Continuous testing is a process that executes automated tests as part of a software delivery pipeline to rapidly obtain feedback on releases. The objectives are to collaborate with business, force an organization-wide cultural change to synchronize development and operations, assess business risk coverage, and accelerate time-to-market. Continuous testing is relevant for both development and operations teams when using microservices and containers, and should standardize internal development principles to ensure quality and client focus. The recommended approach is to create a culture for development and operations teams to work together, deploy a faster development lifecycle, test all parts to ensure quality of service, reduce container threats, and enhance client satisfaction.

2. Continuous Testing
in Containerized Environment

3. Continuous Testing
Quésako ?
What is this ?
Process for executing automated tests as part of a software delivery
pipeline in order to obtain feedbacks on business, quality, risks and
security associated with a software release candidate as rapidly as
possible.
The approach to Continuous Testing can vary and follow diverse
pathways to ensure the best user experience is delivered, free of
defects.
Objectives
● Collaborates with business to ensure a better client satisfaction
● Forces an organization-wide cultural change to synchronize Dev,
Ops and QA/Testing as part of the true DevOps philosophy
● Helps to assess exact business risk coverage
● Accelerates time-to-market with a continuous feedback
mechanism
● Test Automation helps to achieve consistency by maintaining the
same configuration for all relevant tests
● Emphasizes business expectations to mitigate business risks

4. Continuous Testing
By Treeptik
Principles
Continuous testing is a part of continuous security process and today
it is not only relevant to developer teams but to operation teams too.
Microservices change the way we develop applications, build them, test
them and deploy them.
Standardize internal development principles of each team to ensure
cohesion and adherence to a common culture based on quality and
client focus.
Objectives
● Link continuous testing with continuous security to get a reliable
architecture

5. 5
Recommended approach
ObserveRunHostsTestBuildCreate
■ Create a culture on which developer and operations team can work together
■ Deploy a better and faster development life cycle
■ Test each part to ensure a quality of service
■ Reduce / avoid container threats
■ Enhance client satisfaction

6. 6
Recommended approach - Create
ObserveRunHostsTestBuildCreate
■ Be agile in development
■ Version and tag the source code
■ Define code quality policies
■ Always review the code
■ Develop microservices instead of monolithic applications
■ Favour containers
■ Think Cloud Native

7. 7
Recommended approach - Build
ObserveRunHostsTestBuildCreate
■ Build everything with a single tool
■ Centralize all the builds in a single place
■ Enforce image definition file (Dockerfile) policies
■ Enforce image policies
■ Sign images

8. 8
Recommended approach - Test
ObserveRunHostsTestBuildCreate
■ Develop and run unit and functional tests of each application
■ Automate run test environment
■ Get reports of each test and analyse it
■ Enforce containers policies
■ Containers benchmarking (microscanner)

9. 9
Recommended approach - Hosts
ObserveRunHostsTestBuildCreate
■ Remember, automation is the key
■ Deploy as possible platforms that can be recycled easily
■ Manage containers with an orchestration platform
■ Think Cloud externalization
■ Orchestrator benchmarking (kubebench, kubehunter, ...)

10. 10
Recommended approach - Run
ObserveRunHostsTestBuildCreate
■ Enforce run time policies in container
■ Restrict containers activities
■ Enforce networking policies to containers
■ Use commercial tools to easily manage policies
■ Get reports on vulnerabilities

11. 11
Recommended approach - Observe
ObserveRunHostsTestBuildCreate
■ Get meaningful measure
■ Set simple and useful reports
■ Monitor everything efficiently
■ Automate tasks on alerts
■ Reports to the good team
■ Be proactive and not reactive

12. 12
Success factors
Code Quality
Reduce production costs, most effective utilization
of resources, reduction in inspections, ...
Test everything
Test each level of the architecture, from
development to production deployment. Dev
and Ops have to work together to deploy a
reliable and secure platform.
Security
Ensure a quality of service for better client
satisfaction. Developer and operation team has to
work together to ensure a secured platform..
Automation
Automate everything is the key to be more reliable.
This ensure that anything can be redeployed securely at
anytime without downtime.
Microservices / Cloud native
Develop and deploy microservices on different
platforms, using different programming languages
and developer tools.
Orchestration
Offer much better portability and efficiency compared to
running apps inside of VM hypervisor. Easier to manage
scalability and high availabilityof each application.

13. 13
Security details
Network Security
Provides a security solution
for container networks.
Adapts automatically to
different contexts to protect
running containers.
Image policies
Static analysis of register
images to verify
their conformities and
identify their known safety
deficiencies.
Run Time Security
Provides real-time visibility on
container activity, detects
configuration errors, exploits and
attacks.
Access control
Allows fine management of system
access, process and file on each
container deploy on an
orchestration platform.

14. 14
Finality
Agile Development
Continuous Integration
Continuous Delivery
Continuous
Deployment
● Quality measurement
● Continuous testing in practice
● Extended acceptance criteria
● Deployment of multiple version
● High degree of automation
● Autonomous teams
● Quality first
● Mature change management
organization
● Frequently review
● Impact measurement
● Clients feedback
● Frequent integration, several times a day
● Checking artifacts built continuously
● Definition of acceptance criteria for artifacts
● Collaboration of teams based on predefined tools
● Development planning based on sprints and management of a backlog
● Definition of best development practices
● Definition of development frameworks
Client
Feedback

15. Demo

16. 16
Neuvector approach

17. 17
Run Securely

18. Merci !