← Back to Demo Roadmap
IBM Bob — Full SDLC Demo Flow

From Prompt → Production → Day-2 Ops

Bob builds the app, tests it, secures it, builds the CI/CD pipeline, deploys to any platform, and assists with Day-2 SRE operations.

Credit Card Payment Processing App (demo: OpenShift)
Modernize & Build Test & Secure Infra as Code Deploy CI/CD Pipeline Day-2 Ops
🏗️
Stage 1
Bob Modernizes & Builds the App
  • Analyze legacy codebase — flag deprecated APIs, identify migration blockers, recommend refactors
  • Backend API and business logic
  • Frontend with dashboard UI
  • Dockerfile (multi-stage, distroless, non-root)
  • Health endpoints, Prometheus metrics, cache endpoint
"Legacy codebase or greenfield — Bob modernizes the stack and builds the app end-to-end."
Java 11/17 Spring Boot React/Thymeleaf Dockerfile
🔒
Stage 2
Bob Tests & Secures
  • Generate full test suite covering happy paths, edge cases, failure scenarios
  • Security scanning — secrets, contextual analysis, CVE scan
  • CVE scan on pom.xml — prioritized by exploitability
  • SAST scan (Semgrep) — hardcoded secrets, injection risks
  • Auto-fixes critical CVEs and pushes fix
"Full test coverage and security scans — before the code leaves the laptop."
JUnit 5 Semgrep CVE Scan Wiz
⚙️
Stage 3
Bob Generates Infra as Code
  • Generate Terraform code to provision OpenShift environment
  • Generate Ansible playbooks to configure infrastructure
  • Network policies, storage provisioning, RBAC setup
  • Security group configurations and firewall rules
  • Cluster health checks and validation scripts
"Infrastructure defined as code — reproducible, version-controlled, and ready to deploy."
Terraform Ansible OpenShift IaC
🚀
Stage 4
Bob Deploys to
OpenShift
  • Manual deploy to validate the cluster before automating with CI/CD
  • Image push to container registry
  • Kubernetes manifests for deployment and services
  • Health checks and readiness probes configured
  • Zero-downtime rollout capabilities
"Manual deploy validates the cluster is ready — then we automate everything with CI/CD."
OpenShift Kubernetes Container Registry kubectl
⚙️
Stage 5
Bob Builds the
CI/CD Pipeline
  • Generate a GitHub Actions CI/CD pipeline — auto-deploy to staging, manual approval for prod
  • Pipeline: build → test → scan → deploy
  • Multi-language & framework support
  • Security scans as quality gates
"Describe the pipeline once — Bob generates it for GitHub Actions, drift-free automation."
GitHub Actions CI/CD Auto-deploy Quality Gates
🔧
Stage 6
Bob Assists with
Day-2 SRE Ops
  • RefreshPOD — per service, graceful restarts
  • Rolling restart — zero downtime, PDB-aware
  • Cache refresh — hits /cache/clear on all pods
  • Certificate renewal & compliance validation
  • Vault secret maintenance for client onboarding
"Describe the operation — Bob drafts the runbook and executes with your approval."
oc CLI Vault Certs
🏗️
Stack
Java 11/17 + Spring Boot
🔒
Security
CVE + SAST + Certs
⚙️
Pipeline
GitHub Actions · Jenkins · ArgoCD
☁️
Platform
Any Platform (demo: OpenShift)
🔧
Integrations
Wiz · Vault · ArgoCD