SlideShare a Scribd company logo

Fitting SCA into Continuous Integration

Download as PPTX, PDF
Rogue Wave Software
Rogue Wave Software

Static code analysis (SCA) is a decades-proven software verification method that’s become essential for many development teams. With the growing adoption of DevOps processes and CI tools, it’s even more important that those familiar with and new to SCA understand how it fits into modern processes to maximize its benefits. This talk describes three different ways of approaching static code analysis and explains the advantages and disadvantages of each, including test coverage, performance, and standards compliance. Starting with older server-based and desktop-based analysis, followed by the latest continuous static analysis for CI, you will walk away with an understanding of the different types of SCA and how to choose the best option that fits your team’s processes, environment, and release schedules.

Software
1 of 24
1© 2016 Rogue Wave Software, Inc. All Rights Reserved. 1 Verification at scale: Fitting static code analysis into continuous integration Embedded Conference Scandinavia
2© 2016 Rogue Wave Software, Inc. All Rights Reserved. 2 Evolution of SCA
3© 2016 Rogue Wave Software, Inc. All Rights Reserved. 3 At first there was the desktop analysis … • All started in December 1977, Stephen C Johnson, Bell Labs • Simple, structural static analysis on a file-by-file basis Advantages Disadvantages • Developer learning • Immediate, post compile • Fast feedback loop • Low quality due to file scope • Unregulated platform / build • No collaborative working
4© 2016 Rogue Wave Software, Inc. All Rights Reserved. 4 Then server-side analysis … • Deep, inter-procedural, control- and data-flow analysis by dedicated servers on a periodic basis (nightly, weekly, per-release) Advantages Disadvantages • Centralised – It is the simplest option to implement and maintain • Reliable – The build process and platform are verified • Accurate – Performs a full analysis and sees the full picture • Feedback – slow feedback creates rework, lower fix rates and higher new issue rates • Developer adoption – not seen as developer task
5© 2016 Rogue Wave Software, Inc. All Rights Reserved. 5 Now client-server connected desktop … • Current state of the art solution: Continuous integration and static code analysis • Deep, inter-procedural control- and data-flow analysis connected to the developer desktop • Enables pre-flight analysis of new and changed code, in real time Advantages Disadvantages • Desktop feedback loop and developer focus • Server accuracy, centralised configuration • The best of both worlds! • Management of desktop tools • Requires desktop build to be possible • Desktop environments don’t always match
6© 2016 Rogue Wave Software, Inc. All Rights Reserved. 6 Continuous integration
7© 2016 Rogue Wave Software, Inc. All Rights Reserved. 7 What is continuous integration (CI)? • In software engineering, CI is the practice of merging all developer working copies to a shared mainline several times a day. Grady Booch first named and proposed CI in his 1991 method, although he did not advocate integrating several times a day. • Continuous integration – the practice of frequently integrating one's new or changed code with the existing code repository – should occur frequently enough that no intervening window remains between commit and build, and such that no errors can arise without developers noticing them and correcting them immediately.
8© 2016 Rogue Wave Software, Inc. All Rights Reserved. 8 Example CI process
9© 2016 Rogue Wave Software, Inc. All Rights Reserved. 9 CI best practices • Automate the build • Everyone commits to the baseline every day • Every commit should be built • Keep the build fast • Fast feedback
10© 2016 Rogue Wave Software, Inc. All Rights Reserved. 10 So why CI? • CI embodies the concept that by checking the impact of changes more frequently we’re able to quickly identify the cause of any problems and remediate as soon as possible with no nasty surprises downstream • CI gives us greater understanding, earlier, so we can then act upon that knowledge as we see fit • It is an early warning system – we are checking the things that could cause delays or risk later earlier in the cycle – we are shifting them to the left
11© 2016 Rogue Wave Software, Inc. All Rights Reserved. 11 Shift left • CI shifts to the left our checking of code integration and build problems • But it doesn’t stop there, consider: – Continuous deployment – Continuous analysis – Continuous testing – Continuous reporting – Continuous compliance
12© 2016 Rogue Wave Software, Inc. All Rights Reserved. 12 Continuous integration and static code analysis – better together
13© 2016 Rogue Wave Software, Inc. All Rights Reserved. 13 Example CI process with SCA Klocwork KlocworkKlocworkKlocwork
14© 2016 Rogue Wave Software, Inc. All Rights Reserved. 14 Enhanced SCA process with CI • For some developers, compiling their code on the desktop is not possible, so desktop analysis is not an option • In addition, integration issues may still be detected after check in, even when using desktop analysis Edit & Save Analyze & Fix Compile & Test Check In Developer 1 Edit & Save Analyze & Fix Compile & Test Check In Developer 2 Time Integrate Check In Compile & Test k In New possible issues found here!
15© 2016 Rogue Wave Software, Inc. All Rights Reserved. 15 Continuous static code analysis
16© 2016 Rogue Wave Software, Inc. All Rights Reserved. 16 The future: Continuous static code analysis … • Continuous static code analysis (CSCA) brings all the benefits of centralised server- side, deep, inter-procedural control- and data-flow analysis to a near-desktop feedback timescale! • Central management of development systems fits well with DevOps movement • Enables continuous reporting and continuous compliance Advantages Disadvantages • Near desktop speed feedback loop • Server accuracy, centralised configuration • Visibility of the current status • Not quite as fast as connected desktop analysis • Server resource requirements of CI builds • Tooling must be designed for CI
17© 2016 Rogue Wave Software, Inc. All Rights Reserved. 17 Designed for CI To work in a true CI environment CSCA tools must be designed to be: Automated Fast(er) Scalable Relevant To reduce feedback time, only the affected code should be analyzed By requiring minimal resources & deploying across multiple agents By reporting only the information that is required for the given context (example: only the diffs since the last build / build X) Supporting the most important CI build management systems
18© 2016 Rogue Wave Software, Inc. All Rights Reserved. 18 Consider before implementing CSCA • The addition of static code analysis to a CI build system means that an integration analysis (similar to a server-analysis) is performed on every check in – Developers get integration static code analysis results after every check in or prior to each promotion? – Less effort spent on changes and less risk to delivery timescales, as there should be no outstanding issues at release time – Continuous static code analysis performance is fast if only the new and changed code is analyzed and reported • If there are additional tests that must be written due to defects detected, they can become part of the test plan immediately
19© 2016 Rogue Wave Software, Inc. All Rights Reserved. 19 Conclusion
20© 2016 Rogue Wave Software, Inc. All Rights Reserved. 20 So what’s right for you? • There is no one size fits all and even within one organization. All of these factors play a part in the decision: : – The type of projects – The phase of projects (developing, maintenance, re-opened legacy) – The development tools and reporting requirements • New engineers benefit hugely from desktop feedback, where they can experiment, learn, and improve without the fear of exposure – SCA in this scenario provides a huge benefit for developer training – But the issues have to be accurate so connected (client-server) desktops are better – Detailed checker documentation, linking back to appropriate industry standards or compliance guidelines will certainly help
21© 2016 Rogue Wave Software, Inc. All Rights Reserved. 21 So what’s right for you? • Rapidly developing, new projects, where large groups of engineers are committing new code will reap the benefits of regular integration analysis giving them a public view of the merged code and analysis results – Here true CI, CSCA is hard to beat if done properly, whereas server only analysis would result in a fast growing backlog and a mammoth task of unpicking complex issues – Connected desktop analysis pre-check in may detect many self contained issues even earlier keeping integration issues very clearly highlighted • Legacy projects or projects entering a maintenance phase with compliance requirements will work well with results that are public, reliable (based on certified hardware and tool chains) and clear – Server only analysis is sufficient and the lowest level of effort to deliver this
22© 2016 Rogue Wave Software, Inc. All Rights Reserved. 22 It all boils down to staying Agile… • Ultimately then, we’re going to need different capabilities from our static code analysis tooling at different times for different projects and with different teams • Tool agility is as important as team agility for making the most of the productivity opportunities
23© 2016 Rogue Wave Software, Inc. All Rights Reserved. 23 Questions? 23 Steve Howard Field technical services, EMEA Rogue Wave Software steve.howard@roguewave.com
24© 2016 Rogue Wave Software, Inc. All Rights Reserved. 24 roguewave.com

Recommended

How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 
Continuous testing for devops
Continuous testing for devopsContinuous testing for devops
Continuous testing for devopsSubrahmaniam S.R.V
 
Testing in a continuous delivery environment
Testing in a continuous delivery environmentTesting in a continuous delivery environment
Testing in a continuous delivery environmentStefan Verhoeff
 
Continuous integration practices to improve the software quality
Continuous integration practices to improve the software qualityContinuous integration practices to improve the software quality
Continuous integration practices to improve the software qualityFabricio Epaminondas
 
Continuous integration testing fundamentals
Continuous integration testing fundamentalsContinuous integration testing fundamentals
Continuous integration testing fundamentalsCygnet Infotech
 
Info Card - Techical Debt Management
Info Card - Techical Debt ManagementInfo Card - Techical Debt Management
Info Card - Techical Debt ManagementFabricio Epaminondas
 
Continuous testing
Continuous testing Continuous testing
Continuous testing Dr Ganesh Iyer
 
Continuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hallContinuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hallPeter Marshall
 

Recommended

How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 
Continuous testing for devops
Continuous testing for devopsContinuous testing for devops
Continuous testing for devopsSubrahmaniam S.R.V
 
Testing in a continuous delivery environment
Testing in a continuous delivery environmentTesting in a continuous delivery environment
Testing in a continuous delivery environmentStefan Verhoeff
 
Continuous integration practices to improve the software quality
Continuous integration practices to improve the software qualityContinuous integration practices to improve the software quality
Continuous integration practices to improve the software qualityFabricio Epaminondas
 
Continuous integration testing fundamentals
Continuous integration testing fundamentalsContinuous integration testing fundamentals
Continuous integration testing fundamentalsCygnet Infotech
 
Info Card - Techical Debt Management
Info Card - Techical Debt ManagementInfo Card - Techical Debt Management
Info Card - Techical Debt ManagementFabricio Epaminondas
 
Continuous testing
Continuous testing Continuous testing
Continuous testing Dr Ganesh Iyer
 
Continuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hallContinuous testing & devops with @petemar5hall
Continuous testing & devops with @petemar5hallPeter Marshall
 
Four Keys to Efficient DevOps
Four Keys to Efficient DevOpsFour Keys to Efficient DevOps
Four Keys to Efficient DevOpsPerfecto by Perforce
 
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...Edureka!
 
CD
CDCD
CDIgor Stojanovski
 
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentation
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentationNRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentation
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentationNRB
 
Continuous testing in agile projects 2015
Continuous testing in agile projects 2015Continuous testing in agile projects 2015
Continuous testing in agile projects 2015Fabricio Epaminondas
 
Drive Faster Quality Insights through Customized Test Automation
Drive Faster Quality Insights through Customized Test AutomationDrive Faster Quality Insights through Customized Test Automation
Drive Faster Quality Insights through Customized Test AutomationPerfecto by Perforce
 
The Journey Towards Continuous Integration
The Journey Towards Continuous IntegrationThe Journey Towards Continuous Integration
The Journey Towards Continuous IntegrationSebastian Marek
 
Drive Faster Quality Insights through Customized Test Automation - Part 2
Drive Faster Quality Insights through Customized Test Automation - Part 2Drive Faster Quality Insights through Customized Test Automation - Part 2
Drive Faster Quality Insights through Customized Test Automation - Part 2Perfecto by Perforce
 
Devops
DevopsDevops
DevopsMauro Cossu
 
Verification for system companies (LI) - value proposition
Verification for system companies (LI) - value propositionVerification for system companies (LI) - value proposition
Verification for system companies (LI) - value propositionHagai Arbel
 
Introduction to Continuous Integration
Introduction to Continuous IntegrationIntroduction to Continuous Integration
Introduction to Continuous IntegrationZahra Golmirzaei
 
Quickstart for continuous integration
Quickstart for continuous integrationQuickstart for continuous integration
Quickstart for continuous integrationFabricio Epaminondas
 
Shorten Business Life Cycle Using DevOps
Shorten Business Life Cycle Using DevOpsShorten Business Life Cycle Using DevOps
Shorten Business Life Cycle Using DevOpsPerfecto Mobile
 
Mobile Quality Assurance
Mobile Quality AssuranceMobile Quality Assurance
Mobile Quality AssuranceNudge Software Inc.
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsWorksoft
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Role of Test Automation in Modern Software Delivery Pipelines
Role of Test Automation in Modern Software Delivery PipelinesRole of Test Automation in Modern Software Delivery Pipelines
Role of Test Automation in Modern Software Delivery PipelinesKasun Kodagoda
 
DevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousDevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousArthur Hicken
 
Insurance for your Assurance Team
Insurance for your Assurance TeamInsurance for your Assurance Team
Insurance for your Assurance TeamWorksoft
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRogue Wave Software
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldRogue Wave Software
 

More Related Content

What's hot

DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...Edureka!
 
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentation
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentationNRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentation
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentationNRB
 
Continuous testing in agile projects 2015
Continuous testing in agile projects 2015Continuous testing in agile projects 2015
Continuous testing in agile projects 2015Fabricio Epaminondas
 
Drive Faster Quality Insights through Customized Test Automation
Drive Faster Quality Insights through Customized Test AutomationDrive Faster Quality Insights through Customized Test Automation
Drive Faster Quality Insights through Customized Test AutomationPerfecto by Perforce
 
The Journey Towards Continuous Integration
The Journey Towards Continuous IntegrationThe Journey Towards Continuous Integration
The Journey Towards Continuous IntegrationSebastian Marek
 
Drive Faster Quality Insights through Customized Test Automation - Part 2
Drive Faster Quality Insights through Customized Test Automation - Part 2Drive Faster Quality Insights through Customized Test Automation - Part 2
Drive Faster Quality Insights through Customized Test Automation - Part 2Perfecto by Perforce
 
Verification for system companies (LI) - value proposition
Verification for system companies (LI) - value propositionVerification for system companies (LI) - value proposition
Verification for system companies (LI) - value propositionHagai Arbel
 
Introduction to Continuous Integration
Introduction to Continuous IntegrationIntroduction to Continuous Integration
Introduction to Continuous IntegrationZahra Golmirzaei
 
Quickstart for continuous integration
Quickstart for continuous integrationQuickstart for continuous integration
Quickstart for continuous integrationFabricio Epaminondas
 
Shorten Business Life Cycle Using DevOps
Shorten Business Life Cycle Using DevOpsShorten Business Life Cycle Using DevOps
Shorten Business Life Cycle Using DevOpsPerfecto Mobile
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsWorksoft
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Role of Test Automation in Modern Software Delivery Pipelines
Role of Test Automation in Modern Software Delivery PipelinesRole of Test Automation in Modern Software Delivery Pipelines
Role of Test Automation in Modern Software Delivery PipelinesKasun Kodagoda
 
DevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousDevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousArthur Hicken
 
Insurance for your Assurance Team
Insurance for your Assurance TeamInsurance for your Assurance Team
Insurance for your Assurance TeamWorksoft
 

What's hot (20)

Four Keys to Efficient DevOps
Four Keys to Efficient DevOpsFour Keys to Efficient DevOps
Four Keys to Efficient DevOps
 
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
 
CD
CDCD
CD
 
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentation
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentationNRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentation
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentation
 
Continuous testing in agile projects 2015
Continuous testing in agile projects 2015Continuous testing in agile projects 2015
Continuous testing in agile projects 2015
 
Drive Faster Quality Insights through Customized Test Automation
Drive Faster Quality Insights through Customized Test AutomationDrive Faster Quality Insights through Customized Test Automation
Drive Faster Quality Insights through Customized Test Automation
 
The Journey Towards Continuous Integration
The Journey Towards Continuous IntegrationThe Journey Towards Continuous Integration
The Journey Towards Continuous Integration
 
Drive Faster Quality Insights through Customized Test Automation - Part 2
Drive Faster Quality Insights through Customized Test Automation - Part 2Drive Faster Quality Insights through Customized Test Automation - Part 2
Drive Faster Quality Insights through Customized Test Automation - Part 2
 
Devops
DevopsDevops
Devops
 
Verification for system companies (LI) - value proposition
Verification for system companies (LI) - value propositionVerification for system companies (LI) - value proposition
Verification for system companies (LI) - value proposition
 
Introduction to Continuous Integration
Introduction to Continuous IntegrationIntroduction to Continuous Integration
Introduction to Continuous Integration
 
Quickstart for continuous integration
Quickstart for continuous integrationQuickstart for continuous integration
Quickstart for continuous integration
 
Shorten Business Life Cycle Using DevOps
Shorten Business Life Cycle Using DevOpsShorten Business Life Cycle Using DevOps
Shorten Business Life Cycle Using DevOps
 
Mobile Quality Assurance
Mobile Quality AssuranceMobile Quality Assurance
Mobile Quality Assurance
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged Applications
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Role of Test Automation in Modern Software Delivery Pipelines
Role of Test Automation in Modern Software Delivery PipelinesRole of Test Automation in Modern Software Delivery Pipelines
Role of Test Automation in Modern Software Delivery Pipelines
 
DevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousDevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuous
 
Insurance for your Assurance Team
Insurance for your Assurance TeamInsurance for your Assurance Team
Insurance for your Assurance Team
 

Similar to Fitting SCA into Continuous Integration

Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRogue Wave Software
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldRogue Wave Software
 
Drupal 8 Lessons From the Field: What is Continuous Delivery and Why it’s imp...
Drupal 8 Lessons From the Field: What is Continuous Delivery and Why it’s imp...Drupal 8 Lessons From the Field: What is Continuous Delivery and Why it’s imp...
Drupal 8 Lessons From the Field: What is Continuous Delivery and Why it’s imp...Acquia
 
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValueDevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValueRapidValue
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous IntegrationXPDays
 
Agile Strategies for Traditional Software Development Teams
Agile Strategies for Traditional Software Development TeamsAgile Strategies for Traditional Software Development Teams
Agile Strategies for Traditional Software Development TeamsTechWell
 
Flight East 2018 Presentation–Continuous Integration––An Overview
Flight East 2018 Presentation–Continuous Integration––An OverviewFlight East 2018 Presentation–Continuous Integration––An Overview
Flight East 2018 Presentation–Continuous Integration––An OverviewSynopsys Software Integrity Group
 
Starting the DevOps Train
Starting the DevOps TrainStarting the DevOps Train
Starting the DevOps TrainCisco DevNet
 
What is Continuous Integration and Continuous Delivery
What is Continuous Integration and Continuous Delivery What is Continuous Integration and Continuous Delivery
What is Continuous Integration and Continuous Delivery Sarah Elson
 
Hyd virtual meetupslides11jul
Hyd virtual meetupslides11julHyd virtual meetupslides11jul
Hyd virtual meetupslides11julSantosh Ojha
 
Advanced Techniques for Initiating the DevOps Journey
Advanced Techniques for Initiating the DevOps JourneyAdvanced Techniques for Initiating the DevOps Journey
Advanced Techniques for Initiating the DevOps JourneyCA Technologies
 
DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own wordsSUBHENDU KARMAKAR
 
Continuous Delivery: releasing Better and Faster at Dashlane
Continuous Delivery: releasing Better and Faster at DashlaneContinuous Delivery: releasing Better and Faster at Dashlane
Continuous Delivery: releasing Better and Faster at DashlaneDashlane
 
How To Ensure Quality With Automation
How To Ensure Quality With AutomationHow To Ensure Quality With Automation
How To Ensure Quality With AutomationMindbowser Inc
 
Understand release engineering
Understand release engineeringUnderstand release engineering
Understand release engineeringgaoliang641
 
How to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeHow to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeRogue Wave Software
 
Deploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragilityDeploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragilitySpyros Lambrinidis
 
Implementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityImplementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityRocket Software
 

Similar to Fitting SCA into Continuous Integration (20)

Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysis
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
 
Drupal 8 Lessons From the Field: What is Continuous Delivery and Why it’s imp...
Drupal 8 Lessons From the Field: What is Continuous Delivery and Why it’s imp...Drupal 8 Lessons From the Field: What is Continuous Delivery and Why it’s imp...
Drupal 8 Lessons From the Field: What is Continuous Delivery and Why it’s imp...
 
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValueDevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous Integration
 
Agile Strategies for Traditional Software Development Teams
Agile Strategies for Traditional Software Development TeamsAgile Strategies for Traditional Software Development Teams
Agile Strategies for Traditional Software Development Teams
 
Continuous integration with Jenkins
Continuous integration with JenkinsContinuous integration with Jenkins
Continuous integration with Jenkins
 
Flight East 2018 Presentation–Continuous Integration––An Overview
Flight East 2018 Presentation–Continuous Integration––An OverviewFlight East 2018 Presentation–Continuous Integration––An Overview
Flight East 2018 Presentation–Continuous Integration––An Overview
 
Starting the DevOps Train
Starting the DevOps TrainStarting the DevOps Train
Starting the DevOps Train
 
What is Continuous Integration and Continuous Delivery
What is Continuous Integration and Continuous Delivery What is Continuous Integration and Continuous Delivery
What is Continuous Integration and Continuous Delivery
 
Hyd virtual meetupslides11jul
Hyd virtual meetupslides11julHyd virtual meetupslides11jul
Hyd virtual meetupslides11jul
 
Devops
DevopsDevops
Devops
 
Advanced Techniques for Initiating the DevOps Journey
Advanced Techniques for Initiating the DevOps JourneyAdvanced Techniques for Initiating the DevOps Journey
Advanced Techniques for Initiating the DevOps Journey
 
DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own words
 
Continuous Delivery: releasing Better and Faster at Dashlane
Continuous Delivery: releasing Better and Faster at DashlaneContinuous Delivery: releasing Better and Faster at Dashlane
Continuous Delivery: releasing Better and Faster at Dashlane
 
How To Ensure Quality With Automation
How To Ensure Quality With AutomationHow To Ensure Quality With Automation
How To Ensure Quality With Automation
 
Understand release engineering
Understand release engineeringUnderstand release engineering
Understand release engineering
 
How to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeHow to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less time
 
Deploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragilityDeploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragility
 
Implementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityImplementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software Quality
 

More from Rogue Wave Software

The Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveThe Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveRogue Wave Software
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureNo liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureRogue Wave Software
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationRogue Wave Software
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Rogue Wave Software
 
Adding layers of security to an API in real-time
Adding layers of security to an API in real-timeAdding layers of security to an API in real-time
Adding layers of security to an API in real-timeRogue Wave Software
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyRogue Wave Software
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsRogue Wave Software
 
The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youRogue Wave Software
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Rogue Wave Software
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Rogue Wave Software
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure successRogue Wave Software
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and complianceRogue Wave Software
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureRogue Wave Software
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)Rogue Wave Software
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Rogue Wave Software
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxRogue Wave Software
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsRogue Wave Software
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSRogue Wave Software
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migrationRogue Wave Software
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmRogue Wave Software
 

More from Rogue Wave Software (20)

The Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data PerspectiveThe Global Influence of Open Banking, API Security, and an Open Data Perspective
The Global Influence of Open Banking, API Security, and an Open Data Perspective
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failureNo liftoff, touchdown, or heartbeat shall miss because of a software failure
No liftoff, touchdown, or heartbeat shall miss because of a software failure
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformation
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...
 
Adding layers of security to an API in real-time
Adding layers of security to an API in real-timeAdding layers of security to an API in real-time
Adding layers of security to an API in real-time
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
 
Advanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applicationsAdvanced technologies and techniques for debugging HPC applications
Advanced technologies and techniques for debugging HPC applications
 
The forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for youThe forgotten route: Making Apache Camel work for you
The forgotten route: Making Apache Camel work for you
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?
 
Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices Three big mistakes with APIs and microservices
Three big mistakes with APIs and microservices
 
5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success5 strategies for enterprise cloud infrastructure success
5 strategies for enterprise cloud infrastructure success
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliance
 
Java 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the futureJava 10 and beyond: Keeping up with the language and planning for the future
Java 10 and beyond: Keeping up with the language and planning for the future
 
How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)How to keep developers happy and lawyers calm (Presented at ESC Boston)
How to keep developers happy and lawyers calm (Presented at ESC Boston)
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)
 
How to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to LinuxHow to migrate SourcePro apps from Solaris to Linux
How to migrate SourcePro apps from Solaris to Linux
 
Approaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC appsApproaches to debugging mixed-language HPC apps
Approaches to debugging mixed-language HPC apps
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOS
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migration
 
How to keep developers happy and lawyers calm
How to keep developers happy and lawyers calmHow to keep developers happy and lawyers calm
How to keep developers happy and lawyers calm
 

Recently uploaded

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 

Recently uploaded (20)

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 

Fitting SCA into Continuous Integration

  • 1. 1© 2016 Rogue Wave Software, Inc. All Rights Reserved. 1 Verification at scale: Fitting static code analysis into continuous integration Embedded Conference Scandinavia
  • 2. 2© 2016 Rogue Wave Software, Inc. All Rights Reserved. 2 Evolution of SCA
  • 3. 3© 2016 Rogue Wave Software, Inc. All Rights Reserved. 3 At first there was the desktop analysis … • All started in December 1977, Stephen C Johnson, Bell Labs • Simple, structural static analysis on a file-by-file basis Advantages Disadvantages • Developer learning • Immediate, post compile • Fast feedback loop • Low quality due to file scope • Unregulated platform / build • No collaborative working
  • 4. 4© 2016 Rogue Wave Software, Inc. All Rights Reserved. 4 Then server-side analysis … • Deep, inter-procedural, control- and data-flow analysis by dedicated servers on a periodic basis (nightly, weekly, per-release) Advantages Disadvantages • Centralised – It is the simplest option to implement and maintain • Reliable – The build process and platform are verified • Accurate – Performs a full analysis and sees the full picture • Feedback – slow feedback creates rework, lower fix rates and higher new issue rates • Developer adoption – not seen as developer task
  • 5. 5© 2016 Rogue Wave Software, Inc. All Rights Reserved. 5 Now client-server connected desktop … • Current state of the art solution: Continuous integration and static code analysis • Deep, inter-procedural control- and data-flow analysis connected to the developer desktop • Enables pre-flight analysis of new and changed code, in real time Advantages Disadvantages • Desktop feedback loop and developer focus • Server accuracy, centralised configuration • The best of both worlds! • Management of desktop tools • Requires desktop build to be possible • Desktop environments don’t always match
  • 6. 6© 2016 Rogue Wave Software, Inc. All Rights Reserved. 6 Continuous integration
  • 7. 7© 2016 Rogue Wave Software, Inc. All Rights Reserved. 7 What is continuous integration (CI)? • In software engineering, CI is the practice of merging all developer working copies to a shared mainline several times a day. Grady Booch first named and proposed CI in his 1991 method, although he did not advocate integrating several times a day. • Continuous integration – the practice of frequently integrating one's new or changed code with the existing code repository – should occur frequently enough that no intervening window remains between commit and build, and such that no errors can arise without developers noticing them and correcting them immediately.
  • 8. 8© 2016 Rogue Wave Software, Inc. All Rights Reserved. 8 Example CI process
  • 9. 9© 2016 Rogue Wave Software, Inc. All Rights Reserved. 9 CI best practices • Automate the build • Everyone commits to the baseline every day • Every commit should be built • Keep the build fast • Fast feedback
  • 10. 10© 2016 Rogue Wave Software, Inc. All Rights Reserved. 10 So why CI? • CI embodies the concept that by checking the impact of changes more frequently we’re able to quickly identify the cause of any problems and remediate as soon as possible with no nasty surprises downstream • CI gives us greater understanding, earlier, so we can then act upon that knowledge as we see fit • It is an early warning system – we are checking the things that could cause delays or risk later earlier in the cycle – we are shifting them to the left
  • 11. 11© 2016 Rogue Wave Software, Inc. All Rights Reserved. 11 Shift left • CI shifts to the left our checking of code integration and build problems • But it doesn’t stop there, consider: – Continuous deployment – Continuous analysis – Continuous testing – Continuous reporting – Continuous compliance
  • 12. 12© 2016 Rogue Wave Software, Inc. All Rights Reserved. 12 Continuous integration and static code analysis – better together
  • 13. 13© 2016 Rogue Wave Software, Inc. All Rights Reserved. 13 Example CI process with SCA Klocwork KlocworkKlocworkKlocwork
  • 14. 14© 2016 Rogue Wave Software, Inc. All Rights Reserved. 14 Enhanced SCA process with CI • For some developers, compiling their code on the desktop is not possible, so desktop analysis is not an option • In addition, integration issues may still be detected after check in, even when using desktop analysis Edit & Save Analyze & Fix Compile & Test Check In Developer 1 Edit & Save Analyze & Fix Compile & Test Check In Developer 2 Time Integrate Check In Compile & Test k In New possible issues found here!
  • 15. 15© 2016 Rogue Wave Software, Inc. All Rights Reserved. 15 Continuous static code analysis
  • 16. 16© 2016 Rogue Wave Software, Inc. All Rights Reserved. 16 The future: Continuous static code analysis … • Continuous static code analysis (CSCA) brings all the benefits of centralised server- side, deep, inter-procedural control- and data-flow analysis to a near-desktop feedback timescale! • Central management of development systems fits well with DevOps movement • Enables continuous reporting and continuous compliance Advantages Disadvantages • Near desktop speed feedback loop • Server accuracy, centralised configuration • Visibility of the current status • Not quite as fast as connected desktop analysis • Server resource requirements of CI builds • Tooling must be designed for CI
  • 17. 17© 2016 Rogue Wave Software, Inc. All Rights Reserved. 17 Designed for CI To work in a true CI environment CSCA tools must be designed to be: Automated Fast(er) Scalable Relevant To reduce feedback time, only the affected code should be analyzed By requiring minimal resources & deploying across multiple agents By reporting only the information that is required for the given context (example: only the diffs since the last build / build X) Supporting the most important CI build management systems
  • 18. 18© 2016 Rogue Wave Software, Inc. All Rights Reserved. 18 Consider before implementing CSCA • The addition of static code analysis to a CI build system means that an integration analysis (similar to a server-analysis) is performed on every check in – Developers get integration static code analysis results after every check in or prior to each promotion? – Less effort spent on changes and less risk to delivery timescales, as there should be no outstanding issues at release time – Continuous static code analysis performance is fast if only the new and changed code is analyzed and reported • If there are additional tests that must be written due to defects detected, they can become part of the test plan immediately
  • 19. 19© 2016 Rogue Wave Software, Inc. All Rights Reserved. 19 Conclusion
  • 20. 20© 2016 Rogue Wave Software, Inc. All Rights Reserved. 20 So what’s right for you? • There is no one size fits all and even within one organization. All of these factors play a part in the decision: : – The type of projects – The phase of projects (developing, maintenance, re-opened legacy) – The development tools and reporting requirements • New engineers benefit hugely from desktop feedback, where they can experiment, learn, and improve without the fear of exposure – SCA in this scenario provides a huge benefit for developer training – But the issues have to be accurate so connected (client-server) desktops are better – Detailed checker documentation, linking back to appropriate industry standards or compliance guidelines will certainly help
  • 21. 21© 2016 Rogue Wave Software, Inc. All Rights Reserved. 21 So what’s right for you? • Rapidly developing, new projects, where large groups of engineers are committing new code will reap the benefits of regular integration analysis giving them a public view of the merged code and analysis results – Here true CI, CSCA is hard to beat if done properly, whereas server only analysis would result in a fast growing backlog and a mammoth task of unpicking complex issues – Connected desktop analysis pre-check in may detect many self contained issues even earlier keeping integration issues very clearly highlighted • Legacy projects or projects entering a maintenance phase with compliance requirements will work well with results that are public, reliable (based on certified hardware and tool chains) and clear – Server only analysis is sufficient and the lowest level of effort to deliver this
  • 22. 22© 2016 Rogue Wave Software, Inc. All Rights Reserved. 22 It all boils down to staying Agile… • Ultimately then, we’re going to need different capabilities from our static code analysis tooling at different times for different projects and with different teams • Tool agility is as important as team agility for making the most of the productivity opportunities
  • 23. 23© 2016 Rogue Wave Software, Inc. All Rights Reserved. 23 Questions? 23 Steve Howard Field technical services, EMEA Rogue Wave Software steve.howard@roguewave.com
  • 24. 24© 2016 Rogue Wave Software, Inc. All Rights Reserved. 24 roguewave.com