Atlassian ALM MeetUp Stockholm, 28th Nov 2013, Tomi Kallio's presentation about distributed software development topics including Distributed development, Distributed version control, Effective code reviews, Continuous integration, Continuous delivery and Continuous deployment.
*** DevSecOps: The Evolution of DevOps ***
Have you ever asked yourself the following questions:
What does DevSecOps means?
How is this different from DevOps?
What can we learn from the DevOps movement?
Presentation by James Betteley who shares his experience of shaping DevOps and what he foresees will happen with DevSecOps.
Atlassian Summit 2014 highlights as presented in Atlassian User Group in Stockholm September 18 2014. Quick recap of all six big announcement during the Summit.
*** DevSecOps: The Evolution of DevOps ***
Have you ever asked yourself the following questions:
What does DevSecOps means?
How is this different from DevOps?
What can we learn from the DevOps movement?
Presentation by James Betteley who shares his experience of shaping DevOps and what he foresees will happen with DevSecOps.
Atlassian Summit 2014 highlights as presented in Atlassian User Group in Stockholm September 18 2014. Quick recap of all six big announcement during the Summit.
Tomi Kallio's presentation about agile Application Lifecycle Managent (agileALM) in Atlassian User Group in Stockholm September 18 2014. agileALM is all about efficiency, transparency, traceability and agility in software product development. Learn more how to utilize Atlassian tools, like JIRA, Bamboo etc in your SW development process.
Encrypted communication using SSL/TLS is becoming ubiquitous. But many organizations are still experiencing security breaches from a lack of visibility. This webinar covers SSL/TLS information on performance, criteria for evaluating and a methodology on validation.
https://gotocon.com/berlin-2016/presentations/show_talk.jsp?oid=8033
Fed up with stop and go in your data center? Why not shift into overdrive and pull into the fast lane? Learn how AutoScout24, the largest online car marketplace Europe-wide, are building their Autobahn.
Reinventing themselves by making a radical transition from monoliths to microservices, from .NET on Windows to Scala on Linux, from datacenter to AWS and from built by devs and run by ops to a devops mindset.
While the current stack keeps running, ever more microservices will go live as you listen to stories from the trenches.
Key takeaways from this talk include: How to...
… become cloud native
… evolve the architecture
… create “you build it you run it” teams
… align with principles
DevOps brings together people, processes and technology, automating software delivery to provide continuous value to your users. With Azure DevOps solutions, deliver software faster and more reliably—no matter how big your IT department or what tools you are using
DevOps brings together people, processes and technology, automating software delivery to provide continuous value to your users. With Azure DevOps solutions, deliver software faster and more reliably—no matter how big your IT department or what tools you are using
Tomi Kallio's presentation about agile Application Lifecycle Managent (agileALM) in Atlassian User Group in Stockholm September 18 2014. agileALM is all about efficiency, transparency, traceability and agility in software product development. Learn more how to utilize Atlassian tools, like JIRA, Bamboo etc in your SW development process.
Encrypted communication using SSL/TLS is becoming ubiquitous. But many organizations are still experiencing security breaches from a lack of visibility. This webinar covers SSL/TLS information on performance, criteria for evaluating and a methodology on validation.
https://gotocon.com/berlin-2016/presentations/show_talk.jsp?oid=8033
Fed up with stop and go in your data center? Why not shift into overdrive and pull into the fast lane? Learn how AutoScout24, the largest online car marketplace Europe-wide, are building their Autobahn.
Reinventing themselves by making a radical transition from monoliths to microservices, from .NET on Windows to Scala on Linux, from datacenter to AWS and from built by devs and run by ops to a devops mindset.
While the current stack keeps running, ever more microservices will go live as you listen to stories from the trenches.
Key takeaways from this talk include: How to...
… become cloud native
… evolve the architecture
… create “you build it you run it” teams
… align with principles
DevOps brings together people, processes and technology, automating software delivery to provide continuous value to your users. With Azure DevOps solutions, deliver software faster and more reliably—no matter how big your IT department or what tools you are using
DevOps brings together people, processes and technology, automating software delivery to provide continuous value to your users. With Azure DevOps solutions, deliver software faster and more reliably—no matter how big your IT department or what tools you are using
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
"Running enterprise workloads with sensitive data in AWS is hard and requires an in-depth understanding about software-defined security risks. At re:Invent 2014, Intuit and AWS presented ""Enterprise Cloud Security via DevSecOps"" to help the community understand how to embrace AWS features and a software-defined security model. Since then, we've learned quite a bit more about running sensitive workloads in AWS.
We've evaluated new security features, worked with vendors, and generally explored how to develop security-as-code skills. Come join Intuit and AWS to learn about second-year lessons and see how DevSecOps is evolving. We've built skills in security engineering, compliance operations, security science, and security operations to secure AWS-hosted applications. We will share stories and insights about DevSecOps experiments, and show you how to crawl, walk, and then run into the world of DevSecOps."
Beyond the Scrum Team: Delivering "Done" at ScaleTasktop
In this webinar Dave West, CEO and Product Owner of Scrum.org, and Betty Zakheim, VP of Industry Strategy at Tasktop talk about the success of Scrum in the enterprise and techniques that organizations can employ when they have a large IT shop.
Join us for this discussion of the successes and challenges of Scrum at scale, including:
* Scrum.org's Nexus
* how software development teams can deliver "Done" at scale
* how these techniques fit into the broader software delivery lifecycle
Learn how AutoScout24, the largest online car marketplace Europe-wide, are building their Autobahn in the cloud.
The secret ingredient? Culture! Because “microservices and cloud” is only one half of the digital transformation story: The other half is how your organization deals with cultural change as you transition from the old world of IT into building microservices on AWS with agile DevOps teams in a true “you build it, you run it” fashion.
Listen to stories from the trenches and learn how to become cloud-native, evolve your architecture step by step, drive cultural change across your teams, and manage your company’s transformation for the future.
ASPgems is the leading company in agile web solutions. We use the most advanced techniques and software development methodologies. Our technology is swift, flexible and scalable.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
3. Distributed development
”we can make it faster and cheaper”
Distributed version control
“branching is good”
Effective code reviews
“many pairs of eyes”
Continuous integration
“keeping up with the mainline”
bonus
Continuous delivery
“all the way, all the time”
November 28, 2013
www.ambientia.net
3
5. Parallel projects
Collaborative
Remote work
Fully internal
Virtual teams
Open source
Geographical distribution
Find the best talent available
Projects of all sizes
Small
Large
Distributed development
”we can make it faster and cheaper”
Stay on top of things
Make it easier
Who?
Invest in tooling
What?
It can work well!
November 28, 2013
FishEye
Where?
www.ambientia.net
5
6. How many of you do distributed
development?
Any benefits, issues, lessons
learnt to share?
November 28, 2013
www.ambientia.net
6
11. Review practices
Not all at once
Start small
Seamless
Everything
Learn
Daily routine
Design
Share
Painless
Fast
Fluent
Security
Mentor
Quality, overall
Effective code reviews
“many pairs of eyes”
Cheap
Commit
Informal
Formal
Effective
Patch
Stash
Developer-driven
November 28, 2013
www.ambientia.net
Distributed
Snippets
Audit trail
Crucible
Version
Actions to JIRA
11
12. Do you have well established
code review practices?
How often does the code get
reviewed?
Are the reviews cost-effective?
November 28, 2013
www.ambientia.net
12
17. Automation
Staging
Production
(again)
1 2 4 … N projects
Deploy
Scalability
Rollback
Development
N … M environments
Deploy gradually
bonus
Continuous delivery
“all the way, all the time”
Bamboo environments
“Which version is live in production?”
JIRA issues
“What does project X’s staging environment contain?”
November 28, 2013
www.ambientia.net
17
18. How often do you deploy?
Can you deploy automatically?
Are your deploys tracked?
November 28, 2013
www.ambientia.net
18
19. Tomi Kallio
Tel: +358 40 749 2051
Email: tomi.kallio@ambientia.fi
Twitter: @tomi_kallio
Editor's Notes
Application Lifecycle Management (ALM)is about making things betterBeing traceable and transparent, predictable and always on timeIncreasing the efficiencyBecoming more agile, embracing and expecting changeOverall ALM business goals are toImprove the quality of both the sw and also of the operationsNot only the final product but how things are madeBecome more profitable, as an outcome from all of the above
This discussion track is centered around distributed software development; what experiences we (You!) have, what kind of things are involved, and how to make things better. Raise questions, provide comments and be active. Suggest working practices and tools and procedures that work for you and your teams.We will cover a few main topics with me shortly presenting the topic and then all of us discussing it.
There are these five main topics to discuss.Less about JIRA and Confluence, or about any particular tools. More about the concepts themselves.We can do less or more depending on your interests.If one particular topic seems to be more interesting to the audience than the others, we could spend most of our time there. Let’s see where the discussion leads us.Topics are presented on their own slides with some key ideas and pointers listed on the slides to get the discussion going.Unstructured – well, you will soon find out what I mean : - )
We begin with distributed development.This idea that we can do bigger, better, faster, and more if we do many things in parallel.
Is there something else than distributed development anymore?Distributed development, strictly defined, does not contain subcontracting, outsourcing or virtual teams. We don’t need to limit ourselves with that definition in this discussion. Our aim is to talk about situations where people are doing at least some their work outside of the office environment, detached from their team.For example:When teams and team members are distributed geographically (different room, building, continent and time zone)Development is distributed when there are multiple parallel projects individual developers are contributing to (distribution of their effort)Required special kind of care and tool support.Even when people do remote work it means that the team is distributed, at least some of the time.Yahoo! banned remote work altoghether earlier this year. A bit mistake if you ask me.There are huge distributed development projects, and then there are really small ones. Distribution is common.I personally have been managing a small team distributed globally. One or more people on several continents and time zones.Internal to one company, different teams or organizations working towards a common goal (dependencies).Done in collaboration with other companies, subcontracting or partnering.And, of course, open source projects from small to extremely large ones like the Linux kernel.Recruiting the best talent could mean being forced to be distributed. Some companies and individuals can still thrive.By investing in tooling, challenges of distribution can be tackled.Make things easier for people, especially for your developers.Same weekly, daily, hourly facts available to everybody as soon as possible.Communication and making things visual matters a lot. Natural communication paths are broken; no coffee room discussions.Things can work well even when distributed – just think about success of the Linux kernel development.The tools can make it easy to stay on top of things, all the different activities going on around the whole.Who is working on what and where?What is changing and what should happen nextFor example, AtlassianFishEye can bring activity streams to the developers’ reach. Follow a number of projects, code repositories, files, people, etc.
Branch is a central concept in distributed version control.Branching and merging has been done well and are central parts of the daily work.Convenience and speed of operations (network optimized).Mostly locally available information.Independence; disconnected operation even when no network is available.Allows contributions without repository access rights, e.g. patches via email or as a pull request.Flexibility in selecting the model. E.g. a web of trust (central integrators) , old central repository model, etc.Isolation; make features (maybe new idea exploration) available to the others at the right time.Safety; every working copy is a full backup.Branching model should be documented and visualized.Everyone needs to know how the system operates.Who accepts patches, which release and feature branches are used.When to fork, where to fork from, when to merge, where to merge back to.Especially important when there are a large number of contributors or participants or when there are many projects to contribute to.Mercurial (bookmarks). Git (light-weight branches). Bazaar.Atlassian provides many tools that can help with maintaining a distributed version control system.FishEye to follow activity streams and to keep in control of things when a lot is happening, Crucible to do code reviews (more about that in a later slide).Stash to manage Git repositories, e.g. one project can have multiple Git repositories.Atlassian is putting a lot of effort into Stash.Development and code reviews in the form of pull requests.Bitbucket online service to manage shared Mercurial and Git repositories. Open source–like model.
Code reviews can be more effective to catch bugs than tests are. Reviews also happen earlier in the project lifecycle when issues are cheaper to fix.Try to review everything but don’t try to do everything at once.Start with something small, e.g. reviewing all new commits (to a particular part of the system).Grow the reviewed code base incrementally.Learn as you go; become more efficient in understanding where and when to review.Gradually build up knowledge and know-how. Let the senior developers guide the more junior ones.Reviews are a great way to share knowledge.Reviewing a unknown part of a system makes the reviewer to become more familiar with it.Organizing reviews and mentoring other people by being available and running through the main ideas and building blocks.Reviews can be specially targeted, e.g. to find certain type of security issues or to validate early designs before too much code has been contributed.Reviews should become a daily routine for the developers.The practices should be well communicated so people know what is being expected of them.Review frequently; so things can move fast. There should not be a large number of reviews pending. Commit to it!Fluent, seamless; part of the daily flow. Not time away from something “more important”.Painless, make it easy for the reviewers and they will follow.There are many ways to do code reviews, some more formal than others, and more expensive than others.Even quick-and-dirty reviews could be valuable at the very beginning. You look at my code and I’ll look at yours.Depends on the type of the product; nuclear power plant vs. a photo sharing site.Small can be cheap but still very valuable.Think about the parts of the system that would benefit most from reviews.Let the developers be in control so they keep on doing it. Let them define the tooling to use, the processes that best fit their particular projects.Atlassian offers Crucible as the review tool which integrates nicely to FishEye and JIRA.Team can select the right granularity level for reviews.Every commit, eventually everything will get reviewed.Code snippets, “I want early feedback on my approach”.Against a JIRA version (all changes committed to that particular version) or issue.Reviews leave an audit trail; what has been commented, what issues were found.Crucible can make review findings as issues in JIRA. This ensures important findings are not lost.With Stash, one can review pull requests.Several commits at once; independent change sets, e.g. “feature X” or “fix Y”.Review in a way that feels natural to you and your team.
Code reviews can be more effective to catch bugs than tests are. Reviews also happen earlier in the project lifecycle when issues are cheaper to fix.Review targets:Early designs or approaches.Security issues, especially.Quality, overall.Try to review everything but don’t try to do everything at once.Start with something small, e.g. reviewing all new commits (to a particular part of the system).Grow the reviewed code base incrementally.Learn as you go; become more efficient in understanding where and when to review.Every pull request.Gradually build up knowledge and know-how. Let the senior developers guide the more junior ones.Reviews are a great way to share knowledge.Reviewing a unknown part of a system makes the reviewer to become more familiar with it.Organizing reviews and mentoring other people by being available and running through the main ideas and building blocks.Reviews should become a daily routine for the developers.The practices should be well communicated so people know what is being expected of them.Review frequently; so things can move fast. There should not be a large number of reviews pending. Commit to it!Fluent, seamless; part of the daily flow. Not time away from something “more important”.Painless, make it easy for the reviewers and they will follow.There are many ways to do code reviews, some more formal than others, and more expensive than others.Even quick-and-dirty reviews could be valuable at the very beginning. You look at my code and I’ll look at yours.Depends on the type of the product; nuclear power plant vs. a photo sharing site.Small can be cheap but still very valuable.Think about the parts of the system that would benefit most from reviews.Let the developers be in control so they keep on doing it. Let them define the tooling to use, the processes that best fit their particular projects.Atlassian tools, Stash for DVCS, FishEye+Crucible for traditional VC.A lot of emphasis has been put on Stash lately.Atlassian offers Crucible as the review tool which integrates nicely to FishEye and JIRA.Team can select the right granularity level for reviews.Every commit, eventually everything will get reviewed.Code snippets, “I want early feedback on my approach”.Against a JIRA version (all changes committed to that particular version) or issue.Reviews leave an audit trail; what has been commented, what issues were found.Crucible can make review findings as issues in JIRA. This ensures important findings are not lost.With Stash, one can review pull requests.Several commits at once; independent change sets, e.g. “feature X” or “fix Y”.Incrementally building up the feature by appending to the pull request.Review in a way that feels natural to you and your team.
Continuous integration means committing changes into the mainline of development as often as feasible.Everybody works more or less on the same set of sources. No major integration issues close to the release date.Developers edit code, commit into the change control system. Continuous integration system detects code changes and executes a series of actions.Actions build and package the code and execute tests (or test-like checks).The edit – build – test cycle is executed all the time, whenever code changes are detected. Delta between commits remains very small.Small deltas reduce the amount of risk.When issues arise, small delta makes it easier and faster to pinpoint what went wrong and do corrective actions.Provide fast feedback to the developers; fail early. Act as a safety net.People should be encouraged to make changes.Can be layered – very fast sanity checks could be executed first. Then more thorough and time consuming tests and other automation.Tests can be thought of as executable specifications. Very many things can be checked with automation.Automation is key.Repeatable processes. Newcomers could commit code on their first day at work.Fast to execute. Execute frequently with ease.Scalability as the number of projects grows and there are more people in each project.START SMALL here as well. Add small checks and automations whenever there is time.Make things visible.Be very clear when things break.Try to find ways to detect what went wrong and bring the information to the developer.Automate releasing as well so that it happens the same way every time.Release decision can still be made manually.Everybody can release.Open source Jenkins is a very commonly used CI tool.Atlassian provides Bamboo which integrates into the other Atlassian tools and makes it easier to follow status and progress across systems.Bamboo can detect new feature branches and start CI for them automatically.
Web application point of view.Build on the continuous integration system, extending it to deploy to the relevant environments.First, do rigorous testing and quality assurance.Everything should work like in the live production system.Production system for live environment.The decision to go live to production can be manual.The idea of continuous delivery is to all the time verify that the deployment can be done.To keep the system in such a good shape that it is always ready to be deployed to production.Deploying all the changes to production automatically is called Continuous Deployment.With a large number of parallel projects, the number of environments can grow quite large.Each project has multiple environments. There can also be different versions of the same product online at the same time.Again, automation will be of great help here.Need to find out what is live and where.Bamboo Environments can display what is live and where at any given moment. If Bamboo is linked to JIRA, the exact contents of the build (JIRA issues source code commits) can be found.Traceability.Deployment to production systems can be done gradually.Taking systems in partial use for a smaller subset of the user base.Rollback procedures are important.There are large systems in use that do continuous delivery, and even continuous deployment.