On the surface, the shift-left attack — which encourages DevOps teams to statesman processes specified arsenic investigating and information arsenic aboriginal successful the bundle improvement lifecycle (SDLC) arsenic imaginable — whitethorn look similar a boon to developers. Theoretically, shift-left saves developers clip and effort by reducing the magnitude of enactment they request to execute aboriginal successful the SDLC.
But viewed from different angle, shift-left is simply a menace to developers. Even erstwhile teams instrumentality shift-left processes with the champion of intentions, their inaugural tin person the perverse effect of making developers' jobs harder, not easier.
This is not to accidental that the shift-left attack is simply a atrocious thought and that nary 1 should bash it. But it is to accidental that determination are imaginable downsides to shift-left improvement strategies — particularly for developers — and it's important to see those problems earlier shifting everything successful your SDLC near and proclaiming your squad a champion of modern improvement champion practices.
What Is Shift-Left?
Shift-left is the signifier of starting assorted types of bundle improvement processes earlier successful the bundle improvement lifecycle than erstwhile those processes person traditionally begun.
For example, if you displacement information left, you marque information a precedence starting with erstwhile codification is designed, alternatively than waiting until aft an full exertion has been built to statesman addressing information risks.
Likewise, if you shift bundle investigating left, you statesman investigating bundle for prime and show requirements arsenic soon arsenic you constitute codification — arsenic opposed to moving tests conscionable anterior to deploying the exertion into production, which is the much accepted approach.
Shift-Left Benefits: Theory
In theory, shift-left is beneficial due to the fact that it allows teams to observe problems earlier successful the SDLC. That's invaluable because, successful general, problems are easier to hole erstwhile you find them early.
For example, if developers place an input validation hazard wrong recently written root code, they tin simply update the root codification to hole the problem. Remediating this benignant of contented would beryllium overmuch harder if the occupation remained undetected until the root codification had already been built and different codification had been written that depends connected the problematic root code. In that case, developers would perchance person to marque much expansive changes to their codification to hole the problem. They'd besides person to recompile the codification aft making those changes.
The shift-left attack besides offers the payment of expanding the chances of detecting problems earlier buggy oregon insecure codification reaches extremity users. The earlier you statesman validating your code, the little the hazard that you'll deploy it earlier uncovering problems.
Shift-Left Benefits: Reality
It's surely existent that, successful general, shifting processes near saves wealth and reduces the hazard of introducing superior bundle problems into accumulation environments.
On the different hand, determination is simply a ample imaginable disadvantage of shift-left practices: They summation the load placed upon developers due to the fact that they necessitate developers to enactment successful workflows that would traditionally person fallen to different types of engineers.
For instance, show investigating is simply a occupation that has conventionally fallen to prime assurance (QA) engineers. Developers handed codification disconnected to the QA team, and the QA squad tested it. But if an enactment wants to displacement show investigating near by moving tests connected codification arsenic soon arsenic the codification is written, it either has to necessitate developers to tally those tests oregon find a mode to embed QA engineers wrong improvement teams truthful that the QA engineers tin tally tests whenever caller codification emerges. Either way, developers extremity up having to bash much work.
The aforesaid goes for shift-left security. While it's surely not a atrocious happening to inquire developers to deliberation astir information successful the aboriginal stages of the SDLC, shift-left information tin crook into a strategy wherein developers are expected to go experts successful information investigating and optimization — expertise that falls extracurricular the scope of the accepted developer's accomplishment set.
A 2nd occupation is that taking a shift-left attack means that developers are much apt to extremity up successful the enactment of occurrence erstwhile thing goes wrong. If you inquire developers to go QA and information engineers successful summation to developers, it becomes easier for existent QA engineers and information engineers to blasted their organization's developers for show oregon information problems.
That's a departure from accepted approaches, wherein developers mightiness person been asked to code problems whose basal causes were tied to codification they wrote, but they didn't look arsenic overmuch unit to cleanable their codification from the commencement due to the fact that they weren't expected to beryllium experts successful domains that widen beyond development.
When You Shift Left, Remember the Developers!
None of the supra means that shifting processes near is an inherently atrocious idea. Shift-left does connection existent benefits.
But it besides poses a definite magnitude of hazard to developers, and excessively galore conversations astir shift-left disregard those risks. Organizations that privation to displacement near efficaciously request to deliberation astir the added load that shifting near places upon their improvement teams and instrumentality steps to guarantee that shifting near doesn't extremity up creating much enactment for developers than it saves.
They tin bash this by specifically defining however they displacement processes left. Too often, shift-left initiatives are vaguely defined, starring to situations wherever determination are nary limits connected what developers tin beryllium asked to bash to beforehand the shift-left agenda. Instead of making shift-left an open-ended process, teams should make plans that say, "Developers volition bash A, B, and C, and QA engineers volition grip X, Y, and Z," for example.
It's besides important to marque definite that blameless culture goes hand-in-hand with shift-left initiatives. In a blameless culture, the squad arsenic a full shares corporate work for problems. Blameless civilization reduces the hazard of fingers being pointed astatine developers unsocial erstwhile the squad makes mistakes.
Ultimately, shift-left should prevention developers — on with everyone other — clip and effort portion besides facilitating the instauration of amended software. But that lone happens erstwhile teams enactment to guarantee that shift-left doesn't go a drain connected developer productivity.
About the authorChristopher Tozzi is simply a exertion expert with taxable substance expertise successful unreality computing, exertion development, unfastened root software, virtualization, containers and more. He besides lectures astatine a large assemblage successful the Albany, New York, area. His book, “For Fun and Profit: A History of the Free and Open Source Software Revolution,” was published by MIT Press.