SlideShare a Scribd company logo

Building a Quality Culture Across DevOps

DevOps.com
DevOps.com

The document discusses building a quality system for software development. It begins by noting that while DevOps promises comprehensive testing throughout development and operations, in reality testing is often inconsistent due to a lack of focus and relentless pressure to deliver. It then outlines challenges in assigning responsibility for quality, having unfocused quality efforts, and dealing with increasing software complexity. The document proposes creating a quality system with three parts: specifying a quality strategy, defining a quality process, and automating testing. It provides examples of how to approach quality goals, roles, metrics, and investing in different phases. It emphasizes automating infrastructure, testing at all levels, and driving quality across the organization through communities of practice and continuous learning. Security quality is discussed as having its

Technology
1 of 48
Download to read offline
© 2018 VERACODE INC.1 Software Quality as a Competitive Differentiator Maria Loughlin, VP Engineering @marialoughlin
© 2018 VERACODE INC.2 On This Webinar 1. Quality and Business Success 2. DevOps Promises & Gaps 3. Building a Quality System
© 2018 VERACODE INC.3 Poll: Who’s Attending This Webinar? • Quality Professional (Tester, QA Eng, SWET, Architect) • Developer / DevOps / Operations Engineer • Product Manager / UX Designer • Engineering Manager / Executive • Other
© 2018 VERACODE INC.4 Revenue and Net Promoter Score SOURCE: The Net Promoter System. Bain & Company, Inc. “On average, an industry’s Net Promoter leader outgrew its competitors by a factor greater than two times.”
© 2018 VERACODE INC.5 High Quality, High Trust SOURCE: https://cxi.today/2018-cx-trends/analytics-infographic-5-trends- shaping-cx-in-2018/
© 2018 VERACODE INC.6 Quality Productivity Predictability Employee Happiness Innovation
© 2018 VERACODE INC.7 Maria Loughlin VP Engineering, Veracode • Two decades of software engineering leadership • Waterfall to Agile to DevOps • Monolith to MicroServices • Manage development and operations for the FedRAMP instance of Veracode’s Application Security products. • Deep expertise in Secure SDLC and DevSecOps.
© 2018 VERACODE INC.8 Poll Results: Who’s Attending This Webinar?
© 2018 VERACODE INC.9 © 2018 VERACODE INC. Part II: Quality and DevOps
© 2018 VERACODE INC.10 DevOps Promise: Continuous Testing Image: https://www.parasoft.com/solutions/continuous-testing
© 2018 VERACODE INC.11 DevOps Promise: Comprehensive Testing Unit Component Integration E2E UI Shift Right Shift Left Automation throughout the stack Automation throughout the lifecycle
© 2018 VERACODE INC.12 Unit Compo nent Integrat ion End to End DevOps Reality: Inconsistent Testing • Quality investment often driven by delivery team, independent of overall strategy • All sorts of tests with almost equal priorities
© 2018 VERACODE INC.13 State of Software Quality SOURCE: GitLab 2018 Global Developer Report, https://about.gitlab.com/developer-survey/2018/ / 42% sacrifice quality to meet a deadline
© 2018 VERACODE INC.14 SOURCE: GitLab 2018 Global Developer Report, https://about.gitlab.com/developer-survey/2018/ / Testing causes delays
© 2018 VERACODE INC.15 The Change Failure Rate for high performers is 5 times lower than for low performers SOURCE: Puppet 2017 State of DevOps Report, https://puppet.com/resources/whitepaper/2017-state-of-devops-report
© 2018 VERACODE INC.16 The Mean Time to Repair (MTTR) for high performers is 96 times faster than for low performers SOURCE: Puppet 2017 State of DevOps Report, https://puppet.com/resources/whitepaper/2017-state-of-devops-report
© 2018 VERACODE INC.17 85% of applications are vulnerable35.9% 33.5% 85.1% 84.9% First Scan Latest Scan High or Very High Severity Any Severity Percent of Applications with Findings Source: Veracode SOSS Volume 9 SOURCE: Veracode SOSS Volume 9, https://www.veracode.com/state-of-software-security-report State of Software Security
© 2018 VERACODE INC.18 The percent of applications passing OWASP Top 10 Policy on first scan is consistent over time 23% 77% 13% 87% 32.3% 67.7% 38.6% Passed 61.4% Did Not Pass 30.2% 69.8% 2010 2013 2015 2016 2017 Percentage of Applications Passing OWASP on First Scan Source: Veracode SOSS Volume 9 SOURCE: Veracode SOSS Volume 9
© 2018 VERACODE INC.19 What’s The Challenge? 1. Reinvested quality process 2. Unfocused quality efforts 3. Relentless pressure to deliver 4. Complexity of software – more than ever before
© 2018 VERACODE INC.20 Challenge 1: Who’s Responsible for Quality? Dev Product Tester Designer Mgr Dev Product Tester Designer Mgr Monitoring Analytics SupportInfra- structure Dev Product Tester Designer Mgr Waterfall Agile DevOps
© 2018 VERACODE INC.21 Challenge 2: Unfocused Quality Efforts Quality can be subjective and contextual.
© 2018 VERACODE INC.22 Challenge 3: Relentless Pressure To Deliver
© 2018 VERACODE INC.23 Challenge 4: Software Is Increasingly Complex Today’s software is • Distributed • Embedded in complex systems • Autonomously learning and evolving • Deployed to untrusted environments
© 2018 VERACODE INC.24
© 2018 VERACODE INC.25 © 2018 VERACODE INC. Part 3: Creating a Quality System
© 2018 VERACODE INC.26 Creating a Quality System Specify CI/CD across organization with recommended tools Drive Quality Strategy Quality Process Test Automation
© 2018 VERACODE INC.27 Strategy: Quality Goals ` Strategy Process Automation Is Your Customer Getting the Value They Expect? • Functional • Great user experience • Consistent, reliable • High performing Will Your Team Remain Productive? • Maintainable • Scalable • Secure
© 2018 VERACODE INC.28 Strategy: When and Where? • Pre-production – Test functionality, stability, security, customer satisfaction, compliance • Production – Test functionality, performance, resilience, stability – Experiment to test new ideas ` Strategy Process Automation
© 2018 VERACODE INC.29 Strategy: Who? Unit Component Integration E2E UI Delivery team owns the tests • Maturity of organization impacts exact staffing – Lower layers always developer • Quality mindset always present – QA architect and ever-present voice of customer ` Strategy Process Automation
© 2018 VERACODE INC.30 Process: Investment by Phase • Inspect and adapt process • Continuous production feedback • Customer data • Upper layers of test pyramid • Quality dashboards • Security testing WALK CRAWL RUN • Deployment automation, CI/CD • Unit tests and mocking code • Test infrastructure ` Strategy Process Automation
© 2018 VERACODE INC.31 Process: Definition of Done ` Strategy Process Automation Test investment
© 2018 VERACODE INC.32 Process: Metrics Internal View • Test coverage • Reopened issues Customer View • Escaped defects • MTTR • Service interruption ` Strategy Process Automation
© 2018 VERACODE INC.33 Automate Everything 1. DevOps Infrastructure ` Strategy Process Automation Unit Component Integration E2E UI 2. Tests
© 2018 VERACODE INC.34 SOURCE: Atlassian Marketplace for DevOps Apps, https://marketplace.atlassian.com/categories/devops
© 2018 VERACODE INC.35 Automation: Infrastructure ` Strategy Process Automation Infrastructure Consideration CI / CD Pipeline Reliable, repeatable Example: Jenkins Test Environments Easy to create and scale. Monitor for cost Test Frameworks Can be integrated with build pipeline, e.g. GitLab Or separate tool, e.g. Robot / TestNG Quality Metrics Transparent, consistent Example: SonarCube, Bug tracker with analytics
© 2018 VERACODE INC.36 Test Layer Consideration Example Tools UI Match your UI language E2E Include performance testing Integration Focus on interactions between microservice and external services Component Include performance testing Unit Match your language primitive Automation: The Test Stack Test Layer Consideration Example Tools UI Match your UI language Protractor for Single Page Apps, or Selenium, Cyprus, Jest E2E Include performance testing Selenium, Protractor, Cyprus, Jest Integration Focus on interactions between microservice and external services API: Rest Assured, Postman Component Include performance testing Mockito for mocking framework Unit Match your language primitive Junit, PyUnit UI Unit tests: Karma, Jasmine ` Strategy Process Automation
© 2018 VERACODE INC.37 © 2018 VERACODE INC. Driving Quality Across The Organization
© 2018 VERACODE INC.38 Creating a Quality Culture Break the Silos Support the Team Learn Continuously
© 2018 VERACODE INC.39 Guilds: Experts Support Each Other • Identify your leaders and practice experts • Hold regular ‘birds of a feather’ meetings • Share learnings, trends and best practices constantly • Encourage & reward participation
© 2018 VERACODE INC.40 Continuous Learning
© 2018 VERACODE INC.41 What About Security Quality? Specify Security Strategy Security Process Security Automation
© 2018 VERACODE INC.42 Strategy: Security Policy Policy defines and supports your tolerance for risk. • Requirements for remediation of vulnerable code and components • Standards for software licence usage • Recommended libraries, frameworks, embedded components
© 2018 VERACODE INC.43 Process: Security Maturity Model (SAMPLE) Activity Base Beginner Intermediate Advanced Expert Training Secure Design Security Code Review Security Testing Third Party Activity Base Beginner Intermediate Advanced Expert Training Secure Design Security is not a design consideration Security reqts are generally defined after development has started or completed Threat modeling before major components or features Security reqts are defined before major componen ts or features Threat modeling is incorporated into the story process Security reqts are defined as story Acceptance Criteria on relevant stories Security Acceptance Criteria defined for all relevant stories Security Code Review Security Testing Third Party
© 2018 VERACODE INC.44 Security Automation The best app security is invisible to developers
© 2018 VERACODE INC.45 Recap: On This Webinar 1. Quality and Business Success 2. DevOps: Promises & Gaps 3. Building a Quality System “Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution” – William A. Foster
© 2018 VERACODE INC.46
© 2018 VERACODE INC.47 © 2018 VERACODE INC. Q & A www.veracode.com
© 2018 VERACODE INC.48

Recommended

Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousParasoft
 
Parasoft Case Study: Wipro
Parasoft Case Study: WiproParasoft Case Study: Wipro
Parasoft Case Study: WiproErika Barron
 
The Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingThe Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingCygnet Infotech
 
How to Eliminate Escaped Defects With a Proven Test Automation Coverage Strategy
How to Eliminate Escaped Defects With a Proven Test Automation Coverage StrategyHow to Eliminate Escaped Defects With a Proven Test Automation Coverage Strategy
How to Eliminate Escaped Defects With a Proven Test Automation Coverage StrategyPerfecto by Perforce
 
Best Practices for Shifting Left Performance and Accessibility Testing
Best Practices for Shifting Left Performance and Accessibility TestingBest Practices for Shifting Left Performance and Accessibility Testing
Best Practices for Shifting Left Performance and Accessibility TestingPerfecto by Perforce
 
Deliver Flawless Mobile Apps Faster with CI/CD & CT
Deliver Flawless Mobile Apps Faster with CI/CD & CTDeliver Flawless Mobile Apps Faster with CI/CD & CT
Deliver Flawless Mobile Apps Faster with CI/CD & CTPerfecto by Perforce
 

Recommended

Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousParasoft
 
Parasoft Case Study: Wipro
Parasoft Case Study: WiproParasoft Case Study: Wipro
Parasoft Case Study: WiproErika Barron
 
The Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingThe Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingCygnet Infotech
 
How to Eliminate Escaped Defects With a Proven Test Automation Coverage Strategy
How to Eliminate Escaped Defects With a Proven Test Automation Coverage StrategyHow to Eliminate Escaped Defects With a Proven Test Automation Coverage Strategy
How to Eliminate Escaped Defects With a Proven Test Automation Coverage StrategyPerfecto by Perforce
 
Best Practices for Shifting Left Performance and Accessibility Testing
Best Practices for Shifting Left Performance and Accessibility TestingBest Practices for Shifting Left Performance and Accessibility Testing
Best Practices for Shifting Left Performance and Accessibility TestingPerfecto by Perforce
 
Deliver Flawless Mobile Apps Faster with CI/CD & CT
Deliver Flawless Mobile Apps Faster with CI/CD & CTDeliver Flawless Mobile Apps Faster with CI/CD & CT
Deliver Flawless Mobile Apps Faster with CI/CD & CTPerfecto by Perforce
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...Parasoft
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service VirtualizationParasoft
 
Qa focus 2015 2020
Qa focus 2015 2020Qa focus 2015 2020
Qa focus 2015 2020anuvip
 
Testing in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTesting in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTechWell
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTechWell
 
Rx for FDA Software Compliance
Rx for FDA Software ComplianceRx for FDA Software Compliance
Rx for FDA Software ComplianceParasoft
 
All about cigniti
All about cignitiAll about cigniti
All about cignitiCigniti Technologies Ltd
 
Don't be a DevOps Failure
Don't be a DevOps FailureDon't be a DevOps Failure
Don't be a DevOps FailureDevOps.com
 
Quality Assurance Guidelines
Quality Assurance GuidelinesQuality Assurance Guidelines
Quality Assurance GuidelinesTim Stribos
 
Predictive Test Planning to Improve System Quality
Predictive Test Planning to Improve System QualityPredictive Test Planning to Improve System Quality
Predictive Test Planning to Improve System QualityTechWell
 
Digital Assurance Center of Excellence
Digital Assurance Center of ExcellenceDigital Assurance Center of Excellence
Digital Assurance Center of ExcellenceIra Agarwal
 
Testing Services - Software Quality Assurance
Testing Services - Software Quality AssuranceTesting Services - Software Quality Assurance
Testing Services - Software Quality AssuranceCCS Technologies (P) Ltd.
 
Cutting Costs and Managing Quality
Cutting Costs and Managing QualityCutting Costs and Managing Quality
Cutting Costs and Managing QualitySriram Rajagopalan
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 
Neev Independent Testing Services
Neev Independent Testing ServicesNeev Independent Testing Services
Neev Independent Testing ServicesNeev Technologies
 
Software Testing Services | Best software testing consulting companies
Software Testing Services | Best software testing consulting companiesSoftware Testing Services | Best software testing consulting companies
Software Testing Services | Best software testing consulting companiesgnareshsem
 
Deploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsDeploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsParasoft
 
Live Webinar- Making Test Automation 10x Faster for Continuous Delivery- By R...
Live Webinar- Making Test Automation 10x Faster for Continuous Delivery- By R...Live Webinar- Making Test Automation 10x Faster for Continuous Delivery- By R...
Live Webinar- Making Test Automation 10x Faster for Continuous Delivery- By R...RapidValue
 
An Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceAn Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceRapidValue
 
Software testing services growth report oct 11
Software testing services growth report oct 11Software testing services growth report oct 11
Software testing services growth report oct 11Transition Consulting Limited, India
 
Enabling Agility Through DevOps
Enabling Agility Through DevOpsEnabling Agility Through DevOps
Enabling Agility Through DevOpsLeland Newsom CSP-SM, SPC5, SDP
 
The quality assurance checklist for progressive testing
The quality assurance checklist for progressive testingThe quality assurance checklist for progressive testing
The quality assurance checklist for progressive testingMaitrikpaida
 

More Related Content

What's hot

The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...Parasoft
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service VirtualizationParasoft
 
Qa focus 2015 2020
Qa focus 2015 2020Qa focus 2015 2020
Qa focus 2015 2020anuvip
 
Testing in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTesting in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTechWell
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTechWell
 
Rx for FDA Software Compliance
Rx for FDA Software ComplianceRx for FDA Software Compliance
Rx for FDA Software ComplianceParasoft
 
Don't be a DevOps Failure
Don't be a DevOps FailureDon't be a DevOps Failure
Don't be a DevOps FailureDevOps.com
 
Quality Assurance Guidelines
Quality Assurance GuidelinesQuality Assurance Guidelines
Quality Assurance GuidelinesTim Stribos
 
Predictive Test Planning to Improve System Quality
Predictive Test Planning to Improve System QualityPredictive Test Planning to Improve System Quality
Predictive Test Planning to Improve System QualityTechWell
 
Digital Assurance Center of Excellence
Digital Assurance Center of ExcellenceDigital Assurance Center of Excellence
Digital Assurance Center of ExcellenceIra Agarwal
 
Testing Services - Software Quality Assurance
Testing Services - Software Quality AssuranceTesting Services - Software Quality Assurance
Testing Services - Software Quality AssuranceCCS Technologies (P) Ltd.
 
Cutting Costs and Managing Quality
Cutting Costs and Managing QualityCutting Costs and Managing Quality
Cutting Costs and Managing QualitySriram Rajagopalan
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 
Neev Independent Testing Services
Neev Independent Testing ServicesNeev Independent Testing Services
Neev Independent Testing ServicesNeev Technologies
 
Software Testing Services | Best software testing consulting companies
Software Testing Services | Best software testing consulting companiesSoftware Testing Services | Best software testing consulting companies
Software Testing Services | Best software testing consulting companiesgnareshsem
 
Deploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsDeploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsParasoft
 
Live Webinar- Making Test Automation 10x Faster for Continuous Delivery- By R...
Live Webinar- Making Test Automation 10x Faster for Continuous Delivery- By R...Live Webinar- Making Test Automation 10x Faster for Continuous Delivery- By R...
Live Webinar- Making Test Automation 10x Faster for Continuous Delivery- By R...RapidValue
 
An Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceAn Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceRapidValue
 

What's hot (20)

The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service Virtualization
 
Qa focus 2015 2020
Qa focus 2015 2020Qa focus 2015 2020
Qa focus 2015 2020
 
Testing in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTesting in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future Possibilities
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
 
Rx for FDA Software Compliance
Rx for FDA Software ComplianceRx for FDA Software Compliance
Rx for FDA Software Compliance
 
All about cigniti
All about cignitiAll about cigniti
All about cigniti
 
Don't be a DevOps Failure
Don't be a DevOps FailureDon't be a DevOps Failure
Don't be a DevOps Failure
 
Quality Assurance Guidelines
Quality Assurance GuidelinesQuality Assurance Guidelines
Quality Assurance Guidelines
 
Predictive Test Planning to Improve System Quality
Predictive Test Planning to Improve System QualityPredictive Test Planning to Improve System Quality
Predictive Test Planning to Improve System Quality
 
Digital Assurance Center of Excellence
Digital Assurance Center of ExcellenceDigital Assurance Center of Excellence
Digital Assurance Center of Excellence
 
Testing Services - Software Quality Assurance
Testing Services - Software Quality AssuranceTesting Services - Software Quality Assurance
Testing Services - Software Quality Assurance
 
Cutting Costs and Managing Quality
Cutting Costs and Managing QualityCutting Costs and Managing Quality
Cutting Costs and Managing Quality
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps World
 
Neev Independent Testing Services
Neev Independent Testing ServicesNeev Independent Testing Services
Neev Independent Testing Services
 
Software Testing Services | Best software testing consulting companies
Software Testing Services | Best software testing consulting companiesSoftware Testing Services | Best software testing consulting companies
Software Testing Services | Best software testing consulting companies
 
Deploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsDeploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test Environments
 
Live Webinar- Making Test Automation 10x Faster for Continuous Delivery- By R...
Live Webinar- Making Test Automation 10x Faster for Continuous Delivery- By R...Live Webinar- Making Test Automation 10x Faster for Continuous Delivery- By R...
Live Webinar- Making Test Automation 10x Faster for Continuous Delivery- By R...
 
An Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceAn Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open Source
 
Software testing services growth report oct 11
Software testing services growth report oct 11Software testing services growth report oct 11
Software testing services growth report oct 11
 

Similar to Building a Quality Culture Across DevOps

The quality assurance checklist for progressive testing
The quality assurance checklist for progressive testingThe quality assurance checklist for progressive testing
The quality assurance checklist for progressive testingMaitrikpaida
 
Developing a Testing Strategy for DevOps Success
Developing a Testing Strategy for DevOps SuccessDeveloping a Testing Strategy for DevOps Success
Developing a Testing Strategy for DevOps SuccessDevOps.com
 
DevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousDevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousArthur Hicken
 
Integrated Agile and DevOps: DevOps 2.0 and Beyond
Integrated Agile and DevOps: DevOps 2.0 and BeyondIntegrated Agile and DevOps: DevOps 2.0 and Beyond
Integrated Agile and DevOps: DevOps 2.0 and BeyondDevOps.com
 
[India Merge World Tour] Coverity
[India Merge World Tour] Coverity[India Merge World Tour] Coverity
[India Merge World Tour] CoverityPerforce
 
The Anti-Transformation transformation @DevOps Summit Amsterdam
The Anti-Transformation transformation @DevOps Summit AmsterdamThe Anti-Transformation transformation @DevOps Summit Amsterdam
The Anti-Transformation transformation @DevOps Summit AmsterdamMirco Hering
 
Maximize Your Enterprise DevOps Efforts and Outcomes with Value Streams
Maximize Your Enterprise DevOps Efforts and Outcomes with Value StreamsMaximize Your Enterprise DevOps Efforts and Outcomes with Value Streams
Maximize Your Enterprise DevOps Efforts and Outcomes with Value StreamsDevOps.com
 
[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development TestingPerforce
 
Ravi Lakkavalli - World Quality Report.pptx
Ravi Lakkavalli - World Quality Report.pptxRavi Lakkavalli - World Quality Report.pptx
Ravi Lakkavalli - World Quality Report.pptxQA or the Highway
 
HPE ALM Octane | DevOps | Agile
HPE ALM Octane | DevOps | AgileHPE ALM Octane | DevOps | Agile
HPE ALM Octane | DevOps | AgileJeffrey Nunn
 
Quality at the speed of digital
Quality at the speed of digitalQuality at the speed of digital
Quality at the speed of digitalrajni singh
 
How to build confidence in your release cycle
How to build confidence in your release cycleHow to build confidence in your release cycle
How to build confidence in your release cycleDiUS
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareParasoft
 
SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'WHSZachJones
 
Metrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation SuccessMetrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation SuccessXebiaLabs
 
DevOps Winners and Losers
DevOps Winners and LosersDevOps Winners and Losers
DevOps Winners and LosersLance Knight
 
DevOps evolution architecting the modern software factory - cloud expo east 2017
DevOps evolution architecting the modern software factory - cloud expo east 2017DevOps evolution architecting the modern software factory - cloud expo east 2017
DevOps evolution architecting the modern software factory - cloud expo east 2017Anand Akela
 
Test Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOpsTest Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOpsTechWell
 

Similar to Building a Quality Culture Across DevOps (20)

Enabling Agility Through DevOps
Enabling Agility Through DevOpsEnabling Agility Through DevOps
Enabling Agility Through DevOps
 
The quality assurance checklist for progressive testing
The quality assurance checklist for progressive testingThe quality assurance checklist for progressive testing
The quality assurance checklist for progressive testing
 
Developing a Testing Strategy for DevOps Success
Developing a Testing Strategy for DevOps SuccessDeveloping a Testing Strategy for DevOps Success
Developing a Testing Strategy for DevOps Success
 
DevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousDevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuous
 
Integrated Agile and DevOps: DevOps 2.0 and Beyond
Integrated Agile and DevOps: DevOps 2.0 and BeyondIntegrated Agile and DevOps: DevOps 2.0 and Beyond
Integrated Agile and DevOps: DevOps 2.0 and Beyond
 
[India Merge World Tour] Coverity
[India Merge World Tour] Coverity[India Merge World Tour] Coverity
[India Merge World Tour] Coverity
 
The Anti-Transformation transformation @DevOps Summit Amsterdam
The Anti-Transformation transformation @DevOps Summit AmsterdamThe Anti-Transformation transformation @DevOps Summit Amsterdam
The Anti-Transformation transformation @DevOps Summit Amsterdam
 
Maximize Your Enterprise DevOps Efforts and Outcomes with Value Streams
Maximize Your Enterprise DevOps Efforts and Outcomes with Value StreamsMaximize Your Enterprise DevOps Efforts and Outcomes with Value Streams
Maximize Your Enterprise DevOps Efforts and Outcomes with Value Streams
 
[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing
 
Ravi Lakkavalli - World Quality Report.pptx
Ravi Lakkavalli - World Quality Report.pptxRavi Lakkavalli - World Quality Report.pptx
Ravi Lakkavalli - World Quality Report.pptx
 
HPE ALM Octane | DevOps | Agile
HPE ALM Octane | DevOps | AgileHPE ALM Octane | DevOps | Agile
HPE ALM Octane | DevOps | Agile
 
Quality at the speed of digital
Quality at the speed of digitalQuality at the speed of digital
Quality at the speed of digital
 
How to build confidence in your release cycle
How to build confidence in your release cycleHow to build confidence in your release cycle
How to build confidence in your release cycle
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive Software
 
SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'SAST in the SDLC: Building a plan for 'going left'
SAST in the SDLC: Building a plan for 'going left'
 
Metrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation SuccessMetrics That Matter: How to Measure Digital Transformation Success
Metrics That Matter: How to Measure Digital Transformation Success
 
DevOps Winners and Losers
DevOps Winners and LosersDevOps Winners and Losers
DevOps Winners and Losers
 
DevOps evolution architecting the modern software factory - cloud expo east 2017
DevOps evolution architecting the modern software factory - cloud expo east 2017DevOps evolution architecting the modern software factory - cloud expo east 2017
DevOps evolution architecting the modern software factory - cloud expo east 2017
 
Test Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOpsTest Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOps
 

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

Building a Quality Culture Across DevOps

  • 1. © 2018 VERACODE INC.1 Software Quality as a Competitive Differentiator Maria Loughlin, VP Engineering @marialoughlin
  • 2. © 2018 VERACODE INC.2 On This Webinar 1. Quality and Business Success 2. DevOps Promises & Gaps 3. Building a Quality System
  • 3. © 2018 VERACODE INC.3 Poll: Who’s Attending This Webinar? • Quality Professional (Tester, QA Eng, SWET, Architect) • Developer / DevOps / Operations Engineer • Product Manager / UX Designer • Engineering Manager / Executive • Other
  • 4. © 2018 VERACODE INC.4 Revenue and Net Promoter Score SOURCE: The Net Promoter System. Bain & Company, Inc. “On average, an industry’s Net Promoter leader outgrew its competitors by a factor greater than two times.”
  • 5. © 2018 VERACODE INC.5 High Quality, High Trust SOURCE: https://cxi.today/2018-cx-trends/analytics-infographic-5-trends- shaping-cx-in-2018/
  • 6. © 2018 VERACODE INC.6 Quality Productivity Predictability Employee Happiness Innovation
  • 7. © 2018 VERACODE INC.7 Maria Loughlin VP Engineering, Veracode • Two decades of software engineering leadership • Waterfall to Agile to DevOps • Monolith to MicroServices • Manage development and operations for the FedRAMP instance of Veracode’s Application Security products. • Deep expertise in Secure SDLC and DevSecOps.
  • 8. © 2018 VERACODE INC.8 Poll Results: Who’s Attending This Webinar?
  • 9. © 2018 VERACODE INC.9 © 2018 VERACODE INC. Part II: Quality and DevOps
  • 10. © 2018 VERACODE INC.10 DevOps Promise: Continuous Testing Image: https://www.parasoft.com/solutions/continuous-testing
  • 11. © 2018 VERACODE INC.11 DevOps Promise: Comprehensive Testing Unit Component Integration E2E UI Shift Right Shift Left Automation throughout the stack Automation throughout the lifecycle
  • 12. © 2018 VERACODE INC.12 Unit Compo nent Integrat ion End to End DevOps Reality: Inconsistent Testing • Quality investment often driven by delivery team, independent of overall strategy • All sorts of tests with almost equal priorities
  • 13. © 2018 VERACODE INC.13 State of Software Quality SOURCE: GitLab 2018 Global Developer Report, https://about.gitlab.com/developer-survey/2018/ / 42% sacrifice quality to meet a deadline
  • 14. © 2018 VERACODE INC.14 SOURCE: GitLab 2018 Global Developer Report, https://about.gitlab.com/developer-survey/2018/ / Testing causes delays
  • 15. © 2018 VERACODE INC.15 The Change Failure Rate for high performers is 5 times lower than for low performers SOURCE: Puppet 2017 State of DevOps Report, https://puppet.com/resources/whitepaper/2017-state-of-devops-report
  • 16. © 2018 VERACODE INC.16 The Mean Time to Repair (MTTR) for high performers is 96 times faster than for low performers SOURCE: Puppet 2017 State of DevOps Report, https://puppet.com/resources/whitepaper/2017-state-of-devops-report
  • 17. © 2018 VERACODE INC.17 85% of applications are vulnerable35.9% 33.5% 85.1% 84.9% First Scan Latest Scan High or Very High Severity Any Severity Percent of Applications with Findings Source: Veracode SOSS Volume 9 SOURCE: Veracode SOSS Volume 9, https://www.veracode.com/state-of-software-security-report State of Software Security
  • 18. © 2018 VERACODE INC.18 The percent of applications passing OWASP Top 10 Policy on first scan is consistent over time 23% 77% 13% 87% 32.3% 67.7% 38.6% Passed 61.4% Did Not Pass 30.2% 69.8% 2010 2013 2015 2016 2017 Percentage of Applications Passing OWASP on First Scan Source: Veracode SOSS Volume 9 SOURCE: Veracode SOSS Volume 9
  • 19. © 2018 VERACODE INC.19 What’s The Challenge? 1. Reinvested quality process 2. Unfocused quality efforts 3. Relentless pressure to deliver 4. Complexity of software – more than ever before
  • 20. © 2018 VERACODE INC.20 Challenge 1: Who’s Responsible for Quality? Dev Product Tester Designer Mgr Dev Product Tester Designer Mgr Monitoring Analytics SupportInfra- structure Dev Product Tester Designer Mgr Waterfall Agile DevOps
  • 21. © 2018 VERACODE INC.21 Challenge 2: Unfocused Quality Efforts Quality can be subjective and contextual.
  • 22. © 2018 VERACODE INC.22 Challenge 3: Relentless Pressure To Deliver
  • 23. © 2018 VERACODE INC.23 Challenge 4: Software Is Increasingly Complex Today’s software is • Distributed • Embedded in complex systems • Autonomously learning and evolving • Deployed to untrusted environments
  • 25. © 2018 VERACODE INC.25 © 2018 VERACODE INC. Part 3: Creating a Quality System
  • 26. © 2018 VERACODE INC.26 Creating a Quality System Specify CI/CD across organization with recommended tools Drive Quality Strategy Quality Process Test Automation
  • 27. © 2018 VERACODE INC.27 Strategy: Quality Goals ` Strategy Process Automation Is Your Customer Getting the Value They Expect? • Functional • Great user experience • Consistent, reliable • High performing Will Your Team Remain Productive? • Maintainable • Scalable • Secure
  • 28. © 2018 VERACODE INC.28 Strategy: When and Where? • Pre-production – Test functionality, stability, security, customer satisfaction, compliance • Production – Test functionality, performance, resilience, stability – Experiment to test new ideas ` Strategy Process Automation
  • 29. © 2018 VERACODE INC.29 Strategy: Who? Unit Component Integration E2E UI Delivery team owns the tests • Maturity of organization impacts exact staffing – Lower layers always developer • Quality mindset always present – QA architect and ever-present voice of customer ` Strategy Process Automation
  • 30. © 2018 VERACODE INC.30 Process: Investment by Phase • Inspect and adapt process • Continuous production feedback • Customer data • Upper layers of test pyramid • Quality dashboards • Security testing WALK CRAWL RUN • Deployment automation, CI/CD • Unit tests and mocking code • Test infrastructure ` Strategy Process Automation
  • 31. © 2018 VERACODE INC.31 Process: Definition of Done ` Strategy Process Automation Test investment
  • 32. © 2018 VERACODE INC.32 Process: Metrics Internal View • Test coverage • Reopened issues Customer View • Escaped defects • MTTR • Service interruption ` Strategy Process Automation
  • 33. © 2018 VERACODE INC.33 Automate Everything 1. DevOps Infrastructure ` Strategy Process Automation Unit Component Integration E2E UI 2. Tests
  • 34. © 2018 VERACODE INC.34 SOURCE: Atlassian Marketplace for DevOps Apps, https://marketplace.atlassian.com/categories/devops
  • 35. © 2018 VERACODE INC.35 Automation: Infrastructure ` Strategy Process Automation Infrastructure Consideration CI / CD Pipeline Reliable, repeatable Example: Jenkins Test Environments Easy to create and scale. Monitor for cost Test Frameworks Can be integrated with build pipeline, e.g. GitLab Or separate tool, e.g. Robot / TestNG Quality Metrics Transparent, consistent Example: SonarCube, Bug tracker with analytics
  • 36. © 2018 VERACODE INC.36 Test Layer Consideration Example Tools UI Match your UI language E2E Include performance testing Integration Focus on interactions between microservice and external services Component Include performance testing Unit Match your language primitive Automation: The Test Stack Test Layer Consideration Example Tools UI Match your UI language Protractor for Single Page Apps, or Selenium, Cyprus, Jest E2E Include performance testing Selenium, Protractor, Cyprus, Jest Integration Focus on interactions between microservice and external services API: Rest Assured, Postman Component Include performance testing Mockito for mocking framework Unit Match your language primitive Junit, PyUnit UI Unit tests: Karma, Jasmine ` Strategy Process Automation
  • 37. © 2018 VERACODE INC.37 © 2018 VERACODE INC. Driving Quality Across The Organization
  • 38. © 2018 VERACODE INC.38 Creating a Quality Culture Break the Silos Support the Team Learn Continuously
  • 39. © 2018 VERACODE INC.39 Guilds: Experts Support Each Other • Identify your leaders and practice experts • Hold regular ‘birds of a feather’ meetings • Share learnings, trends and best practices constantly • Encourage & reward participation
  • 40. © 2018 VERACODE INC.40 Continuous Learning
  • 41. © 2018 VERACODE INC.41 What About Security Quality? Specify Security Strategy Security Process Security Automation
  • 42. © 2018 VERACODE INC.42 Strategy: Security Policy Policy defines and supports your tolerance for risk. • Requirements for remediation of vulnerable code and components • Standards for software licence usage • Recommended libraries, frameworks, embedded components
  • 43. © 2018 VERACODE INC.43 Process: Security Maturity Model (SAMPLE) Activity Base Beginner Intermediate Advanced Expert Training Secure Design Security Code Review Security Testing Third Party Activity Base Beginner Intermediate Advanced Expert Training Secure Design Security is not a design consideration Security reqts are generally defined after development has started or completed Threat modeling before major components or features Security reqts are defined before major componen ts or features Threat modeling is incorporated into the story process Security reqts are defined as story Acceptance Criteria on relevant stories Security Acceptance Criteria defined for all relevant stories Security Code Review Security Testing Third Party
  • 44. © 2018 VERACODE INC.44 Security Automation The best app security is invisible to developers
  • 45. © 2018 VERACODE INC.45 Recap: On This Webinar 1. Quality and Business Success 2. DevOps: Promises & Gaps 3. Building a Quality System “Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution” – William A. Foster
  • 47. © 2018 VERACODE INC.47 © 2018 VERACODE INC. Q & A www.veracode.com