I’ve been leading software teams for more than 20 years and one thing I’ve learned about metrics is that leaders tend to put too much emphasis on engineering metrics alone, without considering the bigger picture. After speaking to a range of engineering industry leaders, and poring over millions of jobs processed from software teams worldwide, we found that the most insightful and relevant metrics fall into three categories: What metrics are meaningful for your team to measure?

For the past five years, CircleCI has hired third-party penetration testing firms that hammer our product releases or infrastructure at minimum every 90 days. To date, we’ve done more than 25 of these. Sometimes they cover new product features and other times they cover infrastructure.

Here’s a common situation that plagues many development teams. You run an application through your CI/CD pipeline and all of the tests pass, which is great. But when you deploy it to a live target environment the application just does not function as expected. You can’t always predict what will happen when your application is pushed live. The solution?

It’s often necessary to inject secrets into your build or deployment process so that the deployed service can interact with other services. This can be straightforward if you’re only deploying to a single environment. When deploying to multiple environments, though, you might need to dynamically inject different secrets depending on the environment to which you’re deploying.

Businesses around the world increasingly rely on the benefits of container technology to ease the burden of deploying and managing complex applications. Containers group all necessary dependencies within one package. They are portable, fast, secure, scalable, and easy to manage, making them the primary choice over traditional VMs. But to scale containers, you need a container orchestration tool—a framework for managing multiple containers.

Testing in isolation is known to be expensive. It’s time-consuming to execute thoroughly, and it typically requires a testing environment — sometimes multiple testing environments. That said, testing in isolation is undeniably effective.

If you work anywhere near the field of software development, you’ve likely already heard that you should always write code that is well-tested. Everyone wants to have well-tested code and for a good reason! Testing ensures our code is working as intended and protects against regression. Thoroughly testing code helps teams confidently ship software faster and with fewer issues.

Infrastructure as Code (IaC) is the practice of recording the desired state of your infrastructure using a declarative language. In this article, I’m going to assume that your team is starting from scratch. Maybe some of your build process has been scripted, and maybe there is some manual testing and quality assurance work happening. Many readers will find that they are midway through the IaC adoption journey I’ll describe, or that they have missed some steps.

In my interactions at industry events like AWS re:invent and KubeCon, I talk with a lot of developers. Devs often tell stories of things that prevent them from working quickly and efficiently. Many involve frustrating interactions with sys admins, SREs, or DevOps colleagues. One story I have heard several times involves a conversation like this: dev: Hey, SRE team. My build is failing and I don’t know what’s happening with the app in the build node.