Implementations do not matter unless there are end users interacting with them. As such, our philosophy is to create automated processes on day 1 that prioritize deploying features to production or ephemeral environments on each change.
This methodology allows for rapid feedback. Clients can see changes in real time immediately and generate constant feedback cycles to developers to ensure the expected end product is delivered quickly and efficiently.
Day 1 Deployments and Previews
This Dot Labs utilizes services to deliver accessible web properties on the first day of a project. We utilize services like AWS Amplify, Netlify, and Vercel to deploy your products.
All these services provide preview deployments, which allows our developers to share working versions of new features before they are released to the production system against the same hardware and configuration as their main production system. This allows our clients to validate and critique changes before end users allowing for faster iteration and release cycles.
These same tools allow for one-click rollbacks, so if a change is released preemptively or has an issue, it can be seamlessly retracted immediately.
Continuous Integration and Continuous Deployment (CI/CD)
Our teams believe in continuously shipping value to customers with each code change. GitHub Actions, CircleCI, AWS CodeBuild, and other CI/CD platforms allow our team to safely and automatically deliver directly to production multiple times a day. We accomplish this through automated code analysis and testing that are run on each change to avoid system regressions or broken systems.
The CI/CD process can be slowed down by utilizing preview deployments or special ephemeral environments for reviewing changes before they are shipped to consumers.
For mobile applications, new app versions must be submitted for review to their respective app store, but we use some of these same tools to automate those processes.
Ensuring applications and data are secure is a top concern for our teams and clients, so we take necessary steps to protect our clients' properties. Here are a few examples of how we approach security:
- Authentication: We recommend to our clients to utilize Auth0 and Okta as they provide best-in-class authentication services
- Cloud Services: AWS, GCP, and Azure provide secure cloud computing services that are regularly monitored and updated against threats
- Open Web Application Security Project® (OWASP) provides a list of security pitfalls to avoid common attack vectors such as SQL injections or cross-site scripting (XSS) attacks
- We use and recommend known libraries that are actively maintained with permissive licensing schemes. These are great for speeding up development but come with additional exposure risk. To mitigate any security risks and keep these libraries secure, we utilize package analysis tools like Dependabot.
- We do not utilize or believe that “security by obscurity” is a valid security measure
- Audits: Upon request, our team helps ensure full security audits and penetration tests of the system to validate any potential concerns.