SolarWinds builds security into design with CircleCI
The SolarWinds Observability product standardizes on security processes with self-hosted runners and private orbs from CircleCI
Strengthening security from the start of coding
Secure by design is our guiding principle for how we approach security and cyber resiliency at SolarWinds. Consisting of several key principles, we’re working to create a more secure environment and build system centered around transparency and maximum visibility.
Engineers worked together to optimize the developer experience for the SolarWinds Observability product. Their key challenge: helping developers maintain speed and high code quality while adhering to the internal security controls.
“Our biggest challenge is the global group of teams working on a platform as well as multiple products,” explains Shannon Tillery, Senior Engineering Manager for SolarWinds. “Developers are frequently making, pushing, and testing changes – while trying to balance speed with quality.”
Verifying that every code release is secure
CircleCI was already in use when engineers took part in the “secure by design” project. The company-wide focus included improving SolarWinds’ security posture across engineering and products and standardizing on engineering practices.
“In examining our incident response, we looked across the board as to how we could improve security when we release software,” says Robert Zahradníček, Senior Staff Site Reliability Engineer for SolarWinds. “We needed the ability to cryptographically sign and verify that everything we deploy comes from a trusted source.”
The engineers used CircleCI self-hosted runners and private orbs to build code signing processes for the company’s SolarWinds® Observability product. “The fact that self-hosted runners operate in an internally controlled environment is a big help for us,” says Zahradníček. “We can cryptographically verify what’s coming out of the internally controlled environment and ensure it adheres to controls our security team requires.”
CircleCI private orbs have helped SolarWinds engineers advance the goal of standardizing engineering practices. “With public orbs, we were limited in what we can include in them,” Zahradníček says. “Now with the private orbs, we can build orbs with any functionality we need.”
“We can cryptographically verify what’s coming out of the internally controlled environment and ensure it adheres to controls our security team requires.”
Robert Zahradníček | Senior Staff Site Reliability Engineer at SolarWinds
Removing obstacles from rapid and secure development
In addition to standardizing engineering practices, CircleCI easily integrates with GitHub. “We’re currently migrating many of our GitHub projects, and it’s been very easy to transition and then enable builds again quickly,” Zahradníček says.
The process has also been cost effective. “As we work on migrating the organization with EMU, and the costs involved in having repos duplicated in different organizations, we’ve appreciated having CircleCI work with us on the best approaches,” Tillery says.
The CircleCI Insights dashboard also helps engineers run processes more efficiently and troubleshoot workflows. “We get all the details for the tests we run for validation,” explains Chaitanya Kancherla, Senior Director of Engineering at SolarWinds. “I can drill down into resource usage, and share it with the rest of the team.”
Benefits of using CircleCI
- Easily scale out standard build processes to more teams
- Increase trust in CI/CD pipelines
- Partner with CircleCI for guidance on creating efficient workflows
About SolarWinds
SolarWinds (NYSE:SWI) is a leading provider of simple, powerful, secure observability and IT management software built to enable customers to accelerate their digital transformation. Our solutions provide organizations worldwide—regardless of type, size, or complexity—with a comprehensive and unified view of today’s modern, distributed, and hybrid network environments. We continuously engage with IT service and operations professionals, DevOps and SecOps professionals, and database administrators (DBAs) to understand the challenges they face in maintaining high-performing and highly available hybrid IT infrastructures, applications, and environments. The insights we gain from them, in places like our THWACK® community, allow us to address customers’ needs now and in the future. Our focus on the user and our commitment to excellence in end-to-end hybrid IT management have established SolarWinds as a worldwide leader in solutions for observability, IT service management, application performance, and database management. Learn more today at www.solarwinds.com.