SlideShare a Scribd company logo

WSO2CON 2024 - Software Engineering for Digital Businesses

WSO2
WSO2

WSO2CON 2024 - Software Engineering for Digital Businesses

Software
1 of 23
Download to read offline
Software Engineering for Digital Businesses Selvaratnam Uthaiyashankar Senior Vice President, Engineering WSO2
Ideas have value, but flawless execution is what determines success
What we will cover in this talk ● WSO2’s software engineering processes ● Key takeaways for digital businesses ● How this thinking has influenced the development of Choreo 3
Software Engineering @ WSO2
Requirements 5
Design ● Communications in mailing list, github issues and github discussions ● Tools ⦿ Google docs and several other diagraming tools (e.g draw.io, excalidraw) ⦿ Figma ● Review meetings ⦿ Architecture review ⦿ API design review ⦿ UX design review ⦿ Security review 6
7 Codecov Coding Run Code Scanning Tools Run Security Tools Find Security Bugs Start Create Pull Request OWASP ZAP Secure Engineering Guide FindBugs CheckStyle Code Review Change Requested Automated Pull Request Verification Pull Request Review & Approval Merge Pull Request Pull Request Build OWASP Dependency Check Development
Development ● Communications in mailing list ● 3rd party dependency approvals ● Feature branches ● Test cases (unit test, integration tests, scenario tests) ● Documentation, samples ● Dependa bot - Automatically update dependencies to their latest version 8
9 Testing Testing Stage Development Time Unit Testing Pull Request Build Developer Machine Performance Testing Long Running Testing Testing Environment Development Stage Integration Testing Development Environment System Testing TestGrid TestNG : For server-side feature testing React-testing library : For React apps Storybook : For UI design assurance Mockito, Powermock : Test double objects Jacoco : Reporting Cypress : For UI/front-end & API testing Rest Assured : For REST API testing TestNG : For server-side feature testing Cypress : For UI/front-end & API testing TestNG : For server-side feature testing Cypress Dashboard : For Reporting Test Case Management
Release ● Release is ready when … ○ All planned features are done ○ Documentations are available for the features ○ Testgrid reports 10 Merge Completed Features All Features completed Software Release Weekly Releases Alpha No Pending L1 Issues Beta No Pending L1, L2 Release Candidate Voting GA ○ Long running test reports ○ Performance numbers ○ Security scanning ○ No L1, L2 issues Merge Completed Feature Integration Testing Cloud Release Dev Environment Test Environment System Testing Ready for Release Daily Release Train Production Environment Work on Feature
Summary of Secure Development Lifecycle 11 Secure Design Review Developer Self Review Code Review Product Release Process Static Analysis Dynamic Analysis Third-party Dependency Analysis GitHub Pull Request Template Security tools WSO2 Secure Engineering Guidelines National Vulnerability Database Scan Report Repository WSO2 Vulnerability Management System Security Leads Start https://security.docs.wso2.com/en/latest/security-processes/secure-software-development-process/
1. Receive 2. Evaluate 3. Fix 4. Backport / Frontport 5. Release Update 6. Inform Customer Support Portal, Customer Engagements True Positive? Work around possible? Change code / config. Merge to dev branch Versions within the porting policy Hotfix and update releases Inform through Support Portal 12 Maintenance Product Team Support Team 7. Apply Update Update available for all customers Customer
Continuous Monitoring of Third Party Dependency Vulnerabilities 13 Security Team Continuously scan SBOM 1) Onboard new product releases 2) Maintain Software Bill of Materials (SBOM) Vulnerability Databases / Sources National Vulnerability Database Node Security Advisories GitHub Issues Notifications - New Vulnerabilities - Licence Changes or Violations WSO2 Customers Initiate Vulnerability Management Process Engineering Teams Analyze Findings Update WSO2 Trust Center WSO2 Support Portal - WSO2 Trust Center - Update Status - ETAs - Justifications
DevOps ● Infrastructure as Code (IaaC) ⦿ Terraform ● GitOps Process ● System monitoring ⦿ Azure Monitor and Kusto query ● Application monitoring ⦿ Site24×7 ● Alerting ⦿ PagerDuty to generate call alerts for all critical alerts ⦿ Email/chat notifications for non-critical failures 14
Build Pipeline Mandatory Quality and Security Checks DevSecOps 15 Software Composition Analysis (SCA) Third Party Dependency Vulnerabilities License Violations Container Scanning Linting and Static Security Analysis Gosec Super-linter Infrastructure as Code (IaC) Scanning
Key takeaways from WSO2's processes for digital businesses
Key takeaways ● Record all requirements ● Inner source - Applying open source best practices ● Parallel versions, process to identify bugs in all affected versions ● GitOps ● Automated testing, deployment, and monitoring ● Security at every level, continuous security processing 17
Choreo
What is Choreo? 19
Choreo Concepts 20
How Choreo helps ● Record all requirements - External ● Inner source - Source code repository is attached to projects, components ● Parallel versions - Deployment tracks ● GitOps - environment, configuration management ● Automated testing, deployment, and monitoring - Test components, CI/CD, observability, insights ● Security at every level, continuous security processing - Trivy scans, API gateways, cell architectures 21
Question Time! 22
Thank You!

Recommended

2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.milNASA Open Government Initiative
 
Flight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at DocusignFlight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at DocusignSynopsys Software Integrity Group
 
Leveraging Analytics for DevOps
Leveraging Analytics for DevOpsLeveraging Analytics for DevOps
Leveraging Analytics for DevOpsMichael Floyd
 
Automation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptxAutomation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptxNikhileshSathyavarap
 
Whats In Your QA Tool Belt?
Whats In Your QA Tool Belt?Whats In Your QA Tool Belt?
Whats In Your QA Tool Belt?Walter Mamed
 
Continuous Integration for z using Test Data Management and Application D...
Continuous Integration for z using Test Data Management and Application D...Continuous Integration for z using Test Data Management and Application D...
Continuous Integration for z using Test Data Management and Application D...DevOps for Enterprise Systems
 
Mobile App Development for Startups | Phase Specific Presentation
Mobile App Development for Startups | Phase Specific PresentationMobile App Development for Startups | Phase Specific Presentation
Mobile App Development for Startups | Phase Specific PresentationKogi Mobile | Mobile App Development
 
P4 Branching Overview
P4 Branching OverviewP4 Branching Overview
P4 Branching OverviewGo2Group, Inc.
 

Recommended

2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.milNASA Open Government Initiative
 
Flight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at DocusignFlight East 2018 Presentation–Black Duck at Docusign
Flight East 2018 Presentation–Black Duck at DocusignSynopsys Software Integrity Group
 
Leveraging Analytics for DevOps
Leveraging Analytics for DevOpsLeveraging Analytics for DevOps
Leveraging Analytics for DevOpsMichael Floyd
 
Automation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptxAutomation Deployments and Gudielines.pptx
Automation Deployments and Gudielines.pptxNikhileshSathyavarap
 
Whats In Your QA Tool Belt?
Whats In Your QA Tool Belt?Whats In Your QA Tool Belt?
Whats In Your QA Tool Belt?Walter Mamed
 
Continuous Integration for z using Test Data Management and Application D...
Continuous Integration for z using Test Data Management and Application D...Continuous Integration for z using Test Data Management and Application D...
Continuous Integration for z using Test Data Management and Application D...DevOps for Enterprise Systems
 
Mobile App Development for Startups | Phase Specific Presentation
Mobile App Development for Startups | Phase Specific PresentationMobile App Development for Startups | Phase Specific Presentation
Mobile App Development for Startups | Phase Specific PresentationKogi Mobile | Mobile App Development
 
P4 Branching Overview
P4 Branching OverviewP4 Branching Overview
P4 Branching OverviewGo2Group, Inc.
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Building a Quality Modelio with Q-Rapids by Softeam
Building a Quality Modelio with Q-Rapids by SofteamBuilding a Quality Modelio with Q-Rapids by Softeam
Building a Quality Modelio with Q-Rapids by Softeamaabherve
 
Git into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku
Git into the Flow, with the Ultimate Continuous Delivery Workflow on HerokuGit into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku
Git into the Flow, with the Ultimate Continuous Delivery Workflow on HerokuSalesforce Developers
 
Cloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct servicesCloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct servicesAndré Agostinho
 
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation Zivtech, LLC
 
Api gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a serviceApi gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a serviceEmerasoft, solutions to collaborate
 
Agile DevOps Implementation
Agile DevOps ImplementationAgile DevOps Implementation
Agile DevOps ImplementationManikandan R
 
Fundamentals of DevOps for Data Testing Course - Module 3
Fundamentals of DevOps for Data Testing Course - Module 3Fundamentals of DevOps for Data Testing Course - Module 3
Fundamentals of DevOps for Data Testing Course - Module 3MichaelCalabrese20
 
Transform Digital Business with DevOps
Transform Digital Business with DevOpsTransform Digital Business with DevOps
Transform Digital Business with DevOpsDaniel Oh
 
06 operations and feedback
06 operations and feedback06 operations and feedback
06 operations and feedbackClemens Reijnen
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAdam Stephensen
 
New ThousandEyes Product Features and Release Highlights: March 2023
New ThousandEyes Product Features and Release Highlights: March 2023New ThousandEyes Product Features and Release Highlights: March 2023
New ThousandEyes Product Features and Release Highlights: March 2023ThousandEyes
 
Forward5 Auxis VMware
Forward5 Auxis VMwareForward5 Auxis VMware
Forward5 Auxis VMwareAuxis Consulting & Outsourcing
 
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Atlassian
 
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...CezzaineZaher1
 
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptx
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptxMay 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptx
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptxThousandEyes
 
Infrastructure as Code for Network
Infrastructure as Code for NetworkInfrastructure as Code for Network
Infrastructure as Code for NetworkDamien Garros
 
Code in the Cloud - Ghent - 20 February 2015
Code in the Cloud - Ghent - 20 February 2015Code in the Cloud - Ghent - 20 February 2015
Code in the Cloud - Ghent - 20 February 2015Microsoft Developer Network (MSDN) - Belgium and Luxembourg
 
Continuous Integration and development environment approach
Continuous Integration and development environment approachContinuous Integration and development environment approach
Continuous Integration and development environment approachAleksandr Tsertkov
 
DevOps Service | Mindtree
DevOps Service | MindtreeDevOps Service | Mindtree
DevOps Service | MindtreeAnikeyRoy
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfWSO2
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2WSO2
 

More Related Content

Similar to WSO2CON 2024 - Software Engineering for Digital Businesses

DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Building a Quality Modelio with Q-Rapids by Softeam
Building a Quality Modelio with Q-Rapids by SofteamBuilding a Quality Modelio with Q-Rapids by Softeam
Building a Quality Modelio with Q-Rapids by Softeamaabherve
 
Git into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku
Git into the Flow, with the Ultimate Continuous Delivery Workflow on HerokuGit into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku
Git into the Flow, with the Ultimate Continuous Delivery Workflow on HerokuSalesforce Developers
 
Cloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct servicesCloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct servicesAndré Agostinho
 
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation Zivtech, LLC
 
Agile DevOps Implementation
Agile DevOps ImplementationAgile DevOps Implementation
Agile DevOps ImplementationManikandan R
 
Fundamentals of DevOps for Data Testing Course - Module 3
Fundamentals of DevOps for Data Testing Course - Module 3Fundamentals of DevOps for Data Testing Course - Module 3
Fundamentals of DevOps for Data Testing Course - Module 3MichaelCalabrese20
 
Transform Digital Business with DevOps
Transform Digital Business with DevOpsTransform Digital Business with DevOps
Transform Digital Business with DevOpsDaniel Oh
 
06 operations and feedback
06 operations and feedback06 operations and feedback
06 operations and feedbackClemens Reijnen
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAdam Stephensen
 
New ThousandEyes Product Features and Release Highlights: March 2023
New ThousandEyes Product Features and Release Highlights: March 2023New ThousandEyes Product Features and Release Highlights: March 2023
New ThousandEyes Product Features and Release Highlights: March 2023ThousandEyes
 
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Atlassian
 
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...CezzaineZaher1
 
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptx
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptxMay 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptx
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptxThousandEyes
 
Infrastructure as Code for Network
Infrastructure as Code for NetworkInfrastructure as Code for Network
Infrastructure as Code for NetworkDamien Garros
 
Continuous Integration and development environment approach
Continuous Integration and development environment approachContinuous Integration and development environment approach
Continuous Integration and development environment approachAleksandr Tsertkov
 
DevOps Service | Mindtree
DevOps Service | MindtreeDevOps Service | Mindtree
DevOps Service | MindtreeAnikeyRoy
 

Similar to WSO2CON 2024 - Software Engineering for Digital Businesses (20)

DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
Building a Quality Modelio with Q-Rapids by Softeam
Building a Quality Modelio with Q-Rapids by SofteamBuilding a Quality Modelio with Q-Rapids by Softeam
Building a Quality Modelio with Q-Rapids by Softeam
 
Git into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku
Git into the Flow, with the Ultimate Continuous Delivery Workflow on HerokuGit into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku
Git into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku
 
Cloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct servicesCloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct services
 
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
 
Api gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a serviceApi gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a service
 
Agile DevOps Implementation
Agile DevOps ImplementationAgile DevOps Implementation
Agile DevOps Implementation
 
Fundamentals of DevOps for Data Testing Course - Module 3
Fundamentals of DevOps for Data Testing Course - Module 3Fundamentals of DevOps for Data Testing Course - Module 3
Fundamentals of DevOps for Data Testing Course - Module 3
 
Transform Digital Business with DevOps
Transform Digital Business with DevOpsTransform Digital Business with DevOps
Transform Digital Business with DevOps
 
06 operations and feedback
06 operations and feedback06 operations and feedback
06 operations and feedback
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project success
 
New ThousandEyes Product Features and Release Highlights: March 2023
New ThousandEyes Product Features and Release Highlights: March 2023New ThousandEyes Product Features and Release Highlights: March 2023
New ThousandEyes Product Features and Release Highlights: March 2023
 
Forward5 Auxis VMware
Forward5 Auxis VMwareForward5 Auxis VMware
Forward5 Auxis VMware
 
Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...Agile Code Reviews: Supporting collaboration and improving production uptime ...
Agile Code Reviews: Supporting collaboration and improving production uptime ...
 
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
 
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptx
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptxMay 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptx
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptx
 
Infrastructure as Code for Network
Infrastructure as Code for NetworkInfrastructure as Code for Network
Infrastructure as Code for Network
 
Code in the Cloud - Ghent - 20 February 2015
Code in the Cloud - Ghent - 20 February 2015Code in the Cloud - Ghent - 20 February 2015
Code in the Cloud - Ghent - 20 February 2015
 
Continuous Integration and development environment approach
Continuous Integration and development environment approachContinuous Integration and development environment approach
Continuous Integration and development environment approach
 
DevOps Service | Mindtree
DevOps Service | MindtreeDevOps Service | Mindtree
DevOps Service | Mindtree
 

More from WSO2

architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfWSO2
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2
 

More from WSO2 (20)

architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 

Recently uploaded

Workshop - Architecting Innovative Graph Applications- GraphSummit Milan
Workshop - Architecting Innovative Graph Applications- GraphSummit MilanWorkshop - Architecting Innovative Graph Applications- GraphSummit Milan
Workshop - Architecting Innovative Graph Applications- GraphSummit MilanNeo4j
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)Roberto Bettazzoni
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Eraconfluent
 
Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Chirag Panchal
 
From Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIFrom Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIInflectra
 
Encryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key ConceptsEncryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key Conceptsthomashtkim
 
Auto Affiliate AI Earns First Commission in 3 Hours..pdf
Auto Affiliate AI Earns First Commission in 3 Hours..pdfAuto Affiliate AI Earns First Commission in 3 Hours..pdf
Auto Affiliate AI Earns First Commission in 3 Hours..pdfSelfMade bd
 
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...Abortion Clinic
 
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale IbridaUNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale IbridaNeo4j
 
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...Navigation in flutter – how to add stack, tab, and drawer navigators to your ...
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...Flutter Agency
 
Test Automation Design Patterns_ A Comprehensive Guide.pdf
Test Automation Design Patterns_ A Comprehensive Guide.pdfTest Automation Design Patterns_ A Comprehensive Guide.pdf
Test Automation Design Patterns_ A Comprehensive Guide.pdfkalichargn70th171
 
A Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfA Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfICS
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAShane Coughlan
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConNatan Silnitsky
 
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jGraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jNeo4j
 
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...drm1699
 
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-CloudAlluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-CloudAlluxio, Inc.
 

Recently uploaded (20)

Workshop - Architecting Innovative Graph Applications- GraphSummit Milan
Workshop - Architecting Innovative Graph Applications- GraphSummit MilanWorkshop - Architecting Innovative Graph Applications- GraphSummit Milan
Workshop - Architecting Innovative Graph Applications- GraphSummit Milan
 
The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)The mythical technical debt. (Brooke, please, forgive me)
The mythical technical debt. (Brooke, please, forgive me)
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Era
 
Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024
 
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
Abortion Pill Prices Germiston ](+27832195400*)[ 🏥 Women's Abortion Clinic in...
 
From Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIFrom Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST API
 
Encryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key ConceptsEncryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key Concepts
 
Abortion Clinic In Stanger ](+27832195400*)[ 🏥 Safe Abortion Pills In Stanger...
Abortion Clinic In Stanger ](+27832195400*)[ 🏥 Safe Abortion Pills In Stanger...Abortion Clinic In Stanger ](+27832195400*)[ 🏥 Safe Abortion Pills In Stanger...
Abortion Clinic In Stanger ](+27832195400*)[ 🏥 Safe Abortion Pills In Stanger...
 
Abortion Clinic Pretoria ](+27832195400*)[ Abortion Clinic Near Me ● Abortion...
Abortion Clinic Pretoria ](+27832195400*)[ Abortion Clinic Near Me ● Abortion...Abortion Clinic Pretoria ](+27832195400*)[ Abortion Clinic Near Me ● Abortion...
Abortion Clinic Pretoria ](+27832195400*)[ Abortion Clinic Near Me ● Abortion...
 
Auto Affiliate AI Earns First Commission in 3 Hours..pdf
Auto Affiliate AI Earns First Commission in 3 Hours..pdfAuto Affiliate AI Earns First Commission in 3 Hours..pdf
Auto Affiliate AI Earns First Commission in 3 Hours..pdf
 
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
Abortion Pill Prices Jane Furse ](+27832195400*)[ 🏥 Women's Abortion Clinic i...
 
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale IbridaUNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
UNI DI NAPOLI FEDERICO II - Il ruolo dei grafi nell'AI Conversazionale Ibrida
 
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...Navigation in flutter – how to add stack, tab, and drawer navigators to your ...
Navigation in flutter – how to add stack, tab, and drawer navigators to your ...
 
Test Automation Design Patterns_ A Comprehensive Guide.pdf
Test Automation Design Patterns_ A Comprehensive Guide.pdfTest Automation Design Patterns_ A Comprehensive Guide.pdf
Test Automation Design Patterns_ A Comprehensive Guide.pdf
 
A Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfA Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdf
 
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCAOpenChain Webinar: AboutCode and Beyond - End-to-End SCA
OpenChain Webinar: AboutCode and Beyond - End-to-End SCA
 
Effective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeConEffective Strategies for Wix's Scaling challenges - GeeCon
Effective Strategies for Wix's Scaling challenges - GeeCon
 
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jGraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
 
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
 
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-CloudAlluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
Alluxio Monthly Webinar | Simplify Data Access for AI in Multi-Cloud
 

WSO2CON 2024 - Software Engineering for Digital Businesses

  • 1. Software Engineering for Digital Businesses Selvaratnam Uthaiyashankar Senior Vice President, Engineering WSO2
  • 2. Ideas have value, but flawless execution is what determines success
  • 3. What we will cover in this talk ● WSO2’s software engineering processes ● Key takeaways for digital businesses ● How this thinking has influenced the development of Choreo 3
  • 6. Design ● Communications in mailing list, github issues and github discussions ● Tools ⦿ Google docs and several other diagraming tools (e.g draw.io, excalidraw) ⦿ Figma ● Review meetings ⦿ Architecture review ⦿ API design review ⦿ UX design review ⦿ Security review 6
  • 7. 7 Codecov Coding Run Code Scanning Tools Run Security Tools Find Security Bugs Start Create Pull Request OWASP ZAP Secure Engineering Guide FindBugs CheckStyle Code Review Change Requested Automated Pull Request Verification Pull Request Review & Approval Merge Pull Request Pull Request Build OWASP Dependency Check Development
  • 8. Development ● Communications in mailing list ● 3rd party dependency approvals ● Feature branches ● Test cases (unit test, integration tests, scenario tests) ● Documentation, samples ● Dependa bot - Automatically update dependencies to their latest version 8
  • 9. 9 Testing Testing Stage Development Time Unit Testing Pull Request Build Developer Machine Performance Testing Long Running Testing Testing Environment Development Stage Integration Testing Development Environment System Testing TestGrid TestNG : For server-side feature testing React-testing library : For React apps Storybook : For UI design assurance Mockito, Powermock : Test double objects Jacoco : Reporting Cypress : For UI/front-end & API testing Rest Assured : For REST API testing TestNG : For server-side feature testing Cypress : For UI/front-end & API testing TestNG : For server-side feature testing Cypress Dashboard : For Reporting Test Case Management
  • 10. Release ● Release is ready when … ○ All planned features are done ○ Documentations are available for the features ○ Testgrid reports 10 Merge Completed Features All Features completed Software Release Weekly Releases Alpha No Pending L1 Issues Beta No Pending L1, L2 Release Candidate Voting GA ○ Long running test reports ○ Performance numbers ○ Security scanning ○ No L1, L2 issues Merge Completed Feature Integration Testing Cloud Release Dev Environment Test Environment System Testing Ready for Release Daily Release Train Production Environment Work on Feature
  • 11. Summary of Secure Development Lifecycle 11 Secure Design Review Developer Self Review Code Review Product Release Process Static Analysis Dynamic Analysis Third-party Dependency Analysis GitHub Pull Request Template Security tools WSO2 Secure Engineering Guidelines National Vulnerability Database Scan Report Repository WSO2 Vulnerability Management System Security Leads Start https://security.docs.wso2.com/en/latest/security-processes/secure-software-development-process/
  • 12. 1. Receive 2. Evaluate 3. Fix 4. Backport / Frontport 5. Release Update 6. Inform Customer Support Portal, Customer Engagements True Positive? Work around possible? Change code / config. Merge to dev branch Versions within the porting policy Hotfix and update releases Inform through Support Portal 12 Maintenance Product Team Support Team 7. Apply Update Update available for all customers Customer
  • 13. Continuous Monitoring of Third Party Dependency Vulnerabilities 13 Security Team Continuously scan SBOM 1) Onboard new product releases 2) Maintain Software Bill of Materials (SBOM) Vulnerability Databases / Sources National Vulnerability Database Node Security Advisories GitHub Issues Notifications - New Vulnerabilities - Licence Changes or Violations WSO2 Customers Initiate Vulnerability Management Process Engineering Teams Analyze Findings Update WSO2 Trust Center WSO2 Support Portal - WSO2 Trust Center - Update Status - ETAs - Justifications
  • 14. DevOps ● Infrastructure as Code (IaaC) ⦿ Terraform ● GitOps Process ● System monitoring ⦿ Azure Monitor and Kusto query ● Application monitoring ⦿ Site24×7 ● Alerting ⦿ PagerDuty to generate call alerts for all critical alerts ⦿ Email/chat notifications for non-critical failures 14
  • 15. Build Pipeline Mandatory Quality and Security Checks DevSecOps 15 Software Composition Analysis (SCA) Third Party Dependency Vulnerabilities License Violations Container Scanning Linting and Static Security Analysis Gosec Super-linter Infrastructure as Code (IaC) Scanning
  • 16. Key takeaways from WSO2's processes for digital businesses
  • 17. Key takeaways ● Record all requirements ● Inner source - Applying open source best practices ● Parallel versions, process to identify bugs in all affected versions ● GitOps ● Automated testing, deployment, and monitoring ● Security at every level, continuous security processing 17
  • 21. How Choreo helps ● Record all requirements - External ● Inner source - Source code repository is attached to projects, components ● Parallel versions - Deployment tracks ● GitOps - environment, configuration management ● Automated testing, deployment, and monitoring - Test components, CI/CD, observability, insights ● Security at every level, continuous security processing - Trivy scans, API gateways, cell architectures 21