How China’s 2020 DevOps Survey Reveals Key Gaps and Best Practices

Agile Development Management

First, we explore the Agile Development Management section of the questionnaire. The first question asks which option best reflects your team's agile practice, ranging from no agile use to a highly mature, organization‑wide agile implementation.

Our organization is currently at a partial‑adoption stage: some teams use agile, while many others have not yet transformed due to business characteristics, but we keep experimenting and iterating.

Requirement Management

Requirement management is a crucial agile aspect. Before project start, all requirements must be collected and confirmed. In my previous company we used Microsoft Project Server to define daily tasks and produce Gantt charts, but the completion rate of such plans never exceeded 99%.

During iterations, requirements can be reordered; high‑priority items may replace lower‑priority ones to keep the sprint flexible.

Our team uses daily stand‑ups, two‑week sprints, and a Kanban board. We write user stories to describe requirements.

We also apply Impact Mapping to analyse real value and User Story Mapping to build a holistic view of the product.

Many teams now hold a "Grooming" meeting (similar to a requirement clarification meeting) before the sprint planning session.

Kanban boards enforce WIP limits (e.g., a limit of 2) and define Definition of Ready (DoR) and Definition of Done (DoD) to ensure clear entry and exit criteria.

Continuous Delivery

Continuous delivery involves version control of source code, configuration, build scripts, deployment scripts, and database change scripts (DDL/DML). All artifacts, including Dockerfiles and Helm charts, are stored in a version‑control system.

Artifact Management

Artifacts such as Maven dependencies, JAR packages, Docker images, and other binaries are stored in repositories like Nexus, Artifactory, or Harbor.

Artifact promotion—from development to pre‑release to production—requires quality gates, security scans, and sometimes network isolation for financial institutions.

Continuous Integration

CI is performed daily (or multiple times per day) using tools like Jenkins. Dedicated engineers maintain Jenkins plugins and ensure compatibility during upgrades.

CI Frequency

Teams vary: some commit only locally, some integrate every few days, and high‑performing teams commit multiple times per day, enabling rapid feedback.

CI Issue‑Fix Time

When a Jenkins build fails (red light), the goal is to fix it as quickly as possible—ideally within 30 minutes, with top teams achieving fixes in under 10 minutes.

Automated Testing

We use SonarQube for static code analysis, unit tests, API tests with JMeter, and occasional UI tests (though UI automation is costly). Smoke tests run after deployment, and regression suites have been dramatically reduced in effort through automation.

Deployment

Deployments are automated using Kubernetes (K8s). Environments (test and production) share the same tooling and processes.

Pipeline

The CI/CD pipeline may be incomplete (build and test only) or fully integrated (build → test → deploy). High‑maturity pipelines automate the entire flow.

Change Lead Time

Lead time from code commit to production ranges from one day to one week, depending on testing, approvals, and manual steps.

Production Deployment Frequency

Most teams deploy at least once every two weeks, often aligning with sprint boundaries.

Key DevOps Metrics

Four key metrics from a 2019 DevOps report: deployment frequency, change lead time, mean time to restore (MTTR), and change failure rate. High‑performing organizations deploy daily to weekly with rapid recovery.

Tools

Code management: GitLab, Gitee, Tencent GIT, Gerrit (with repo for multi‑repo management). Artifact repositories: Nexus, Artifactory. CI/CD: Jenkins, GitLab CI, CDF. Code quality: SonarQube. Testing: JMeter, Selenium, Cucumber. Deployment: native K8s, Ansible, SaltStack.

Technical Operations

Monitoring is the foundation of operations. We use Zabbix for basic metrics and ELK for log monitoring. Alert aggregation (convergence) is essential to avoid alarm fatigue.

Advanced monitoring leverages machine‑learning‑driven alert thresholds.

Incident and Change Management

Incident management follows a basic process of timely handling, with higher levels requiring visualised workflows and automated change procedures.

Configuration Management

We maintain a CMDB for assets and configuration items, though automated discovery is still weak.

High Availability

Beyond hardware failover, we implement service‑level call‑graph governance and database master‑slave replication. Dynamic auto‑scaling remains a challenge.

Business Continuity

We target a Recovery Time Objective (RTO) of under 30 minutes, using automated fault injection (chaos engineering) to validate resilience.

User Experience

We monitor end‑user performance, page load times, and collect feedback through product channels.

Application Design

Microservice Framework

Our services are built on Spring Boot.

Architecture Design

Architecture focuses on availability and testability, though metrics are still immature.

API Management

We enforce API standards but lack a dedicated API portal.

Scalability

Horizontal scaling is achieved via K8s; full automation is not yet realized.

Fault Handling

We rely on manual failover and degradation mechanisms.

Performance

Performance optimisation spans multiple services but remains a work in progress.

Security and Risk Management

We adopt DevSecOps, integrating security checks throughout the development lifecycle, including code scanning, dependency analysis, and container security tools such as Checkmarx, Clair, OWASP ZAP, and Snyk.

Security Testing

Security testing is embedded in the CI pipeline; each release passes automated security scans before production.

Operational Security

We have basic security monitoring but lack unified dashboards, intelligent alerts, and self‑healing capabilities.

Agile and DevOps Transformation Status

Transformation success is measured by delivery speed, business value, defect leakage reduction, and team satisfaction. Challenges include heavy workloads, lack of expert guidance, and unclear roadmaps.

Common obstacles: missing DevOps experts, over‑burdened teams, and undefined improvement paths.

Tool selection balances cost, open‑source status, and popularity; many organisations still rely on custom‑built platforms.