From the Pipeline v27.0

The following will be a regular feature where we share articles, podcasts, and webinars of interest from the web.

The Importance of Feature Flags in CI/CD

The DevOps Research and Assessment group (DORA) measures four things: frequency of deployment, lead time for change, mean time to repair, and change failure rate. Elite performers deploy many times per day. Feature flags allow teams to move fast and break nothing. Progressive Delivery means releasing to a subset of the user base then gradually expand once confirmation the release is successful. Feature Flags in the delivery pipeline lend visibility into the configuration for each release with the capability to include performance-related metrics.

Top 5 Trending Test Automation Actions

TestProject maintains a library of over 1,500 automated actions shared with the community as Addons. The community recently ranked the actions by usage: (1) Click If Visible, (2) Click (using Javascript), (3) HTTP Get Request, (4) Get CSS Value, and (5) Compare Image with UI Element. The last ranked item is used for visual testing. The click using Javascript action helps when sometimes WebDriver has difficulty interacting with an element. The HTTP Get Request provides standard request methods used in API testing. The Click If Visible action is leveraged to more closely mimic the user experience. Finally the Get CSS Value enables to automation to probe specific CSS properties.

Microsoft revealed the latest truths about working from home. One is truly disturbing

Microsoft looked into the year of working from home and found some interesting facts. For one, the share of IMs being sent increased by 53% between 6pm and midnight. During the pandemic, most IT leaders described themselves as thriving, yet workers don’t share the same sentiment. Microsoft says 37% of employees say companies are making them work too hard. As the potential for return-to-work or hybrid models loom, there will be another disruption as the workforce changes gears again.

Predicting Security Vulnerabilities with Behavioral Code Analysis

Security vulnerabilities correlate with low code health, development hotspots, and a high author churn in the organization. In the article, Code Scene argues that code quality is as much as technical issues as it is a business issue. Low code health leads to technical debt, which consume development resources. Low code health also leads to a higher number of total security errors. In general, the more experience a team has i nthe domain and codebase, the fewer security errors. Code health is an aggregated metric to classify code with respect to correctness and ease of understanding. Violating code health properties like DRY, Developer Congestion, and Bumpy Road lead to a higher number of vulnerabilities. Additionally there is a strong correlation between security error density and hotspots where complicated code that developers spend much time on.

How to Design DevSecOps Compliance Processes to Free Up Developer Resources

With the expectations for fast delivery, it’s imperative to include security from day one. Security is a shared responsible that must be included in the end-to-end delivery pipeline. Compliance can be designed into the system via automation such as vulnerability scanning, auditing, logging, and monitoring to track changes real-time.

Series Navigation