Using DevOps to Improve Software Quality in the Cloud

!!

T5

Continuous!Delivery!

10/16/2014!9:45:00!AM!

!

Using DevOps to Improve

Software Quality in the Cloud !

Presented by:

Jeff Payne

Coveros, Inc.

!

!

!

Brought(to(you(by:((

((

340!Corporate!Way,!Suite!300,!Orange!Park,!FL!32073!

[email protected]!H!www.sqe.com

Jeff Payne

Coveros, Inc. Jeff Payne is CEO and founder of Coveros, Inc., a software company that builds secure software applications using agile methods. Since its inception in 2008, Coveros has become a market leader in secure agile principles and was recognized by Inc. magazine as one of the fastest growing private US companies. Prior to founding Coveros, Jeff was chairman of the board, CEO, and cofounder of Cigital, Inc., a market leader in software security consulting. Jeff has published more than thirty papers on software development and testing, and testified before Congress on issues of national importance, including intellectual property rights, cyber terrorism, and software quality. Follow Jeff on Twitter @jefferyepayne.

© Copyright 2014 Coveros, Inc. All rights reserved.

Using DevOps to Improve Software Quality in the Cloud

Jeffery Payne, Coveros

@jefferyepayne


Agenda yWhat is DevOps? yQuality during continuous integration yQuality during continuous delivery yPutting it all together yWrap-up

3 © Copyright 2013 Coveros, Inc.. All rights reserved.

Speaker

Jeffery Payne (@jefferyepayne) [email protected]

Jeffery Payne is CEO and founder of Coveros, Inc., a software company that helps organizations accelerate the delivery of secure, reliable software. Coveros uses agile development methods and a proven software assurance framework to build security and quality into software from the ground up. Prior to founding Coveros, Jeffery was Chairman of the Board, CEO, and co-founder of Cigital, Inc. Under his direction, Cigital became a leader in software security and software quality solutions, helping clients mitigate the risk of software failure. Jeffery is a recognized software expert and popular speaker at both business and technology conferences on a variety of software quality, security, and agile development topics. He has also testified before Congress on issues of national importance, including intellectual property rights, cyber-terrorism, Software research funding, and software quality.


y Coveros helps organizations accelerate the delivery of secure, reliable software

y Our consulting services: – Agile software development & coaching – Agile testing and test automation – Application security – Agile transformations – DevOps automation

y Our key markets: – Financial services – Healthcare – Defense – Critical Infrastructure

Areas of Expertise

About Coveros


What is DevOps?

Common Definition y DevOps is a software development method that stresses

communication, collaboration and integration between software developers and information technology (IT) professionals. DevOps is a response to the interdependence of software development and IT operations. It aims to help an organization rapidly produce software products and services.

y DevOps is not a tool

y DevOps is not a methodology

y DevOps is a philosophy for how people in the software development supply chain interact and work together


What’s Wrong with This Picture?

What is DevOps?

Developers IT Professionals

Collaboration


An Improved View

What is DevOps?

Developers IT Professionals

Collaboration

Testers

All other team members and stakeholders


What is DevOps?

My Definition y DevOps is a software development method that stresses

communication, collaboration and integration between software developers, software testers, all other team members/stakeholders, and information technology (IT) professionals. DevOps is a response to the interdependence of software development/test and IT operations. It aims to help an organization rapidly produce high quality software products and services.

y Without testers in the loop, high quality goes out the window.

y So does some early lifecycle feedback on bugs


y It compiles, therefore it works!

y Big bang integration

y Throwing software over the fence to late lifecycle QA

y “It works on my machine”

y “We’ll get that QA environment stood up for you by … 2016”

DevOps helps solve common quality problems

What is DevOps?


Quality during Continuous Integration


y … the practice of continuously integrating software during software development to assure the code works together, code has been adequately tested, and all quality standards are met.

y Code check-in builds

y Nightly builds

y End-of-sprint code merge / builds

Continuous Integration Is …



y Developers are encouraged to check in new code frequently in CI (hours/minutes vs. days)

y Unit testing is performed on each unit of code when it is checked in

y Functional testing / regression testing is done every night to assure that nothing introduced during the day breaks other functionality

y More comprehensive functional / regression testing is done as time allows on weekends and at the end of each Sprint for large projects with multiple Sprint teams

y Don’t forget non-functional testing!

Testing within CI



y There are a wide variety of quality checks that can be performed as part of a continuous integration process. – Coding standards – Static code review (quality & security) – Code metrics (size, complexity, risk, technical debt) – Code coverage of unit tests

y Many teams mandate that builds pass before additional development / testing is performed … a clean build is THAT important in software development

Quality checks



y Jenkins is a CI server that provides automated support for continuous integration activities

y Jobs can be scripted in Jenkins to do a wide variety of things – Automatically detect code changes in a source code repository and

build/test this code – Start up a variety of builds / testing efforts at a particular time of day

or night – Configure automated builds to perform quality checks – Pretty much any other automated work you want performed …

including continuous delivery scripts!

y Jenkins CI script examples

Examples within Jenkins



Quality during Continuous Delivery


y … … the practice of continuously delivering software to downstream environments (QA, staging, production-like) to assure the code works properly within desired environment(s). – Continuous deployment is a subset of continuous delivery focused on

automating the deployment process to support regular product releases

y Tests quality of the code in production-like environments

y Tests the ability to automatically instantiate and provision all needed environments (development, test, QA, staging, production) when possible

y Virtualization and cloud computing increase CD automation substantially but aren’t necessary to do CD

Continuous Delivery Is …



y Manual setups of development, test, staging, and production environments is very time consuming and fraught with error.

y Technologies now exist to automate your manual processes so that after they have been debugged / validated once, you can automatically setup environments as often as you need.

y Typically done within virtual machines to support automated setup, work, teardowns with little to no manual intervention

y Cloud based development, test, deployment environments can remove the need to even setup physical hardware, further automating the process

Automated environment provisioning / instantiation



y Smoke tests to assure builds work within environment(s) and environments are properly setup

y Functional testing / regression testing is done as often as possible (given your setup) to assure that nothing introduced since the last delivery to an environment breaks other functionality (includes environmental changes)

y Security, load & performance, and other non-functional testing that must be performed on production-like environments

y NOTE: DevOps does not mean we don’t manual test at all levels!

Testing within CD



y Puppet is an orchestration language (like Chef, Ansible, etc.) that provides mechanisms to automate your provisioning and setup of environments.

y Amazon Web Services/EC2 is a cloud platform for requesting, provisioning, and using distributed hardware clusters for computing.

y Jenkins CD script examples

Examples within Jenkins, Puppet, AWS/EC2

Quality within Continuous Delivery


Putting it all Together


Demo Architecture

Started by Jenkins


DevOps Demo


Thoughts? Questions?

Thank you for your time.

Technology

Using DevOps to Improve Software Quality in the Cloud