automatically.
  • While automation plays a key role in the effectiveness of DevOps processes, it can yield results only when based on well-defined workflows.
  • In this category we want to show the importance of handling this information correctly when adopting Continuous Delivery.

Now we know about two critical pieces of information so let’s look at how to choose your practices or assessment metrics for the model. The suggested tools are the tools we have experience with at Standard Bank. The tools listed aren’t necessarily the best available nor the most suitable for your specific needs. You still need to do the necessary due diligence to ensure you pick the best tools for your environment.


The level of CI maturity that a company achieves depends on a number of factors, including the company’s size, the type of software it develops, and the culture of the organization. The idea allows one to run various types of tests at each stage and complete it by launching with the deployment of the system in the actual product that end-users see. Every successful and well-organized modern software project requires a combination of continuous integration and continues delivery . Continuous delivery is a widespread software delivery practice used by IT companies to provide custom functions in a faster, safer, and more permanent way. Recognizing that there were opportunities to optimize the pipeline for higher productivity, we began our journey toward continuous deployment.

A high level of DevOps maturity would be indicated by a culture that is open to change and willing to experiment with new approaches. Another approach is to look at the results that you are achieving with DevOps. A high level of DevOps maturity would be indicated by improved quality, shorter cycle times, and reduced costs. One common approach is to look at the number of DevOps practices that are in use at your company.

Continuous improvement mechanisms are in place and e.g. a dedicated tools team is set up to serve other teams by improving tools and automation. At this level, releases of functionality can be disconnected from the actual deployment, which gives the projects a somewhat different role. A project can focus on producing requirements for one or multiple teams and when all or enough of those have been verified and deployed to production the project can plan and organize the actual release to users separately. At the advanced level you will have split the entire system into self contained components and adopted a strict api-based approach to inter-communication so that each component can be deployed and released individually. With a mature component based architecture, where every component is a self-contained releasable unit with business value, you can achieve small and frequent releases and extremely short release cycles.

DevOps will have to learn to address the challenges of building, testing and deploying applications in multi-cloud environments in order to leverage these benefits. To ensure rapid release cadence, there is no branching in source control, and no feature branch lives longer than a day. All changes related to the application are stored in version control, including infrastructure, configuration, and database. It is best practice to try to automate the build and testing processes in order to find bugs early and not waste time with needless manual activities.


You can try an existing or monolithic application if this makes sense, as this will flush out tooling and dependencies you’ll have for your journey to cloud native, such as kubectl, network connectivity and other topics. CI roadmaps are important tools that help organizations track and plan their progress on CI initiatives. Roadmaps help organizations visualize their goals and strategies, and they can also help identify and track the progress of individual projects and tasks.

In the following four sections, we discuss why each of these key factors is critical for getting the most out of your efforts, and show you what DevOps maturity looks like. Before you begin this journey, take the time to compare your own organization’s maturity in these areas against the best practices listed in each section, and take note of the areas you need to focus on. This will provide you with the best possible roadmap for adoption efforts. We also share a client’s story and how we assisted them in maturing their DevOps practices. Managing a cluster with Infrastructure as Code is different to managing application release and deployment, however many of the same techniques and tools will be common to both.

CI/CD Maturity Model

For teams just embarking on the CD journey, it can be a daunting task to try and make sense of all the frameworks, practices, tools, buzzwords and hype out there. It can also be difficult to figure out how the team is progressing on this journey. Your maturity model creates a spectrum upon which organizations can place themselves, as well as set a target for the future.

If you already have cross functional Agile teams then you can ignore Culture and Organization area. The idea is to keep your model crisp and to the point so that stakeholder don’t invest their time in looking something which they know is already working well or not required. Mostly I have seen 5 levels of maturity however I have defined 4 levels of maturity for my organization. The goal of this guide is to first and foremost highlight the practices required for CD. The tools simply help with the adoption of the practice; the simple rule being that we should never build a process or practice around a tool, the tool must rather make the process or practice easier or more efficient. Not directly it’s original intention, but I intend to use your model as a grading tool in a semester on DevOps at a University of Applied science in the Netherlands.

CI/CD (Build, Deployment & Release)

At this level you will most likely start to look at gradually automating parts of the acceptance testing. While integration tests are component specific, acceptance tests typically span over several components and across multiple systems. The design and architecture of your products and services will have an essential impact on your ability to adopt continuous delivery. If a system is built with ci cd maturity model continuous delivery principles and a rapid release mind set from the beginning, the journey will be much smoother. However, an upfront complete redesign of the entire system is not an attractive option for most organizations, which is why we have included this category in the maturity model. CI/CD helps you build, test and deploy applications based on modern software development practices.

We often use the term ‘shift left’ to refer to bringing a practice, whether relating to testing or security, into a process as early as possible. Once you have defined your goals and strategies, you need to identify and track the individual projects and tasks that will help you achieve them. This can include everything from setting up a CI pipeline to automating your testing process. At Devbridge, we recognized the value of complete deployment automation and resolved to include continuous deployment as part of our processes and best practices. As a first step, we explicitly took inventory of the build process to pave the way for successful continuous deployment. Some differences between staging and production are expected, but keeping them manageable and making sure they are well-understood is essential.