What it is all about

As you all know, DevOps practices are all about continuous integration and deployment,  secure SDLC, test automation and observability. In this book, the authors are trying to describe the landscape of instruments used to implement that practices. Despite the name, the tools do not exclusively apply to the Java ecosystem. Although they do mention a lot of build tools like Ant and Maven and application frameworks(Spring Boot, Micronaut, Helidon) the overall practices can be applied to virtually any corresponding technology.

Diving deeper

The book starts with a description of why we need DevOps in the first place; shortly - to go fast and reliably. We want to push more features to production, while not experiencing noticeable outages. If we stop separating those goals but embrace the practices which allow doing both via using a single source of truth, managing everything via code, automating tests, paying close attention to security and frequently deploying software.

Then it continues to explain the idea of containers. They drive almost all modern software deployments(except mobile), and the book does a good job explaining how they work and how to use them.

Knowing this unit of deployment, the book discusses how to use continuous integration and usage of dependencies - be it java libraries or containers.

But then comes the interesting part about the supply chain. Our software is frequently a part of the software development lifecycle - for example if we develop a library used by other developers, or we produce software which gets installed on our customer's machines.  And here the book spends a large chapter explaining the security tactics applied to CI/CD including static and dynamic secure analysis, vulnerability scanning and managing secrets.

Additional respect for explaining the deployment practices and tackling such an under-discussed thing like mobile CI/CD pipelines.

Pros & Cons

I really appreciate the structured approach to describing the modern DevOps tools landscape starting with containers and ending with monitoring and mobile-related aspects.

However, I find a lot of this information a bit introductive.  If you keep up with modern practices chances are you already know the good half of it. I also am not a fan of providing maven listings right in the book - we are not supposed to retype those, right?


Good book for an overview. Totally recommend reading for all the engineers from interns to middle developers. Worth quickly going through for everybody else, including staff engineers and CTOs.