DevSecOps Best Practices on Alibaba Cloud — Building an E-Commerce Application

What Is DevSecOps?

  1. In software development, the concept of shifting left moves tasks, such as testing, earlier in the cycle so that these tasks occur in parallel with development activities.
  2. The new application landscape is an opportunity to integrate security measures earlier in the development process to improve the security of the code that reaches production.
  3. Integration of SAST, DAST, Penetration Testing with Vulnerabilities is important.
  1. We need to build application faster so we need a microservices architecture.
  2. With microservices, large and complex systems are decoupled into simple, independent projects. This brings agility and alignment with the overall business and helps developer make changes to the code immediately for the customers.
  1. Software containers accelerate development by enabling applications to be broken down into microservices.
  2. Containers hold packaged pieces of software that contain all the components (the software, system libraries, and file system) needed to run the service. This can improve the quality of testing and reduce the complexity of integration and deployment.
  1. Automation aims to not only enhance the software development mechanism but also fill in the loopholes created by manual efforts in the software development model.
  2. Organizations can adopt automation to tackle frequent regression testing iterations and seek to pace up the delivery process.
  3. Developers will find automation a blessing when working on microservices architecture or when working on exceptionally large projects.
  1. An API gateway establishes a single entry point for all requests coming from clients. This insulates the clients from being trouble by understanding how an application may be partitioned into microservices. This also enables clients to retrieve data from multiple services with only one request.

DevSecOps on Alibaba Cloud

  1. Alibaba Cloud Container Service provides support for Kubernetes clusters.
  2. Using the application deployment capability of Alibaba Cloud Resource Orchestration Service (ROS), users can create a highly available and secure Kubernetes cluster with one click by using ROS templates.
  3. The Kubernetes cluster consolidates Alibaba Cloud’s storage, network, virtualization, and security capabilities to provide a high-performance application management that simplifies cluster creation and expansion.
  4. Kubernetes deployed on Alibaba Cloud facilitates deployment, expansion, and management of containerized applications
  5. It further focuses on containerized management and application development, and comes with the following features:
  6. Elastic expansion and self-reparation.
  7. Service discovery and server load balancing.
  8. Service publication and rollback.
  9. Secrets and configuration management.
  1. Lightweight deployment
  2. Simplified container management
  3. Low impact on other service

Building an E-Commerce Portal Using DevSecOps

  1. FSN ID: The unique identification of each SKU
  2. Order Date: Date on which the order was placed
  3. Order ID: The unique identification number of each order
  4. Order item ID: Suppose you order 2 different products under the same order, it generates 2 different order Item IDs under the same order ID; orders are tracked by the Order Item ID.
  5. GMV: Gross Merchandise Value or Revenue
  6. Units: Number of units of the specific product sold
  7. Order payment type: How the order was paid — prepaid or cash on delivery
  8. SLA: Number of days it typically takes to deliver the product
  9. Cust id: Unique identification of a customer
  10. Product MRP: Maximum retail price of the product
  11. Product procurement SLA: Time typically taken to procure the product
  1. A Linux or Windows machine
  2. JDK 8 or later
  3. Apache Maven 3 or later
  4. Eclipse or other code editor of your choice
  5. Spring MVC 4.2.5
  6. Hibernate 5.x
  7. Database: Oracle, Mysql,SQL Server, RDS

Solution Architecture of the E-Commerce Platform

How to Implement the Solution with DevSecOps

  1. Build the store modules using Java and JDK. This includes Order Management, Shop Management , Customer management,Payment module, Customer service
  2. Shift left in the continuous delivery. This is done by integrating security solutions to the modules, including adding WAF, anti-fraud, Server Guard, security testing, and CloudMonitor.
  3. Enable the microservices architecture in the above 2 steps. This makes the portal scalable and brings agility and alignment to the business. With this solution, you can make changes to the code immediately for customers.
  4. Integrate elastic computing in the cloud deployment using Server Load Balancer, Auto Scaling and Elastic Compute Service (ECS). We used containers as a part of DevOps lifecycle. Containers hold packaged pieces of software that contain all the components (the software, system libraries, and file system) needed to run the service. We used Auto Scaling to adjust to the demand of the customer spike during peak shopping season.
  5. Also as a part of Development lifecycle, you can use Message Service to help with automation. Message Service is useful for typical large-scale, high-reliability, high-concurrency software code automation.
  6. Integrate object storage and also the backend with APIs. You’ll also need databases to process massive volumes of images and transcoding capabilities for image processing, and handling audio and video content.
  7. Merge CDN with the lifecycles to accelerate content delivery for end users.

Hosting the E-Commerce Portal

Reference Microservices





Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Deploy Webserver on AWS EC2 Instance Through Ansible

New Droplet from Custom Image: Red Hat Enterprise Linux(RHEL) Server

What I Learned From Steve Jobs’s Thoughts About Technology And Product

enum Classes in Kotlin

[Gitlab] How to change repository name and url

Making Better HTTP Requests In Laravel 7 With Guzzle

Lessons learned on the 10 days out my #100daysofcode challenge.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:

More from Medium

Scaling your backend service — System Design

Transform existing Lambda based stack to CloudFormation stack using SAM template— Part 3

Serverless Diary: How to Design Fail-Fast Architectures using Circuit Breaker

Running production work loads on 100% Spot fleet. (Part 1)