SlideShare a Scribd company logo

Flight East 2018 Presentation–Continuous Integration––An Overview

Synopsys Software Integrity Group
Synopsys Software Integrity Group

Dr. Robert Burnett, director of software engineering at L3 Communications Corporation presented "Continuous Integration––An Overview." For more information, please visit us at www.blackducksoftware.com

Software
1 of 19
Download to read offline
Continuous Integration —An Overview Dr. Robert Burnett Director, Software Engineering This presentation consists of L -3 Communications Corporation general capabilities and administrative information that does not contain controlled technical data as defined within the International Traffic in Arms (ITAR) Part 120.10 or Export Administration Regulations (EAR) Part 734.7-11.
The practice of regular, comprehensive, and automatic building and testing of applications in software development Continuous Integration Compile Build Test 2
Reliance on manual processes to build and test software is problematic. • Error prone. • Lack of consistency • Build and integration processes have become more complex • Static testing is a critical step in the process • Quick turnaround on validating changes is now required to: • Reduce cost associated with finding defects late • Reduce time to deploy changes/updates Why is Continuous Integration (CI) so important? 3
Continuous Integration is a development practice that requires developers to integrate code into a shared repository several times a day. Each commit is then verified by an automated build, allowing teams to detect problems early. Integration builds are tested early and often and functional builds are maintained at all times. • Don’t leave the build broken • In a Continuous Integration environment you should never have a integration build in a ‘failure state’ for long. A Fundamental change in how you think about software development
Martin Fowler’s “original” principles of Continuous Deployment 1. Configuration control single code repository 2. Automate the build process 3. Automate testing 4. Developers commit changes to the baseline daily 5. Build every commit (to baseline) 6. Keep the build fast 7. Test in a clone of the production environment 8. Make it easy to get executable code 9. Give everyone full visibility to the results of the latest build 10. Automate deployment Continuous Integration 5
The CI Build System Developers Workspace CI server Dashboard Version Controlled Repository Poll Commit Changes Results Build and Test Servers 6
Continuous Integration - Basic steps • Developers load the project source code into their private workspaces. When done, commit the changes to the repository • The CI server monitors the repository and processes changes when they occur. The CI server: • Builds the system and runs unit and integration tests • Releases deployable artifacts for testing • Assigns a build label to the version of the code it just built • Informs the team of the successful build • Alerts the team if the build (or individual tests) fail • The team fixes the issue at the earliest opportunity • Report nightly build status on Dashboard 7
Continuous Integration – Team responsibilities Commit frequently Don’t commit broken code Don’t commit untested code Don’t commit when the build is broken Don’t go home after committing code until the system builds 8
1. Before committing changes, check to see if a build is currently in the "Successful" status. If not, you should assist in fixing a build before committing new code. 2. If the status is currently "Successful", you should update your personal workspace to this configuration. 3. Build and test locally to ensure the update doesn't break functionality. 4. If Successful, commit the changes to the repository. 5. Allow CI to complete with new changes. 6. If build fails, stop and fix on your machine. Return to step 3. 7. If build passes, continue to work on the next item. Continuous Integration checklist 9
10
Adding BlackDuck to our Continuous code inspection 11 Cause for caution Not all Open-Source Software is Free Open-Source Software (Free or other wise) may have security vulnerabilities. Sandwich from The Linux Foundation, Flight 2017 Free and Open-Source Software (FOSS) FOSS is a major part of the software development landscape which cannot be ignored. FOSS provides software developers with a significant advantage of not having to reinvent the wheel (or re “implement” the wheel) for their project.
Scans code for use of FOSS • Identifies OSS components in code (Generates FOSS BOM) • Provides associated OSS license, compliance and risk of usage • Provides security vulnerability information for current and previous scans • Provides alert of the usage of unapproved OSS How BlackDuck Hub Helps 12
Complex software development environments supporting multiple targets. • Embedded ( C/C++,Python, etc.), Application (Java, JavaScript, etc.) Significant variation in the software development processes • Agile , Waterfall, and every thing in between Significant variation in the developers level of engagement and buy-in with CI. • First impression is this is “extra work” Our experience at L3 13
14 The Chris Shayan Continuous Delivery Maturity Matrix Our Progress in the last 5 years Continuous Delivery Maturity Matrix
Results of using the Test Automation (TA) on pilot Project A Test automation in support of Continuous integration 15 Before TA After TA % Improvement Time to write tests and perform dry-runs per requirement 4 hrs/req 1.8 hrs/req 55% Time to test each requirement in formal test 5 mins/req 0.34 mins/req 93% Total execution time 12 hours 35 mins auto + 1 hrs manual 87%
Results: • Schedule for integration effort was predictable • Lab Integration of software components was very quick (within a couple of hours) or worked 100% the first time since all components were already thoroughly tested in simulation • Quick evaluation of code change during compilation and unit test • Quick evaluation of pass/fail on new builds during integration via automated regression suites • Zero defects found during SW Verification dry runs and formal testing • Zero defects found during System Verification dry runs 100% Code Coverage and Continuous Integration on Project E 16
Other examples 17 Project A2-L: After implementing core pieces of CI (Build automation and Test automation), the cycle time for a new build release (tested & verified) was reduced from and manually intensive 3+ day effort to 4 hours. Project A3-M: After implementing core pieces of CI time for incremental release (built, tested & verified) was reduced from 146 hours to 38 hours
Main reasons for Continuous Integration to fail Infrequent check-ins, which lead to delayed integrations Broken builds, which prevent teams from moving on to other tasks Minimal feedback, which prevents action from occurring Receiving spam feedback, which causes people to ignore messages Possessing a slow machine, which delays feedback Relying on a bloated build, which reduces rapid feedback 18
Thank you!

Recommended

Flight East 2018 Presentation–A DevOps State of Mind: Continuous Security wit...
Flight East 2018 Presentation–A DevOps State of Mind: Continuous Security wit...Flight East 2018 Presentation–A DevOps State of Mind: Continuous Security wit...
Flight East 2018 Presentation–A DevOps State of Mind: Continuous Security wit...
Synopsys Software Integrity Group
 
Flight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at DocusignFlight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at Docusign
Synopsys Software Integrity Group
 
Integrating Black Duck into your Agile DevOps Environment
Integrating Black Duck into your Agile DevOps EnvironmentIntegrating Black Duck into your Agile DevOps Environment
Integrating Black Duck into your Agile DevOps Environment
Black Duck by Synopsys
 
Making the Transition from Suite to the Hub
Making the Transition from Suite to the HubMaking the Transition from Suite to the Hub
Making the Transition from Suite to the Hub
Black Duck by Synopsys
 
Customer Case Study: ScienceLogic - Many Paths to Compliance
Customer Case Study: ScienceLogic - Many Paths to ComplianceCustomer Case Study: ScienceLogic - Many Paths to Compliance
Customer Case Study: ScienceLogic - Many Paths to Compliance
Black Duck by Synopsys
 
Securing deployment pipeline
Securing deployment pipelineSecuring deployment pipeline
Securing deployment pipeline
Len Bass
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
DevOps.com
 
Dev ops and safety critical systems
Dev ops and safety critical systemsDev ops and safety critical systems
Dev ops and safety critical systems
Len Bass
 

Recommended

Flight East 2018 Presentation–A DevOps State of Mind: Continuous Security wit...
Flight East 2018 Presentation–A DevOps State of Mind: Continuous Security wit...Flight East 2018 Presentation–A DevOps State of Mind: Continuous Security wit...
Flight East 2018 Presentation–A DevOps State of Mind: Continuous Security wit...
Synopsys Software Integrity Group
 
Flight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at DocusignFlight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at Docusign
Synopsys Software Integrity Group
 
Integrating Black Duck into your Agile DevOps Environment
Integrating Black Duck into your Agile DevOps EnvironmentIntegrating Black Duck into your Agile DevOps Environment
Integrating Black Duck into your Agile DevOps Environment
Black Duck by Synopsys
 
Making the Transition from Suite to the Hub
Making the Transition from Suite to the HubMaking the Transition from Suite to the Hub
Making the Transition from Suite to the Hub
Black Duck by Synopsys
 
Customer Case Study: ScienceLogic - Many Paths to Compliance
Customer Case Study: ScienceLogic - Many Paths to ComplianceCustomer Case Study: ScienceLogic - Many Paths to Compliance
Customer Case Study: ScienceLogic - Many Paths to Compliance
Black Duck by Synopsys
 
Securing deployment pipeline
Securing deployment pipelineSecuring deployment pipeline
Securing deployment pipeline
Len Bass
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
DevOps.com
 
Dev ops and safety critical systems
Dev ops and safety critical systemsDev ops and safety critical systems
Dev ops and safety critical systems
Len Bass
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Introduction to dev ops
Introduction to dev opsIntroduction to dev ops
Introduction to dev ops
Len Bass
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
Tim Mackey
 
Packaging tool options
Packaging tool optionsPackaging tool options
Packaging tool options
Len Bass
 
Integrating security into Continuous Delivery
Integrating security into Continuous DeliveryIntegrating security into Continuous Delivery
Integrating security into Continuous Delivery
Tom Stiehm
 
Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Security
sedukull
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLC
Suman Sourav
 
Securing Docker Containers
Securing Docker ContainersSecuring Docker Containers
Securing Docker Containers
Black Duck by Synopsys
 
Don't Let Open Source be the Deal Breaker In Your M&A
Don't Let Open Source be the Deal Breaker In Your M&A Don't Let Open Source be the Deal Breaker In Your M&A
Don't Let Open Source be the Deal Breaker In Your M&A
Black Duck by Synopsys
 
Experience in teaching devops
Experience in teaching devopsExperience in teaching devops
Experience in teaching devops
Len Bass
 
Integrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIsIntegrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIs
Black Duck by Synopsys
 
Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?
Reuven Harrison
 
Рабочие нагрузки Skype for business 2015 UC Lab
Рабочие нагрузки Skype for business 2015 UC LabРабочие нагрузки Skype for business 2015 UC Lab
Рабочие нагрузки Skype for business 2015 UC Lab
UC2
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Gene Gotimer
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
CYBRIC
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
Gene Gotimer
 
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsTechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
DicodingEvent
 
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Perforce
 
SecDevOps
SecDevOpsSecDevOps
SecDevOps
Peter Lamar
 
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavOWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
Abhay Bhargav
 
What is Continuous Integration and Continuous Delivery
What is Continuous Integration and Continuous Delivery What is Continuous Integration and Continuous Delivery
What is Continuous Integration and Continuous Delivery
Sarah Elson
 
Introduction to Continuous Integration
Introduction to Continuous IntegrationIntroduction to Continuous Integration
Introduction to Continuous Integration
Zahra Golmirzaei
 

More Related Content

What's hot

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Introduction to dev ops
Introduction to dev opsIntroduction to dev ops
Introduction to dev ops
Len Bass
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
Tim Mackey
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Gene Gotimer
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
Gene Gotimer
 
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsTechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
DicodingEvent
 
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavOWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
Abhay Bhargav
 

What's hot (20)

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Introduction to dev ops
Introduction to dev opsIntroduction to dev ops
Introduction to dev ops
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
Packaging tool options
Packaging tool optionsPackaging tool options
Packaging tool options
 
Integrating security into Continuous Delivery
Integrating security into Continuous DeliveryIntegrating security into Continuous Delivery
Integrating security into Continuous Delivery
 
Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Security
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLC
 
Securing Docker Containers
Securing Docker ContainersSecuring Docker Containers
Securing Docker Containers
 
Don't Let Open Source be the Deal Breaker In Your M&A
Don't Let Open Source be the Deal Breaker In Your M&A Don't Let Open Source be the Deal Breaker In Your M&A
Don't Let Open Source be the Deal Breaker In Your M&A
 
Experience in teaching devops
Experience in teaching devopsExperience in teaching devops
Experience in teaching devops
 
Integrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIsIntegrating Black Duck into Your Environment with Hub APIs
Integrating Black Duck into Your Environment with Hub APIs
 
Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?
 
Рабочие нагрузки Skype for business 2015 UC Lab
Рабочие нагрузки Skype for business 2015 UC LabРабочие нагрузки Skype for business 2015 UC Lab
Рабочие нагрузки Skype for business 2015 UC Lab
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
 
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsTechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
 
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
 
SecDevOps
SecDevOpsSecDevOps
SecDevOps
 
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavOWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
 

Similar to Flight East 2018 Presentation–Continuous Integration––An Overview

Continuous Integration Approach
Continuous Integration ApproachContinuous Integration Approach
Continuous Integration Approach
Nigel Thurlow
 
No Test without Integration - final
No Test without Integration - finalNo Test without Integration - final
No Test without Integration - final
Andre Verschelling
 
Release Automation: Better Quality, Faster Deployment, Amazing ROI
Release Automation: Better Quality, Faster Deployment, Amazing ROIRelease Automation: Better Quality, Faster Deployment, Amazing ROI
Release Automation: Better Quality, Faster Deployment, Amazing ROI
TechWell
 

Similar to Flight East 2018 Presentation–Continuous Integration––An Overview (20)

What is Continuous Integration and Continuous Delivery
What is Continuous Integration and Continuous Delivery What is Continuous Integration and Continuous Delivery
What is Continuous Integration and Continuous Delivery
 
Introduction to Continuous Integration
Introduction to Continuous IntegrationIntroduction to Continuous Integration
Introduction to Continuous Integration
 
Continuous Integration to Shift Left Testing Across the Enterprise Stack
Continuous Integration to Shift Left Testing Across the Enterprise StackContinuous Integration to Shift Left Testing Across the Enterprise Stack
Continuous Integration to Shift Left Testing Across the Enterprise Stack
 
CI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual interventionCI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual intervention
 
Continuous Integration Testing for SAP
Continuous Integration Testing for SAPContinuous Integration Testing for SAP
Continuous Integration Testing for SAP
 
Continuous Integration Approach
Continuous Integration ApproachContinuous Integration Approach
Continuous Integration Approach
 
Continuous integration with Jenkins
Continuous integration with JenkinsContinuous integration with Jenkins
Continuous integration with Jenkins
 
Continous integration and delivery for single page applications
Continous integration and delivery for single page applicationsContinous integration and delivery for single page applications
Continous integration and delivery for single page applications
 
DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own words
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous Integration
 
No Test without Integration - final
No Test without Integration - finalNo Test without Integration - final
No Test without Integration - final
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous Integration
 
Delivering Quality Software with Continuous Integration
Delivering Quality Software with Continuous IntegrationDelivering Quality Software with Continuous Integration
Delivering Quality Software with Continuous Integration
 
Automated Build using teamcity
Automated Build using teamcityAutomated Build using teamcity
Automated Build using teamcity
 
Continuous Delivery for Open Source Java projects
Continuous Delivery for Open Source Java projectsContinuous Delivery for Open Source Java projects
Continuous Delivery for Open Source Java projects
 
CD
CDCD
CD
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous Everything
 
DevOps and Build Automation
DevOps and Build AutomationDevOps and Build Automation
DevOps and Build Automation
 
Continuous Integration: A Case Study
Continuous Integration: A Case StudyContinuous Integration: A Case Study
Continuous Integration: A Case Study
 
Release Automation: Better Quality, Faster Deployment, Amazing ROI
Release Automation: Better Quality, Faster Deployment, Amazing ROIRelease Automation: Better Quality, Faster Deployment, Amazing ROI
Release Automation: Better Quality, Faster Deployment, Amazing ROI
 

More from Synopsys Software Integrity Group

Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?
Synopsys Software Integrity Group
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
Synopsys Software Integrity Group
 
Webinar–That is Not How This Works
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This Works
Synopsys Software Integrity Group
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for Developers
Synopsys Software Integrity Group
 
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Synopsys Software Integrity Group
 
Webinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedWebinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability Feed
Synopsys Software Integrity Group
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Synopsys Software Integrity Group
 
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileWebinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Synopsys Software Integrity Group
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Synopsys Software Integrity Group
 

More from Synopsys Software Integrity Group (20)

Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?
 
Webinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsWebinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical Apps
 
Webinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewWebinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in Review
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
 
Webinar–That is Not How This Works
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This Works
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What?
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for Developers
 
Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions
 
Webinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilitiesWebinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilities
 
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due ...
 
Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security
 
Webinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedWebinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability Feed
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
 
Webinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingWebinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source Licensing
 
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created Equal
 
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
 
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileWebinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
 

Recently uploaded

Recently uploaded (20)

WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2Con2024 - Unleashing the Financial Potential of 13 Million People
WSO2Con2024 - Unleashing the Financial Potential of 13 Million PeopleWSO2Con2024 - Unleashing the Financial Potential of 13 Million People
WSO2Con2024 - Unleashing the Financial Potential of 13 Million People
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next IntegrationWSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 

Flight East 2018 Presentation–Continuous Integration––An Overview

  • 1. Continuous Integration —An Overview Dr. Robert Burnett Director, Software Engineering This presentation consists of L -3 Communications Corporation general capabilities and administrative information that does not contain controlled technical data as defined within the International Traffic in Arms (ITAR) Part 120.10 or Export Administration Regulations (EAR) Part 734.7-11.
  • 2. The practice of regular, comprehensive, and automatic building and testing of applications in software development Continuous Integration Compile Build Test 2
  • 3. Reliance on manual processes to build and test software is problematic. • Error prone. • Lack of consistency • Build and integration processes have become more complex • Static testing is a critical step in the process • Quick turnaround on validating changes is now required to: • Reduce cost associated with finding defects late • Reduce time to deploy changes/updates Why is Continuous Integration (CI) so important? 3
  • 4. Continuous Integration is a development practice that requires developers to integrate code into a shared repository several times a day. Each commit is then verified by an automated build, allowing teams to detect problems early. Integration builds are tested early and often and functional builds are maintained at all times. • Don’t leave the build broken • In a Continuous Integration environment you should never have a integration build in a ‘failure state’ for long. A Fundamental change in how you think about software development
  • 5. Martin Fowler’s “original” principles of Continuous Deployment 1. Configuration control single code repository 2. Automate the build process 3. Automate testing 4. Developers commit changes to the baseline daily 5. Build every commit (to baseline) 6. Keep the build fast 7. Test in a clone of the production environment 8. Make it easy to get executable code 9. Give everyone full visibility to the results of the latest build 10. Automate deployment Continuous Integration 5
  • 6. The CI Build System Developers Workspace CI server Dashboard Version Controlled Repository Poll Commit Changes Results Build and Test Servers 6
  • 7. Continuous Integration - Basic steps • Developers load the project source code into their private workspaces. When done, commit the changes to the repository • The CI server monitors the repository and processes changes when they occur. The CI server: • Builds the system and runs unit and integration tests • Releases deployable artifacts for testing • Assigns a build label to the version of the code it just built • Informs the team of the successful build • Alerts the team if the build (or individual tests) fail • The team fixes the issue at the earliest opportunity • Report nightly build status on Dashboard 7
  • 8. Continuous Integration – Team responsibilities Commit frequently Don’t commit broken code Don’t commit untested code Don’t commit when the build is broken Don’t go home after committing code until the system builds 8
  • 9. 1. Before committing changes, check to see if a build is currently in the "Successful" status. If not, you should assist in fixing a build before committing new code. 2. If the status is currently "Successful", you should update your personal workspace to this configuration. 3. Build and test locally to ensure the update doesn't break functionality. 4. If Successful, commit the changes to the repository. 5. Allow CI to complete with new changes. 6. If build fails, stop and fix on your machine. Return to step 3. 7. If build passes, continue to work on the next item. Continuous Integration checklist 9
  • 10. 10
  • 11. Adding BlackDuck to our Continuous code inspection 11 Cause for caution Not all Open-Source Software is Free Open-Source Software (Free or other wise) may have security vulnerabilities. Sandwich from The Linux Foundation, Flight 2017 Free and Open-Source Software (FOSS) FOSS is a major part of the software development landscape which cannot be ignored. FOSS provides software developers with a significant advantage of not having to reinvent the wheel (or re “implement” the wheel) for their project.
  • 12. Scans code for use of FOSS • Identifies OSS components in code (Generates FOSS BOM) • Provides associated OSS license, compliance and risk of usage • Provides security vulnerability information for current and previous scans • Provides alert of the usage of unapproved OSS How BlackDuck Hub Helps 12
  • 13. Complex software development environments supporting multiple targets. • Embedded ( C/C++,Python, etc.), Application (Java, JavaScript, etc.) Significant variation in the software development processes • Agile , Waterfall, and every thing in between Significant variation in the developers level of engagement and buy-in with CI. • First impression is this is “extra work” Our experience at L3 13
  • 14. 14 The Chris Shayan Continuous Delivery Maturity Matrix Our Progress in the last 5 years Continuous Delivery Maturity Matrix
  • 15. Results of using the Test Automation (TA) on pilot Project A Test automation in support of Continuous integration 15 Before TA After TA % Improvement Time to write tests and perform dry-runs per requirement 4 hrs/req 1.8 hrs/req 55% Time to test each requirement in formal test 5 mins/req 0.34 mins/req 93% Total execution time 12 hours 35 mins auto + 1 hrs manual 87%
  • 16. Results: • Schedule for integration effort was predictable • Lab Integration of software components was very quick (within a couple of hours) or worked 100% the first time since all components were already thoroughly tested in simulation • Quick evaluation of code change during compilation and unit test • Quick evaluation of pass/fail on new builds during integration via automated regression suites • Zero defects found during SW Verification dry runs and formal testing • Zero defects found during System Verification dry runs 100% Code Coverage and Continuous Integration on Project E 16
  • 17. Other examples 17 Project A2-L: After implementing core pieces of CI (Build automation and Test automation), the cycle time for a new build release (tested & verified) was reduced from and manually intensive 3+ day effort to 4 hours. Project A3-M: After implementing core pieces of CI time for incremental release (built, tested & verified) was reduced from 146 hours to 38 hours
  • 18. Main reasons for Continuous Integration to fail Infrequent check-ins, which lead to delayed integrations Broken builds, which prevent teams from moving on to other tasks Minimal feedback, which prevents action from occurring Receiving spam feedback, which causes people to ignore messages Possessing a slow machine, which delays feedback Relying on a bloated build, which reduces rapid feedback 18