How Jenkins is the epicenter of DevSecOps for Gainsight?

Shubhambhalala
4 min readMar 14, 2021

Gainsight is a software company that develops tools and software for their clients that helps them to find data-driven insights, carry out surveys and campaigns, give them views and health scores of the customers to understand trends and risks, advanced forecasting, business intelligence, etc. They have different platforms or software for the above-mentioned services. One of them is called Customer Experience (CX).

Customer experience software that combines surveys and customer journey orchestration, with data science and analytics to help businesses deliver a best-in-class experience to their customers.

Challenge:

While handling customer data from all over the world and providing insight based on that data, one must think of the security, scalability, and flexibility of the platform to support smart communication and integration. To solve this problem one should adapt to use and maintain the Infrastructure-as-a-code approach while keeping in mind the integration of different tools and programming languages with the platform.

In this era of the internet, true power comes when you have “data”. More the data you have, the more powerful and rich you are, and with comes great responsibility. So, to secure the platform they need to adapt to something agile and flexible, they need to build a platform with is flexible, secure, and scalable. This is termed into a recent terminology called DevSecOps.

Solution:

A flexible and scalable DevSecOps infrastructure that provides keener operational insight, ease of collaboration, and the ability to accelerate releases to stay a step ahead of the competition. They need a very flexible platform for CI and CD (deployment) operations. The company found out that Jenkins is the best for their use-case and it is indeed true. Jenkins has a plethora of plugins support for almost all the technologies available in the CI and CD world, any company who needs to deploy their platform which has huge flexibility Jenkins is good to go. We will see in this article that, Jenkins is widely used with the plugins, Gainsight uses almost all the plugins of the technology they are integrating on their platform.

Gainsight has more than 70 microservices deployed, and maintaining them on every release is very time-consuming manually. We dedicatedly need a testing team and developer team to figure out the bugs and fixing them, having this on one platform just makes this a hard way. Sometimes, a single line of code can take almost a week to be solved.

So, Gainsigth has used a tool called Gerrit it’s a free web-based application to review tools with the version-controlling system from GitHub. To have this all integrated, they use the Gerrit plugin in Jenkins. To verify additional quality standards, the team has also included Sonar. Additionally, they use Allure reports and JaCoCo plugins to check the code coverage and test suite information.

During the Major Release Regression cycle, deployments to 70 applications are triggered by Jenkins per a predefined schedule by Jenkins. At the same time, the required inputs needed by each job are provided by the database.

Their other major goals included simplifying communication and collaboration. Gainsight achieved that with the help of Jenkins, as it helps them reduce single-person communication by integrating with Slack and emails. It’s the best example of ChatOps.

ChatOps can easily solve the DevOps problem by timely updates. They also had issues with automatic Jira tickets, so they used a custom-built Jira Plugin working with Jenkins.

The team’s biggest challenge was figuring out how to efficiently handle regression testing on microservices for recurring major release cycles. Gainsight has a few legacy Jenkins build nodes that are used only for specific builds. Since these legacy systems can not be terminated, the team uses Jenkins REST APIs to build auto-scaling, rather than the AWS EC2 plugin.

Streamlining secure, efficient deployment was of paramount importance for the team. For that, they chose to enable their deployments with security tools that perform DAST analysis on the application. All deployment results, from project information to current status to commits, etc., are stored in the database. This allows them to compare deployed code with the latest code before launching the deployment for microservices. So, if the latest commit in a project is identical to a previously successful build for microservices, the team can ignore deployment for that specific microservice, thus eliminating unnecessary deployment iterations.

Results:

  • infrastructure costs reduced by 40%
  • builds are 30% faster
  • better and seamless communication on builds and releases
  • 95% of infrastructure scalable with code
  • virtually no more manual processes

--

--

Shubhambhalala

C|EH | Cybersecurity researcher | MLOps | Hybrid Multi Cloud | Devops assembly line | Openshift | AWS EKS | Docker