SlideShare a Scribd company logo
Software Engineering
for Digital Businesses
Selvaratnam Uthaiyashankar
Senior Vice President, Engineering
WSO2
Ideas have value, but
flawless execution is what
determines success
What we will cover in this talk
● WSO2’s software engineering processes
● Key takeaways for digital businesses
● How this thinking has influenced the development of Choreo
3
Software Engineering @ WSO2
Requirements
5
Design
● Communications in mailing list, github issues and github discussions
● Tools
⦿ Google docs and several other diagraming tools (e.g draw.io, excalidraw)
⦿ Figma
● Review meetings
⦿ Architecture review
⦿ API design review
⦿ UX design review
⦿ Security review
6
7
Codecov
Coding
Run Code
Scanning Tools
Run Security
Tools
Find
Security Bugs
Start Create
Pull Request
OWASP ZAP
Secure
Engineering
Guide
FindBugs
CheckStyle
Code Review
Change Requested
Automated Pull
Request
Verification
Pull Request
Review &
Approval
Merge
Pull Request
Pull Request
Build
OWASP
Dependency
Check
Development
Development
● Communications in mailing list
● 3rd party dependency approvals
● Feature branches
● Test cases (unit test, integration tests, scenario tests)
● Documentation, samples
● Dependa bot - Automatically update dependencies to their latest version
8
9
Testing
Testing Stage
Development Time
Unit Testing
Pull Request
Build
Developer
Machine
Performance
Testing
Long Running
Testing
Testing
Environment
Development Stage
Integration
Testing
Development
Environment
System
Testing
TestGrid
TestNG : For server-side feature testing
React-testing library : For React apps
Storybook : For UI design assurance
Mockito, Powermock : Test double
objects
Jacoco : Reporting
Cypress : For UI/front-end & API testing
Rest Assured : For REST API testing
TestNG : For server-side feature testing
Cypress : For UI/front-end & API testing
TestNG : For server-side feature testing
Cypress Dashboard : For Reporting
Test Case
Management
Release
● Release is ready when …
○ All planned features are done
○ Documentations are available for the
features
○ Testgrid reports
10
Merge
Completed
Features
All
Features
completed
Software Release
Weekly
Releases
Alpha
No Pending
L1 Issues
Beta
No Pending
L1, L2
Release
Candidate
Voting
GA
○ Long running test reports
○ Performance numbers
○ Security scanning
○ No L1, L2 issues
Merge
Completed
Feature
Integration
Testing
Cloud Release
Dev
Environment
Test
Environment
System
Testing
Ready for
Release
Daily
Release
Train
Production
Environment
Work on
Feature
Summary of Secure Development Lifecycle
11
Secure
Design Review
Developer
Self Review
Code
Review
Product Release Process
Static
Analysis
Dynamic
Analysis
Third-party
Dependency
Analysis
GitHub
Pull Request
Template
Security tools
WSO2
Secure
Engineering
Guidelines National Vulnerability
Database
Scan Report
Repository
WSO2
Vulnerability
Management
System
Security Leads
Start
https://security.docs.wso2.com/en/latest/security-processes/secure-software-development-process/
1. Receive
2. Evaluate
3. Fix
4. Backport / Frontport
5. Release Update
6. Inform Customer
Support Portal, Customer Engagements
True Positive? Work around possible?
Change code / config. Merge to dev branch
Versions within the porting policy
Hotfix and update releases
Inform through Support Portal
12
Maintenance
Product Team Support Team
7. Apply Update
Update available for all customers
Customer
Continuous Monitoring of Third Party Dependency
Vulnerabilities
13
Security Team
Continuously
scan SBOM
1) Onboard new product releases
2) Maintain Software Bill of Materials (SBOM)
Vulnerability Databases / Sources
National Vulnerability
Database
Node Security
Advisories
GitHub Issues
Notifications
- New Vulnerabilities
- Licence Changes or Violations
WSO2 Customers
Initiate Vulnerability
Management Process
Engineering
Teams
Analyze
Findings
Update
WSO2 Trust Center
WSO2 Support Portal -
WSO2 Trust Center
- Update Status
- ETAs
- Justifications
DevOps
● Infrastructure as Code (IaaC)
⦿ Terraform
● GitOps Process
● System monitoring
⦿ Azure Monitor and Kusto query
● Application monitoring
⦿ Site24×7
● Alerting
⦿ PagerDuty to generate call alerts for all critical alerts
⦿ Email/chat notifications for non-critical failures
14
Build Pipeline
Mandatory Quality and Security Checks
DevSecOps
15
Software Composition Analysis
(SCA)
Third Party Dependency Vulnerabilities
License Violations
Container Scanning
Linting and
Static Security Analysis
Gosec
Super-linter
Infrastructure as Code (IaC)
Scanning
Key takeaways from WSO2's
processes for digital businesses
Key takeaways
● Record all requirements
● Inner source - Applying open source best practices
● Parallel versions, process to identify bugs in all affected versions
● GitOps
● Automated testing, deployment, and monitoring
● Security at every level, continuous security processing
17
Choreo
What is Choreo?
19
Choreo Concepts
20
How Choreo helps
● Record all requirements - External
● Inner source - Source code repository is attached to projects,
components
● Parallel versions - Deployment tracks
● GitOps - environment, configuration management
● Automated testing, deployment, and monitoring - Test components,
CI/CD, observability, insights
● Security at every level, continuous security processing - Trivy scans, API
gateways, cell architectures
21
Question Time!
22
Thank You!

More Related Content

Similar to WSO2CON 2024 - Software Engineering for Digital Businesses

DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
Aarno Aukia
 
Building a Quality Modelio with Q-Rapids by Softeam
Building a Quality Modelio with Q-Rapids by SofteamBuilding a Quality Modelio with Q-Rapids by Softeam
Building a Quality Modelio with Q-Rapids by Softeam
aabherve
 
Git into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku
Git into the Flow, with the Ultimate Continuous Delivery Workflow on HerokuGit into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku
Git into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku
Salesforce Developers
 
Cloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct servicesCloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct services
André Agostinho
 
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Zivtech, LLC
 
Api gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a serviceApi gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a service
Emerasoft, solutions to collaborate
 
Agile DevOps Implementation
Agile DevOps ImplementationAgile DevOps Implementation
Agile DevOps Implementation
Manikandan R
 
Fundamentals of DevOps for Data Testing Course - Module 3
Fundamentals of DevOps for Data Testing Course - Module 3Fundamentals of DevOps for Data Testing Course - Module 3
Fundamentals of DevOps for Data Testing Course - Module 3
MichaelCalabrese20
 
Transform Digital Business with DevOps
Transform Digital Business with DevOpsTransform Digital Business with DevOps
Transform Digital Business with DevOps
Daniel Oh
 
06 operations and feedback
06   operations and feedback06   operations and feedback
06 operations and feedback
Clemens Reijnen
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project success
Adam Stephensen
 
New ThousandEyes Product Features and Release Highlights: March 2023
New ThousandEyes Product Features and Release Highlights: March 2023New ThousandEyes Product Features and Release Highlights: March 2023
New ThousandEyes Product Features and Release Highlights: March 2023
ThousandEyes
 
Forward5 Auxis VMware
Forward5 Auxis VMwareForward5 Auxis VMware
Forward5 Auxis VMware
Auxis Consulting & Outsourcing
 
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Atlassian
 
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
CezzaineZaher1
 
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptx
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptxMay 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptx
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptx
ThousandEyes
 
Infrastructure as Code for Network
Infrastructure as Code for NetworkInfrastructure as Code for Network
Infrastructure as Code for Network
Damien Garros
 
Code in the Cloud - Ghent - 20 February 2015
Code in the Cloud - Ghent - 20 February 2015Code in the Cloud - Ghent - 20 February 2015
Code in the Cloud - Ghent - 20 February 2015
Microsoft Developer Network (MSDN) - Belgium and Luxembourg
 
Continuous Integration and development environment approach
Continuous Integration and development environment approachContinuous Integration and development environment approach
Continuous Integration and development environment approach
Aleksandr Tsertkov
 
DevOps Service | Mindtree
DevOps Service | MindtreeDevOps Service | Mindtree
DevOps Service | Mindtree
AnikeyRoy
 

Similar to WSO2CON 2024 - Software Engineering for Digital Businesses (20)

DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
Building a Quality Modelio with Q-Rapids by Softeam
Building a Quality Modelio with Q-Rapids by SofteamBuilding a Quality Modelio with Q-Rapids by Softeam
Building a Quality Modelio with Q-Rapids by Softeam
 
Git into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku
Git into the Flow, with the Ultimate Continuous Delivery Workflow on HerokuGit into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku
Git into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku
 
Cloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct servicesCloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct services
 
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
 
Api gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a serviceApi gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a service
 
Agile DevOps Implementation
Agile DevOps ImplementationAgile DevOps Implementation
Agile DevOps Implementation
 
Fundamentals of DevOps for Data Testing Course - Module 3
Fundamentals of DevOps for Data Testing Course - Module 3Fundamentals of DevOps for Data Testing Course - Module 3
Fundamentals of DevOps for Data Testing Course - Module 3
 
Transform Digital Business with DevOps
Transform Digital Business with DevOpsTransform Digital Business with DevOps
Transform Digital Business with DevOps
 
06 operations and feedback
06   operations and feedback06   operations and feedback
06 operations and feedback
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project success
 
New ThousandEyes Product Features and Release Highlights: March 2023
New ThousandEyes Product Features and Release Highlights: March 2023New ThousandEyes Product Features and Release Highlights: March 2023
New ThousandEyes Product Features and Release Highlights: March 2023
 
Forward5 Auxis VMware
Forward5 Auxis VMwareForward5 Auxis VMware
Forward5 Auxis VMware
 
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...
 
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
 
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptx
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptxMay 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptx
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptx
 
Infrastructure as Code for Network
Infrastructure as Code for NetworkInfrastructure as Code for Network
Infrastructure as Code for Network
 
Code in the Cloud - Ghent - 20 February 2015
Code in the Cloud - Ghent - 20 February 2015Code in the Cloud - Ghent - 20 February 2015
Code in the Cloud - Ghent - 20 February 2015
 
Continuous Integration and development environment approach
Continuous Integration and development environment approachContinuous Integration and development environment approach
Continuous Integration and development environment approach
 
DevOps Service | Mindtree
DevOps Service | MindtreeDevOps Service | Mindtree
DevOps Service | Mindtree
 

More from WSO2

Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
WSO2
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
WSO2
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
WSO2
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
WSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
WSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2
 

More from WSO2 (20)

Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 

Recently uploaded

Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
brainerhub1
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Quickdice ERP
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
SQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure MalaysiaSQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure Malaysia
GohKiangHock
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
Requirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional SafetyRequirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional Safety
Ayan Halder
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
TaghreedAltamimi
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
Grant Fritchey
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Envertis Software Solutions
 
UI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design SystemUI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design System
Peter Muessig
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software  Development Company in Noida - DeugloEmpowering Growth with Best Software  Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
Rakesh Kumar R
 

Recently uploaded (20)

Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
SQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure MalaysiaSQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure Malaysia
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
Requirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional SafetyRequirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional Safety
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
 
UI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design SystemUI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design System
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software  Development Company in Noida - DeugloEmpowering Growth with Best Software  Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
 

WSO2CON 2024 - Software Engineering for Digital Businesses

  • 1. Software Engineering for Digital Businesses Selvaratnam Uthaiyashankar Senior Vice President, Engineering WSO2
  • 2. Ideas have value, but flawless execution is what determines success
  • 3. What we will cover in this talk ● WSO2’s software engineering processes ● Key takeaways for digital businesses ● How this thinking has influenced the development of Choreo 3
  • 6. Design ● Communications in mailing list, github issues and github discussions ● Tools ⦿ Google docs and several other diagraming tools (e.g draw.io, excalidraw) ⦿ Figma ● Review meetings ⦿ Architecture review ⦿ API design review ⦿ UX design review ⦿ Security review 6
  • 7. 7 Codecov Coding Run Code Scanning Tools Run Security Tools Find Security Bugs Start Create Pull Request OWASP ZAP Secure Engineering Guide FindBugs CheckStyle Code Review Change Requested Automated Pull Request Verification Pull Request Review & Approval Merge Pull Request Pull Request Build OWASP Dependency Check Development
  • 8. Development ● Communications in mailing list ● 3rd party dependency approvals ● Feature branches ● Test cases (unit test, integration tests, scenario tests) ● Documentation, samples ● Dependa bot - Automatically update dependencies to their latest version 8
  • 9. 9 Testing Testing Stage Development Time Unit Testing Pull Request Build Developer Machine Performance Testing Long Running Testing Testing Environment Development Stage Integration Testing Development Environment System Testing TestGrid TestNG : For server-side feature testing React-testing library : For React apps Storybook : For UI design assurance Mockito, Powermock : Test double objects Jacoco : Reporting Cypress : For UI/front-end & API testing Rest Assured : For REST API testing TestNG : For server-side feature testing Cypress : For UI/front-end & API testing TestNG : For server-side feature testing Cypress Dashboard : For Reporting Test Case Management
  • 10. Release ● Release is ready when … ○ All planned features are done ○ Documentations are available for the features ○ Testgrid reports 10 Merge Completed Features All Features completed Software Release Weekly Releases Alpha No Pending L1 Issues Beta No Pending L1, L2 Release Candidate Voting GA ○ Long running test reports ○ Performance numbers ○ Security scanning ○ No L1, L2 issues Merge Completed Feature Integration Testing Cloud Release Dev Environment Test Environment System Testing Ready for Release Daily Release Train Production Environment Work on Feature
  • 11. Summary of Secure Development Lifecycle 11 Secure Design Review Developer Self Review Code Review Product Release Process Static Analysis Dynamic Analysis Third-party Dependency Analysis GitHub Pull Request Template Security tools WSO2 Secure Engineering Guidelines National Vulnerability Database Scan Report Repository WSO2 Vulnerability Management System Security Leads Start https://security.docs.wso2.com/en/latest/security-processes/secure-software-development-process/
  • 12. 1. Receive 2. Evaluate 3. Fix 4. Backport / Frontport 5. Release Update 6. Inform Customer Support Portal, Customer Engagements True Positive? Work around possible? Change code / config. Merge to dev branch Versions within the porting policy Hotfix and update releases Inform through Support Portal 12 Maintenance Product Team Support Team 7. Apply Update Update available for all customers Customer
  • 13. Continuous Monitoring of Third Party Dependency Vulnerabilities 13 Security Team Continuously scan SBOM 1) Onboard new product releases 2) Maintain Software Bill of Materials (SBOM) Vulnerability Databases / Sources National Vulnerability Database Node Security Advisories GitHub Issues Notifications - New Vulnerabilities - Licence Changes or Violations WSO2 Customers Initiate Vulnerability Management Process Engineering Teams Analyze Findings Update WSO2 Trust Center WSO2 Support Portal - WSO2 Trust Center - Update Status - ETAs - Justifications
  • 14. DevOps ● Infrastructure as Code (IaaC) ⦿ Terraform ● GitOps Process ● System monitoring ⦿ Azure Monitor and Kusto query ● Application monitoring ⦿ Site24×7 ● Alerting ⦿ PagerDuty to generate call alerts for all critical alerts ⦿ Email/chat notifications for non-critical failures 14
  • 15. Build Pipeline Mandatory Quality and Security Checks DevSecOps 15 Software Composition Analysis (SCA) Third Party Dependency Vulnerabilities License Violations Container Scanning Linting and Static Security Analysis Gosec Super-linter Infrastructure as Code (IaC) Scanning
  • 16. Key takeaways from WSO2's processes for digital businesses
  • 17. Key takeaways ● Record all requirements ● Inner source - Applying open source best practices ● Parallel versions, process to identify bugs in all affected versions ● GitOps ● Automated testing, deployment, and monitoring ● Security at every level, continuous security processing 17
  • 21. How Choreo helps ● Record all requirements - External ● Inner source - Source code repository is attached to projects, components ● Parallel versions - Deployment tracks ● GitOps - environment, configuration management ● Automated testing, deployment, and monitoring - Test components, CI/CD, observability, insights ● Security at every level, continuous security processing - Trivy scans, API gateways, cell architectures 21