APRIL 2022 • VOL. 2, ISSUE 58 • $9.95 • www.sdtimes.com
IFC_SDT054.qxp_Layout 1 11/17/21 11:09 AM Page 2
®
Instantly Search Terabytes
www.sdtimes.com EDITORIAL EDITOR-IN-CHIEF David Rubinstein drubinstein@d2emerge.com NEWS EDITOR Jenna Sargent jsargent@d2emerge.com MULTIMEDIA EDITOR
dtSearch’s document filters support: popular file types emails with multilevel attachments
Jakub Lewkowicz jlewkowicz@d2emerge.com SOCIAL MEDIA AND ONLINE EDITOR Katie Dee kdee@d2emerge.com
a wide variety of databases
ART DIRECTOR
web data
Mara Leonardi mleonardi@d2emerge.com CONTRIBUTING WRITERS
2YHU VHDUFK RSWLRQV LQFOXGLQJ efficient multithreaded search
Jacqueline Emigh, Elliot Luber, Caryn Eve Murray, George Tillmann CONTRIBUTING ANALYSTS Enderle Group, Gartner, IDC, Intellyx
HDV\ PXOWLFRORU KLW KLJKOLJKWLQJ forensics options like credit card search
CUSTOMER SERVICE SUBSCRIPTIONS subscriptions@d2emerge.com ADVERTISING TRAFFIC Mara Leonardi mleonardi@d2emerge.com
Developers: 6'.V IRU :LQGRZV /LQX[ PDF26
LIST SERVICES Jessica Carroll jcarroll@d2emerge.com
&URVV SODWIRUP $3,V FRYHU & -DYD and recent NET (through NET 6)
.
.
)$4V RQ IDFHWHG VHDUFK JUDQXODU GDWD FODVVLILFDWLRQ $]XUH $:6 DQG PRUH
REPRINTS reprints@d2emerge.com ACCOUNTING accounting@d2emerge.com
ADVERTISING SALES
Visit dtSearch.com for KXQGUHGV RI UHYLHZV DQG FDVH VWXGLHV IXOO\ IXQFWLRQDO HQWHUSULVH DQG developer evaluations
PUBLISHER David Lyman 978-465-2351 dlyman@d2emerge.com MARKETING AND DIGITAL MEDIA SPECIALIST Andrew Rockefeller arockefeller@d2emerge.com
The Smart Choice for Text Retrieval® since 1991
dtSearch.com 1-800-IT-FINDS
PRESIDENT & CEO David Lyman
D2 EMERGE LLC www.d2emerge.com
CHIEF OPERATING OFFICER David Rubinstein
003_SDT058.qxp_Layout 1 3/28/22 5:48 PM Page 3
Contents
VOLUME 2, ISSUE 58 • APRIL 2022
FEATURES
NEWS
What makes a good team leader?
4
News Watch
11
Opsera and Octopus Deploy announce partnership to create no-code DevOps orchestration layer
11
Tasktop and Broadcom partner on value stream solution
COLUMNS 24 GUEST VIEW by Irina Lunin Insights from business process analytics
25 ANALYST VIEW by Rob Enderle Anticipating the 6G revolution
page 6
Enterprise open source and the security of the software supply chain
26 GUEST VIEW by Vijoy Pandey The case for full-stack observability
page 12
BUYERS GUIDE Targeting a key to automated testing Check out the weekly “What the Dev?” podcast on sdtimes.com LISTEN ON APPLE, BUZZSPROUT, OVERCAST, AND SPOTIFY
page 16 Software Development Times (ISSN 1528-1965) is published 12 times per year by D2 Emerge LLC, 2 Roberts Lane, Newburyport, MA 01950. Periodicals postage paid at Plainview, NY, and additional offices. SD Times is a registered trademark of D2 Emerge LLC. All contents © 2022 D2 Emerge LLC. All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, 2 Roberts Lane, Newburyport, MA 01950. SD Times subscriber services may be reached at subscriptions@d2emerge.com.
004,5_SDT058.qxp_Layout 1 3/28/22 11:13 AM Page 4
4
SD Times
April 2022
www.sdtimes.com
NEWS WATCH Better analytics in Google Play Reporting API Android developers will now have access to better analytics around how their apps are doing with the new Google Play Developer Reporting API. Previously developers could use the Google Play Console to track app performance, but some feedback that the Android team has received is that developers want to be able to track app vitals outside of the Play Console. The new API will let developers utilize data from developer accounts. The initial release includes access to four core vitals: crash rate, ANR rate, excessive wake-up rate, and stuck background wake-lock rate. Developers will also be able to view anomalies, breakdowns, and up to three years of metric history.
RedisJSON 2.0 introduces new indexing capabilities RedisJSON is a JSON-standards in-memory database. According to the company, this type of database has many benefits over the commonly used relational databases, which Redis explained can be inflexible and have scaling issues. To help address those shortcomings, RedisJSON offers flexible deployment options, cost savings methods, geo-distribution capabilities, and 99.999% uptime, according to Redis. This release introduces native indexing, querying, and full-text search capabilities to help developers more easily modernize their applications. Now, indexing can be done
Biggest changes in Go 1.18 release The Go development team has announced that the 1.18 release of the language is here. According to the team, this release is the biggest change to the language to-date. “It isn’t a stretch to say that the design for parts of Go 1.18 started over a decade ago when we first released Go,” the Go team wrote in a blog post. One new addition in Go 1.18 is support for generics, which enables functions and data structures to be represented in a generic way. The support in this release will support many common use cases, and future releases of Go will continue to add support for more complicated situations. Go 1.18 also fully integrates fuzzing, which inputs random data into a test in order to find vulnerabilities or bugs. Another new feature in this release is the Go workspace mode that enables developers to more easily work with multiple modules. Go modules are a popular feature leveraged by most Go developers, but the 2021 user survey revealed that a main challenge of working with modules was the difficulty that arose when working with more than one module. The team hopes this new workspace mode will alleviate that burden. In addition to new features, Go 1.18 has achieved a 20% performance improvement. This is the result of the team expanding the register ABI calling convention that was present in Go 1.17 to new architectures, such as Apple M1, ARM64, and PowerPC64. synchronously. Once an index is created, every write or update operation will show up in the next query or search. As of this release, the JSON Data Interchange Format is now a native data type, enabling atomic operations on sub-elements, which leads to improved productivity for developers. According to Redis, this release is ideal for real-time economy use cases, such as storing and updating a product catalogue, matching riders or orders for transportation or delivery apps, and acting as a central repository for shopper, merchant, and retail profiles.
Microsoft releases TypeScript 4.6 Microsoft has released the latest version of TypeScript, its language that builds on JavaScript and adds syntax for type. With TypeScript 4.6, users gain several new features. Prior to this release, it was an error to contain any code
at the beginning of a constructor if its containing class had any property initializers. TypeScript 4.6 makes it more lenient and permits other code to run before super(), while still making sure that super() occurs at the top-level before any references to this. Additionally, with this release a signature can be declared with a rest parameter whose type is a discriminated union of tuples. This means that when the first argument is the string “str”, then the second argument must be a string or when the first argument is the string “num”, the second has to be a number. Also, in cases where TypeScript infers the type of a function from a certain kind of signature, it can now narrow parameters that depend on each other. A few other noteworthy changes include that object rests drop unspreadable members from generic objects and that JavaScript files always receive grammar and binding errors.
Tricentis updates testing solutions The new update service in Tosca 15 enables customers to more easily keep up with features by downloading individual engines or components of Tosca. Tosca 15 now has significant new capabilities for mobile testing to simplify mobile cloud connectivity, reduce test cycle times, and increase continuous testing support including a new mobile engine that supports the latest iOS and Android OS versions and devices, the ability to test iOS with a Windows machine, and more. Tricentis also recently added the ability for Tricentis qTest to run on Kubernetes to provide a faster, more scalable, and resilient test management solution for customers. Selfmanaged customers gained the option to manage qTest with Kubernetes, starting with the qTest 11.0 release. Also with a NeoLoad 8 release, customers can gener-
004,5_SDT058.qxp_Layout 1 3/28/22 11:14 AM Page 5
www.sdtimes.com
ate load in the cloud from the NeoLoad SaaS UI, and execute load tests within five minutes.
Microsoft contributes features to Flutter for foldable devices Microsoft has made some announcements regarding its support for developing for foldable devices with Flutter. MediaQuery, which provides information on things like screen size, display density, and text scaling, now has Display Features. These are parts of the display that can be obstructed by hardware features, such as the hinge on the Surface Duo. When users switch over to the master channel on their local Flutter setup, they can now access a property called ‘displayFeatures.’ When users want to display content on only one screen of Surface Duo, which is the case when they’re showing a dialog, they now have the option of using the ‘DisplayFeatureSubScreen’ widget. The widget is mostly needed for modal routes and is used in the “Dialogs and popups support” PR. Microsoft also added a number of new samples for foldable Flutter that showcase design patterns for foldable devices.
CData Connect Cloud is now available The solution enables owners of cloud applications access to real-time data and unified connection. The cloud data connectivity platform provides a centralized location for organizations to manage various integration points and connections to real-time data from an ecosystem of data sources.
CData Connect Cloud connects over 250 cloud applications, databases, APIs and services to allow organizations to quickly move and integrate data across the cloud with no coding, installation, or special skills required. It also gives citizen data integrators and data engineers the ability to use real-time connectivity and their tools of choice, removing dependencies on IT, advanced programming skills, and other complex data movement processes.
Android to enable app archiving to free up space Apps can now be archived to restore up to 60% of app storage. When an app is archived, only parts of it are removed, as opposed to fully uninstalling the app where it would be removed entirely. When a user chooses to restore the app fully, it will be downloaded with the latest available version, keeping all user data intact. According to the Android development team, this will benefit both developers and users. Developers will see fewer uninstalls of their apps and users will be able to quickly get back into apps once they are re-activated. The upcoming Bundletool 1.10 release will make this functionality available to developers using App Bundles. For developers who build apps using the Gradle Plugin 7.3, the team will create a new APK: archived APKs, which are small APKs that preserve user data until the full app is restored. This won’t be functional until the Android development team launches archiving to consumers later in the year.
APKs will be available for download through the Generated APKs API or in the Play Console through the App Bundle Explorer. This new functionality is open-source, so developers will be able to inspect the code, the team explained.
Micro Focus ValueEdge provides modular VSM capabilities ValueEdge is a modular value stream management (VSM) platform that integrates with a company’s existing set of tools. It includes end-to-end VSM so that companies can improve their process from strategy all the way through to delivery. ValueEdge has a cloudbased architecture, which allows it to be quickly deployed and can scale easily as needed. Analytics capabilities will provide companies with actionable insights that can be used to optimize processes. Other capabilities Value-
April 2022
SD Times
Edge provides include end-toend traceability, functional testing, and over 100 application integrations.
Knative joins CNCF as incubating project The open-source platform for building serverless and eventdriven applications, Knative, is entering the Cloud Native Computing Foundation (CNCF) as an incubating project. Knative helps reduce the barrier to entry for developers to work with Kubernetes because it allows them to manage, monitor, and operate it with less technical knowledge and time. It is made up of two main components: Knative Serving and Knative Eventing. Knative Serving runs serverless containers and manages details of networking, autoscaling, and revision tracking. Knative Eventing provides universal subscription, delivery, and management of events. z
People on the move n Zoë Kooyman was appointed as the new executive director of the Free Software Foundation (FSF). Kooyman joined the FSF in 2019 as a program manager, and has been the lead organizer of the FSF’s LibrePlanet event since 2019, including successfully converting the 2020 event online in just five days at the very start of the COVID-19 pandemic. She will replace John Sullivan, who held the role for the past 12 years. n Platform9 has announced the appointment of its first ever Chief People Officer, Vishwa Kapadia. Kapadia had previously held executive positions at Dell and Intel. At Platform9 her work will focus on building a high-performing work culture that is diverse and inclusive. n Gary Steele has been named Splunk’s next CEO, effective April 11. With over 30 years of experience in scaling SaaS operations and growing companies to the multi-billion dollar level, he will work to grow Splunk’s business. Graham Smith had been serving as an interim CEO since November 2021, and he will return to his role as Chair of the Board when Steele takes over.
5
006-9_SDT058.qxp_Layout 1 3/28/22 11:15 AM Page 6
6
SD Times
April 2022
www.sdtimes.com
What makes a good BY KATIE DEE
D
espite the rapid evolution and constant change being seen in the software development industry, one thing has remained constant: the necessity for strong and capable leadership. In order for a development team to perform at its highest level, it needs proper guidance from a strong leader. This raises the question of what exactly makes for a successful modern-day development team leader? Mario Cadete, head of San Francisco engineering at Bloomberg, said that placing a heavy focus on team communication is one of the most important qualities for a team leader. “I think it’s becoming even more important to be even more effective in communicating and listening. The last two years have really stretched us with that, and so we really have to develop skills to do that,” he said. Cadete continued, “I think it’s really important to be intentional in fostering an inclusive culture, which looks like an environment where everyone in your group can feel safe and can contribute their ideas… I think it’s important that everybody has a voice.” Matt Mihic, head of engineering at observability platform provider Chronosphere, touched on the importance of building an inclusive culture as well. He said, “Anything that is interesting to build requires more than one person, there’s not a lot of single-person projects that are really meaningful and
so, understanding how to work with and meaningfully support other people… becomes a core trait.”
Communicating business goals Rajesh Raheja, SVP of engineering at Boomi, believes that one of the most important aspects of leadership is being able to effectively make your team understand the ultimate goals of the business. He explained that software development is not just about completing the current project, it’s how the project overall works towards company objectives. According to Bryan Friehauf, SVP of enterprise software solutions at Hitachi Energy, effectively communicating the ultimate goal of the software being developed, in terms of customer satisfac-
tion, is a key element of leading a team. He said, “If you understand not just what specifically they’re asking you to do, but why… if you’re a senior leader you really need to understand what those problems are because then you’re able to unleash that innovation to come up with a better solution than maybe even what the customer is asking for.” Gabe Monroy, chief product officer at DigitalOcean, talked about the importance of good prioritization skills when it comes to leading a team. He believes that the ability to prioritize properly is what distinguishes the leaders that have a problem saying no to team members from the ones that are actually delivering results. “The leaders who have the maturity
006-9_SDT058.qxp_Layout 1 3/28/22 11:15 AM Page 7
www.sdtimes.com
team leader?
for leaders of development teams have changed exponentially in recent years. “In the last 5-10 years… the responsibilities of engineering teams have been dramatically increasing,” he said. “So, if you are an engineering leader, you are now managing a team that is no longer responsible simply for writing computer programs.” Kontsevoy explained that because of this expansion of duties, leaders now need to have a broad background that extends beyond the technicalities of writing code. Developers are now expected to handle tasks that were previously not in the job description such as data security, data integrity, infrastructure management, and compliance. “You need to be a well-rounded individual because your team is now responsible for much more than just writing computer programs,” he said.
Characteristics of a good leader
to say ‘look, we can’t prioritize this initiative right now, we have to focus on these other higher priority items,’ those are the leaders that are delivering success,” Monroy said. Additionally, Rajeha stressed the need for a leader to act as a good team builder and a kind of coach. He said a good leader has to be sure that they have the right team members with the right skill sets to make for heightened productivity and a better overall result. “Particularly, today in this time of the ‘Great Resignation’ you need to be able to act as a coach and a mentor so that you can retain that talent that you’ve already attracted to your organization,” Raheja said. According to Ev Kontsevoy, CEO of Teleport, the most desirable attributes
Cadete discussed the importance of managing your team without falling into the trap of micromanaging. “I think if you can more clearly communicate the outcomes that you expect, you can then manage those outcomes in a more incremental fashion,” he said. He explained that breaking down a larger project into smaller sections that can be completed independently gives the leader visibility into the whole project while also only checking in when a task is completed. “This will give people the space to work the problems out and try and achieve them, but also have it structured in a way where you can measure results.” This ties back into the communication aspect of leading a team of developers. According to Cadete, checking in when these incremental projects are complete also works to give the leader an idea of how well they are communicating the desired outcomes to the team. That way, they know if they need to adjust their language going forward.
April 2022
SD Times
Raheja also mentioned that a good leader has the ability to hear the opinions of the developers on their team while still managing those differing opinions and ensuring that the team stays on track to accomplish the core goal at hand. “Leaders need to be able to tell a very effective story of what we are going to do and how we are going to get there, but also be able to influence people and change certain opinions,” he said. Kontsevoy spoke about the velocity of software development and how a good leader is one that enables their team to achieve that pace. He explained that bogging your team down with too much red tape to cut through ultimately leads to non-functionality. “And this is really hard to do because some of these new responsibilities that engineers now have are full of rules and regulations, so you as an engineering leader need to allow your team to move fast and break things without sacrificing security, for example,” he said. Friehauf also discussed the speed at which technology is advancing. He said that there is always going to be some new cool piece of technology that teams are going to be attracted to. “I think keeping the teams somewhat focused on the mission at hand while also allowing them to find some time where they can do some of those cool things gives the team a chance to be creative while also keeping them focused,” he said. Hubert Wong, co-founder and CTO of CaptivateIQ, said a good leader is one that is able to effectively uplift and encourage their team to reach their full potential. “You need someone who sort of inspires the team to think creatively and push themselves to grow and maximize the learning and growth of the team,” he said. Kontsevoy mentioned that it is all about striking a perfect balance continued on page 8 >
7
006-9_SDT058.qxp_Layout 1 3/28/22 11:16 AM Page 8
8
SD Times
April 2022
www.sdtimes.com
< continued from page 7
between what the engineers on your team want to get done and what actually needs to get done to keep up with the new regulatory requirements the team is operating under. To be a successful leader, you need to prioritize both of these aspects to keep your developers happy while maintaining proper compliance.
Remote management a challenge Cadete mentioned the way that the transition to remote and hybrid work has reshaped the way teams are led. He spoke about the way leaders need to
work harder to gain the level of communication needed without the accidental communication that happens in an in-person setting. “In a hybrid setting everything is so intentional… People maybe don’t want to interrupt their leaders or team members if they think the thing they want to discuss is not important enough. So you’re trying to create that kind of environment where you can have that accidental communication but do it remotely,” he said. Rajeha also spoke about the way that scattered teams operating in different time zones adds a new layer to develop-
Be inclusive and welcoming
Creating a safe and inclusive work environment is one of the most important tasks for any team leader; however, there is still progress to be made in making the software development industry a more welcoming place for women. Dana Lawson, SVP of engineering at Netlify, said, “There’s reasons that women may not feel safe showing up in the work environment, and there are these opportunities to create more of a culture where you can really… make sure that you’re welcoming no matter what.” Lawson placed an emphasis on the importance of empathy when it comes to leading a team because it is almost impossible to understand the circumstances each team member is dealing with outside of work. She explained that the transition to hybrid work has helped to allow for more empathy and inclusivity because of the flexibility that it offers in situations such as single motherhood. She also discussed how, as a team leader, there is an important responsibility to protect the women on your team. “I think there needs to be really intentional training, not just the fifteen minutes of how to not harass people… I think there's a huge opportunity to really look at how people show up and how you speak and how you give work out and give opportunities out,” Lawson said. She also mentioned that creating a workplace that feels safe and inclusive for all team members has to be a continuous practice. “You’re not going to read a manual and say ‘great everybody should work here and feel equal now,’” she said. “I think that you have to continue to grow as the world is growing and hopefully become better in recognizing the things that didn't work in the past and that people are not going to tolerate anymore.” In addition, Lawson stressed the importance of actively listening to your team members and taking their comments or complaints seriously. “Don’t put on your blinders and be short-sighted. Apply the growth mindset, learn from your mistakes, — Katie Dee own up to it, continue on, and be better,” she said. z
er leadership. “A leader of a team across multiple time zones has to build an inclusive environment,” he said. He explained the importance of not seeming to give the more local members of the team preferential treatment by scheduling meetings in a way that considers different time zones. “It’s about creating that safe and inclusive environment for all team members rather than selecting certain team members because [the leader] doesn’t have the experience of managing a large global team,” he said. Friehauf also stressed that it is the team leader’s job to ensure that a scattered team maintains a healthy level of communication and collaboration, even if time zone constraints result in that communication being asynchronous. “It was a little disruptive at first… but making sure that everyone is participating in these discussions was an early-on cultural change that I think people have adapted pretty well to,” he said. Wong echoed the importance of asynchronous communication, saying that it is vital to write important things down and create artifacts for meetings or engagements that the whole team then has access to. “This helps to save the remaining time for that precious synchronous communication,” he said.
Dealing with team stresses, mental health Mihic also touched on the challenges that leaders can face in keeping up team morale and working to avoid burnout. He believes this is particularly important in the world we are currently living in and all of the external stressors at play. “Work is a huge component of people’s lives,” he said, “So you want to make sure that as they’re dealing with stress outside of work, the workplace is offsetting that as much as possible.” Wong cited this layer of preventing burnout and prioritizing the mental health of team members as a serious problem facing leaders today. He said, “There’s a lot of uncertainty going on in the world right now… so we have to be conscious of that and understand how to navigate through these challenges.”
006-9_SDT058.qxp_Layout 1 3/28/22 11:16 AM Page 9
www.sdtimes.com
April 2022
SD Times
Dev teams now more responsible for security Mario Cadete, head of San Francisco engineering at Bloomberg, said that the transition to DevSecOps has only added to the increase in developer responsibility. “Security has to be a firstclass feature, and I think a lot of us are still figuring that out because, traditionally, security was left for the security team,” he said. Cadete believes that the shifting of security left has and will continue to influence developer teams and the way they are expected to perform. “You do see things like DevSecOps teams being formed… and it’s MARIO CADETE becoming something that is a part of their core toolkit.” Where security used to be somewhat of an afterthought for teams and their leaders, it is now at the forefront of their responsibilities. Matt Mihic, head of engineering at Chronosphere, believes that the best way a leader can help their team
Monroy echoed this, saying, “As a leader, you really need to look after the whole person and not just the work part of the person. Everyone is dealing with stress and strain from the pandemic and all of that will ultimately affect the work, but more importantly, you have to care for your employees.” He explained that in order to accomplish this, leaders need to make an effort to care about team members beyond just the part of them that shows up for work every day. Humans are multifaceted, but these layers will ultimately blend together. This is why Monroy believes that giving team members the space to prioritize their mental health will make for more productivity and a better end result in the workplace. Mihic explained that fostering a supportive and caring environment leads to higher levels of communication both within and between teams. “You really want to have that trust, and that comes from having that shared context and that human interconnection that really builds a lot of that,” he said.
Executing on objectives is key Rajeha went on to say that ultimately, the key indicator of a good developer team leader is their ability to execute
cope with the new security aspect of the development process is to find somebody within the team who already has an interest in the security space. “Security is a good example… We would leverage them as kind of consultants or advisors to the rest of the team,” he said. Mihic believes that this works to give team members the opportunity to specialize in one particular area as well as prevents developers from approaching security standards as if they are a burden. According to Ev Kontsevoy, CEO of Teleport, this increase in security responsibilities leads to heightened stress levels for developers. “Your team is now under the stress of responsibility and also complexity,” he said. “Your responsibility as a good leader becomes shielding your team from these complexities… it’s about finding a way to tame complexity and keep it at bay.” z
objectives effectively. “Ultimately, it is all about execution… So, they need to have a lot of orientation towards results and the ability to create actions that will work towards those results.” Mihic spoke on this as well, saying that a good leader will always have the ability to look ahead and see how the context that is given can eventually translate into a solid execution plan that the team can deliver on successfully. “As you get closer [to the end], it becomes less about the day-to-day execution and more about what the health of the organization looks like,” he said. Konstevoy also explained that a key attribute of team leaders, and successful development teams in general, is creating a culture of trust. Kontsevoy explained that allowing your team members to work in a way that comes most naturally will always yield better results than forcing a different method or tool on them. “You have to trust them with making these decisions and you, as a leader, need to operate around outcomes,” he said. “Focus on what will be done, why it will be done, and when it will be done, but don’t interfere with how.” Cadete said placing a focus on both the success and growth of your team as well as yourself will help to achieve this
outcome-based approach to leadership. Allowing your team to find their own methods will not only help them grow as developers, but it will help you grow as a leader as well. Kontsevoy also believes that a good development team leader should work to establish “default actions” in the organization, meaning that if the leader cannot be reached and a predictable issue arises, there should be a set of standards established for the team that will allow them to handle the situation without the direct input of the team leader. “If you have that, then there is not a lot of context switching simply because the team is running on autopilot,” he said. “In the best case scenario, a leader should only be focused on things that have broken or if something extraordinary happens.” According to Rajeha, another detail of good leadership is ensuring that the developers on your team know that their primary goal is not to write code, but rather to deliver customer value and achieve the goals of the organization. “It is never going to be about the quantity of code delivered,” he said. “It’s about the quality of how well the team has met or exceeded the customer’s expectations, and that is the one piece of advice I would give.” z
9
Full Page Ads_SDT057.qxp_Layout 1 2/24/22 3:55 PM Page 14
A
Event
Sponsored by
011_SDT058.qxp_Layout 1 3/28/22 11:17 AM Page 11
www.sdtimes.com
April 2022
SD Times
DEVOPS WATCH
Opsera and Octopus Deploy announce partnership to create no-code DevOps orchestration layer BY KATIE DEE
Opsera, the continuous orchestration platform for DevOps, has announced that it has entered into a partnership with the automated deployment and release management server, Octopus Deploy. This integration is intended to allow software delivery teams to quickly, securely, and seamlessly create a nocode orchestration layer for end-to-end software supply chain management. Octopus Deploy’s tool to accelerate reliable, repeatable, and traceable deployments across cloud and onpremises paired with Opsera’s no-code orchestration solution reduces the complexities of adding an orchestration layer to deployment processes. Additionally, Opsera eliminates the need to manually write glue code and custom scripts. With this integration, users gain several benefits, including increased velocity and reduced barrier to entry due to Octopus’ Configuration as Code solution that works to balance the power of Git with the usability of Octopus. Additionally, customers possess improved security and compliance due to Octopus’ built-in manual intervention steps, which have been extended by Opsera. With this, software delivery
teams gain reporting and tracking via a single source of truth in order to ensure compliance and audit measures are met. This integration also provides security and secrets management due to Octopus’ built-in support for managing configuration variables and secrets that vary as software releases are prompted through environments. Opsera adds to this through its integration with thirdparty secrets management solutions such as HashiCorp Vault.
ed by Opsera’s 100+ KPIs adhering to the set standards from DORA, DoD, and NIST DevSecOps metrics. “The Opsera and Octopus integration offers the speed and control software delivery teams need to keep pace with modern DevOps,” said Vishnu Vasudevan, head of product at Opsera. “Multi-cloud and multi-environment deployments are challenging but proliferating in the enterprise. Combining the flexibility of tool choice and
‘Multi-cloud and multi-environment deployments are challenging but proliferating in the enterprise.’ —Vishnu Vasudevan, head of product at Opsera
Lastly, this partnership allows for users to gain access to customizable reporting and metrics. Octopus does this by providing dashboards that show you what version of an application is deployed to what environment. With this, users have the ability to see who deployed which release, to what environment, when they did it, and if it was successful. This feature is complement-
no-code automation of Opsera with Octopus Deploy’s exceptional deployment automation capabilities means release engineers and developers can deploy across environments faster, better and secure with strict security and compliance measures in place with 360-degree visibility from planning to operations including Value Stream Management.” z
Tasktop and Broadcom partner on value stream solution BY JENNA SARGENT
Value stream management companies Tasktop and Broadcom have announced a new partnership to enable companies to better measure their business value. Tasktop’s technology will power Broadcom’s ValueOps Connectors, which will synchronize data between software development tools and Broadcom’s ValueOps value stream management solution.
According to the companies, this solution will provide companies with the ability to collect and unify their value stream data. Key benefits will include extracting siloed data to create complete data sets, increased team collaboration, and reduction of errors related to manual data collection. “Every business is a software business and accessible, reliable data is
needed to derive value during the software delivery process. This requires solutions to connect technology and the business with the right metrics to enable more effective enterprise digital transformation,” said Mik Kersten, CEO at Tasktop. “Broadcom’s ValueOps Connectors powered by Tasktop help uncover data lost in silos, the key to unlocking all information needed for effective value stream management.” z
11
012-14_SDT058.qxp_Layout 1 3/28/22 11:17 AM Page 12
12
SD Times
April 2022
www.sdtimes.com
Enterprise open source of the software supply BY JENNA SARGENT n late 2021, a vulnerability was detected in the Java logging package Log4j, which is the most popular framework for logging in Java. It is used in millions of applications. Not only that, but it is used as a dependency in over 7,000 open-source projects, according to research from software security company Sonatype. Given the widespread impact of the vulnerability of this package, it sparked a renewal of the conversation into supply chain security. According to Javier Perez, chief evangelist for Open Source & API Management at OpenLogic by Perforce, a software supply chain is all of the components that exist in a piece of software, including any dependencies. Supply chain security is this notion that if one piece in your supply chain is vulnerable, the whole thing is vulnerable. With Log4j, this meant that any company that used a piece of software that used Log4j was vulnerable, even if they themselves weren’t directly using the package. It’s not just Log4j that companies need to be afraid of. According to Sonatype’s 2021 State of the Software Supply Chain report, 29% of the most popular open-source projects contain known vulnerabilities. The report also contained the daunting stat that there was a 650% year-over-year increase in supply chain attacks in 2021. “Members of the world’s open source community are facing a novel and rapidly expanding threat that has nothing to do with passive adversaries exploiting known vulnerabilities in the wild — and everything to do with aggressive attackers implanting malware directly into open source projects to infiltrate the commercial supply chain,” Sonatype wrote in its report. Despite these threats of supply chain attacks, open source is thriving more than ever and most people tend to trust it more than proprietary or commercial software. Red Hat’s 2022 State of Enterprise Open Source report found that 89% of IT leaders think enterprise open source is either as secure or more secure than proprietary software.
I
What is enterprise open source? Enterprise open source is a category of opensource software in which a company offers support for a specific project. Red Hat technology evangelist Gordon Haff says: “The way our CEO, Paul Cormier likes to describe it is it’s enterprise software developed
012-14_SDT058.qxp_Layout 1 3/28/22 11:18 AM Page 13
www.sdtimes.com
April 2022
SD Times
and the security chain
using an open-source development model. You get the benefits of an open-source development model where you've got different organizations cooperating on doing development. So you get that advantage of the open-source development model, but at the same time customers can treat it — I wouldn't say they can treat it as proprietary software — but they get the same kind of support process, testing process, and so forth that they would hopefully get from any software.” Adding to this, in a blog post from Red Hat: “To be what we’d call enterprise open source, a product requires testing, performance tuning, and be proactively examined for security flaws. It needs to have a security team that stands behind it, and processes for responding to new security vulnerabilities and notifying users about security issues and how to remediate them.” According to Perez, there are a number of ways to commercialize an open-source project, but the most common one today is through the open-core model. In an open-core model, a company takes an open-source project and then adds functionality on top of it. Perez explained that commercialization of open-source software has been particularly successful in the database space. Another example is Kubernetes, for which there are hundreds of companies that offer products built around continued on page 14 >
The top reasons to love (or hate) open source In OpenLogic by Perforce’s 2022 State of Open Source report, the company asked respondents why they choose open-source software and then compiled a top five list. According to the report, the top five reasons companies are turning to open-source software are: 1. Access to the latest technologies 2. No license cost, or overall cost reduction 3. Enables modernization of their technology stack 4. There are many options 5. Constant releases and patches
“Most, if not all, the innovation is happening in the open and open-source software,” said Perez. However, the report also gathered the top four reservations companies have when it comes to adopting open source software. These include: 1. Lack of in-house skills to test, use, integrate, or support the technology 2. Restrictions of some open-source licenses 3. It doesn’t scale as well as proprietary software 4. Lack of real-time support
Fortunately, these reservations can be addressed by leveraging enterprise open source rather than trying to go it alone. z
13
012-14_SDT058.qxp_Layout 1 3/28/22 11:18 AM Page 14
14
SD Times
April 2022
www.sdtimes.com
< continued from page 13
Kubernetes. “There are a lot of people out there for whom a managed Kubernetes service [makes sense]. They don't want to have to hire a bunch of SREs to operate Kubernetes,” said Haff.
Security and enterprise open source While security isn’t necessarily the only draw for enterprise open source, Red Hat’s survey shows that customers value it for a number of reasons relating to security. • 52% like that security patches are well-documented • 55% like being able to use well-tested open source code in their applications • 51% value that vulnerability patches are made available quickly • 44% appreciate that there are more people reviewing and testing the open-source code • 38% like being able to audit the code, which isn’t something they’d have access to if purchasing a proprietary solution. According to Haff, when they started the survey four years ago, the number one benefit of enterprise open source was lower cost of ownership, but steadily over time attributes like security and high-quality software topped the list of benefits. “I think in general, people are just seeing that open source and enterprise open source is just better software than proprietary,” said Haff. However, Haff did emphasize that security is still the responsibility of the company, not the software provider. Even though these enterprise opensource vendors might be providing quick patches to vulnerabilities, the companies still need to have the processes in place to apply those patches and also to know what software they have in their stack.
Companies still need in-house skills OpenLogic’s 2022 State of Open Source report found that 41% of respondents struggle to keep up with patches on open-source infrastructure projects. According to Perez, a reason for this is not that companies don’t have
enough people on staff to manage this, but that the people they do have are inexperienced. “[In the report] we also ask what were some of the barriers or concerns for you to adopt more open-source technologies? And the number one answer was the lack of access to skills, the expertise or the proficiency to do so,” said Perez. “Many people want to, for example, make more use of cloud native, more use of containers, more use of Kubernetes. And, they don’t do it just because they don't have the skills, or don't have the people with the proficiency and expertise to do it.” Buying commercial software doesn’t
much more important. And that's a fact. I mean, there are 1000s and 1000s of job openings right now for opensource skills.” Haff reemphasized this need for companies to still have in-house skills to take advantage of the frequent patches that an enterprise open-source vendor would provide. “They do need to have processes in place,” said Haff. “And even if they're buying enterprise open source software where there are patches made available rapidly, they still need to have the processes to apply those patches and to know what the software they have is out there. So you know, just because you're using enterprise open source, or for that matter, just because you're using Microsoft Windows, doesn't mean you can go ‘oh, my vendor is taking care of security for me and I don’t need to think about it.’ Obviously that's not the case.”
How to pick an enterprise open source vendor
‘People are just seeing that open source and enterprise open source is just better software than proprietary.’ —Red Hat technology evangelist Gordon Haff really solve this issue, according to Perez. Sure, a company might be able to pay a little extra to get additional services or consulting, but “the ability to have someone to call, someone to assist on the configuration, that’s the other piece,” said Perez. “One thing is just keeping up with the patches, but the other piece is how do you properly configure the software, especially at a larger scale? And when companies are scaling up they need more software infrastructure? How do they configure it? How do they architect that and that's where the need for skills becomes
The more popular projects likely have several different companies to choose from, with varying levels of support. Going back to the example of Kubernetes, there are fairly vanilla options for Kubernetes or there are options where things like monitoring, logging, CI/CD, distributed tracing, and other development tools are integrated into the platform, according to Haff. “So if you try and do it yourself, there's an awful lot of integration there. And really, Kubernetes itself is just the start of the story,” he said. Haff says there are two main questions to ask when looking at solutions. First, do you want to have it on premises? And why is that? The second question would be what sort of skills are there in-house? According to Haff, Red Hat finds that a lot of people who are struggling to adopt containers are struggling because of development staff or resources not being sufficient for their needs. “Ultimately, if you're going to be running Kubernetes clusters on prem, you're gonna need some level of SREs and other people that I know how to do that,” he said. z
Full Page Ads_SDT058.qxp_Layout 1 3/24/22 10:08 AM Page 15
16
SD Times
April 2022
www.sdtimes.com
Targgeting a key to BY JAKUB LEWKOWICZ
G
etting one’s hands on automated tests for the first time is like being given the keys to a Ferrari. And YouTube is chock-full of videos on what happens when someone gets too comfortable too soon in a Ferrari. Automated tests are fast, but only in the direction that you point them to. And having a lot of them can easily cause a traffic jam so it’s important to first make sure that they are applied in the right areas and in the right way. “What I want to achieve is not more and more tests. What I actually want is as few tests as I possibly can because that will minimize the maintenance effort, and still get the kind of risk coverage that I’m looking for,” said Gartner senior director Joachim Herschmann, who is on the App Design and Development team. To get started with automated testing, organizations need to first look at where their tests will deliver the most value to avoid test sprawl and to prevent high maintenance costs. “The warm, fuzzy feeling that you’ve got a thousand automated tests per week doesn’t really tell you anything from a risk perspective with risk-based testing,” said Arthur Hicken, the chief
evangelist at Parasoft. “So I think this kind of approach to doing value driven automation as to what’s got the most value and what kind of confidence we need, what kind of coverage we need is important.” Organizations need to factor in what it costs to create a test and what it costs to maintain a test because often the maintenance winds up costing a lot more than the creation. One must also factor in what it costs to execute a test in terms of time. With Big Bang releases a couple of times a year, creating tests is not such a big issue, but if a company is used to rolling out weekly updates such as with mobile apps it’s really critical to be able to narrow and focus the automation on exactly the right set of tests. With a value-driven test automation strategy, organizations can identify full-stack tests that only cover backend business logic and that can be tested more efficiently through APIlevel integration (or even unit) tests. They can also identify bottlenecks with dependencies that can be virtualized for more efficient testing and automation, according to Broadcom in a blog post. The testers might decide not to automate some tests that they thought were ideal for automation, because hav-
ing them performed by testers turns out to be more efficient.
Test at the API level One way to tackle the complexity that comes with automated testing is to test at the API level rather than the UI, according to Hicken. UI testing, which ensures that an application is performing the right way from the user perspective is notoriously brittle. “[UI testing] is certainly the easiest way to get started in the sense that it’s easy to look at a UI and understand what you need to do like start poking things, but at some point, that becomes very hard to continue,” Hicken said. “It’s hard to make boundary cases happen or to simulate error conditions. Also, fundamentally UI testing is the hardest to debug, because you have too much context and it’s the most brittle to maintain.” Meanwhile at the unit level, the automated tests are pretty fast to execute and create and are easy to understand and maintain. After unit testing, one can add the simplest functional tests that they have and then go and backfill with the UI. Now, they can make sure that actual business cases and user stories occur and they can implement these tests against the busi-
www.sdtimes.com
April 2022
SD Times
17
Buyers Guide
automated testinng ness logic to get the proper blend of testing, Hicken explained. “It’s not really that top down approach of if I see a system and automate that system, it’s actually now from a bottom up focus of well in which people are approaching automation at an enterprise scale and asking what’s the blueprint or pattern that we’re trying to do?,” Jonathon Wright, the chief technology evangelist of test automation at Keysight said. “It’s incredibly complex states and the devil’s in the details...they’re asking how do you test those things with realistic data rather than a happy path?” Wright explained that happy path testing just won’t cut it anymore because people are testing systems upstream and downstream with all the same kind of data and it all works out in the happy path kind of scenario. Even when people are doing contract testing where each one of the systems is tested end-to-end from an API perspective, people are just using one user with one account with one something and then, of course, it works. But this methodology misses the point, according to Wright. “Because people are testing in isolation, they’re also testing their shim or stub or their service virtualization comcontinued on page 18 >
AI can help with test creation and maintenance The introduction of AI and ML assisting into automated testing makes it easier to shift quality left by providing earlier defect remediation and reducing risk for deliveries. By collecting and incorporating test data, machine learning can effectively update and interpret certain software metrics that show the state of the application under test. Machine learning can also quickly gather information from large amounts of data and point developers or testers right to the performance problem. AI is also excellent at finding those one-in-a-million anomalies which testers might just not catch, according to Jonathon Wright, chief technology evangelist at testing company Keysight. In the blog, “What is Artificial Intelligence in Software Testing?,” Igor Kirilenko, Parasoft’s VP of Development, explains that these AI capabilities “can review the current state of test status, recent code changes, code coverage, and other metrics, decide which tests to run, and then run them,” while machine learning (ML) “can augment the AI by applying algorithms that allow the tool to improve automatically by collecting the copious amounts of data produced by testing.” By 2025, 70% of enterprises will have implemented an active use of AI-augmented testing, up from 5% in 2021, according to Gartner’s “Market Guide for AI-Augmented Software testing Tools.” Also by 2025, organizations that ignore the opportunity to utilize AI-augmented testing will spend twice as much effort on testing and defect remediation compared with their competitors that take advantage of AI. AI-augmented software testing tools can provide capabilities for test case and test data generation, test suite optimization and coverage detection, test efficacy and robustness, and much more. “AI can change the game here, because even in the decades that we've had test automation tools, there's very little that it offered you regarding any guidance like how do I determine the test cases that I need?” Herschmann said. z
016-23_SDT058.qxp_Layout 1 3/28/22 5:12 PM Page 18
18
SD Times
April 2022
www.sdtimes.com
< continued from page 17
ponent using Wireshark, so that they’re not actually testing against the real API. So they exclude a lot of things by just locking them out,” Wright added.
Focus on real-user interactions A good way to set up automated tests is to focus on how real users are interact-
ing with the systems and how the behavior of those systems are being used. “It’s quite scary, because obviously, its perception of what the system does, but actually what the system is doing in the live environment and how the customers are using it. But you kind of assume that they’re going to use it in a
particular way, when actually the behavior will change. And that will change weekly and monthly,” Wright said. That’s why testers can set up a digital twin of the system as it currently is, and then overlay that with what they thought the system was based on. continued on page 23 >
How does your company help organizations with automated testing? Matt Klassen, CMO at Parasoft Quality continues to be the primary metric for measuring the success of software deliveries. With the continued pressure to release software faster and with fewer defects, it’s not just about speed — it's about delivering quality at speed. Managers must ask themselves if they are confident in the quality of the applications being delivered by their teams. Continuous quality is a must for every organization to efficiently reduce the risk of costly operational outages and to accelerate time-to-market. Parasoft’s automated software testing solutions integrate quality into the software delivery process for early prevention, detection, and remediation of defects. From deep code analysis for security and reliability, through unit, API, and UI test automation, to performance testing and service virtualization, Parasoft helps you build quality into your software development process. Parasoft leverages our deep understanding of DevOps to develop AI-enhanced technologies and strategies that solve complex software problems. Our testing solutions reduce the time, effort, and cost of delivering secure, reliable, and compliant software. With over 30 years of making testing easier for our customers, we have the innovation you need and the experience you trust. Our extensive continuous quality solution spans every testing need and enables you to deliver with confidence.
Jonathon Wright, the Chief Technology Evangelist, Test Automation at Keysight Artificial Intelligence (AI) makes the process of designing, developing, and deploying software faster, better and cheaper. AI-powered tools enable project managers, business analysts, software coders and testers to be more productive and effective, allowing them to produce higher-quality software faster and at a lower cost. At Keysight, our Eggplant intelligent automation platform allows citizen developers to easily use our no-code solution that draws on AI, machine learning, deep learning and analytics to automate test execution across the entire testing process. It empowers and enables domain experts to be automation engineers. The AI and ML take on scriptwriting and maintenance as a machine can create and execute thousands of tests in min-
utes, unlike a human tester. Keysight's intelligent automation platform is a completely non-invasive testing tool, ensuring comprehensive test coverage without ever touching the source code or installing anything on the system-under-test (SUT). The technology sits outside of the application and reports on performance issues, bugs and other errors without the need to understand the underlying technology stack. AI-powered automation can test any technology on any device, operating system or browser at any layer, from the UI to APIs to the database. This includes everything from the most modern, highly dynamic website to legacy back-office systems to point of sale, as well as command and control systems.
Gev Hovsepyan, the head of product at mabl Software development teams are realizing that automated testing is key to accelerating product velocity and reaching the full potential of DevOps. When fully integrated into a company’s development pipeline, testing becomes an early alert system for short-term defects as well as long-term performance issues that could hurt the user experience. The key to realizing this potential: simple test creation and rich, accessible reporting features. Mabl is low-code, intelligent test software that allows everyone, regardless of coding experience, to create automated tests spanning web UIs, APIs, and mobile browsers with 80% less effort. Using machine learning and AI, features like auto-healing and Intelligent Wait help teams create more reliable tests and reduce overall test maintenance. Results from every test are tracked within mabl’s comprehensive suite of reporting features, making it easy to understand product quality trends. With test creation simplified and quality data at their fingertips, everyone can focus on resolving defects quickly and improving product quality. Mabl also includes native integrations with tools like Microsoft Teams, Slack, and Jira, so that testing information can be seamlessly integrated into workflows and everyone can benefit from mabl’s rich diagnostic data. These reporting features include immediate test results as well as long-term product trends so that quality engineering teams can support faster bug resolution and monitor their product’s overall performance and functionality. z
Full Page Ads_SDT058.qxp_Layout 1 3/24/22 10:07 AM Page 19
20
SD Times
April 2022
www.sdtimes.com
A guide to automated testing tools n
FEATURED PROVIDERS n
n Keysight Technologies Eggplant: Keysight Technologies Eggplant Digital Automation Intelligence (DAI) platform is the first AI-driven test automation solution with unique capabilities that make the testing process faster and easier. With DAI, you can automate 95% of activities, including test-case design, test execution, and results analysis. This enables teams to rapidly accelerate testing, improve the quality of software and integrate with DevOps at speed. The intelligent automation reduces time to market and ensures a consistent experience across all devices. n mabl: mabl is the enterprise SaaS leader of intelligent, low-code test automation that empowers high-velocity software teams to embed automated end-to-end tests into the entire development lifecycle. Customer-centric brands rely on mabl’s unified platform for creating, managing, and running automated tests that result in faster delivery of high-quality, business critical applications. Learn more at https://www.mabl.com; follow @mablhq on Twitter and @mabl on LinkedIn. n Parasoft: Parasoft helps organizations continuously deliver quality software with its market-proven automated software testing solutions. Parasoft’s AIenhanced technologies reduce the time, effort, and cost of delivering secure, reliable, and compliant software with everything from deep code analysis and unit testing to web UI and API testing, plus service virtualization and merged code coverage. Bringing all this together, Parasoft’s award-winning reporting and analytics dashboard delivers a centralized view of application quality, enabling organizations to deliver with confidence.
n Appvance is the inventor of AI-driven autonomous testing, which is revolutionizing the $120B software QA industry. The company’s patented platform, Appvance IQ, can generate its own tests, surfacing critical bugs in minutes with limited human involvement in web and mobile applications.
n HPE Software’s automated testing solutions simplify software testing within fast-moving agile teams and for continuous integration scenarios. Integrated with DevOps tools and ALM solutions, HPE automated testing solutions keep quality at the center of today’s modern applications and hybrid infrastructures.
n Applitools: Applitools is built to test all the elements that appear on a screen with just one line of code. Using Visual AI, you can automatically verify that your web or mobile app functions and appears correctly across all devices, all browsers and all screen sizes. Applitools automatically validates the look and feel and user experience of your apps and sites.
n IBM: Quality is essential and the combination of automated testing and service virtualization from IBM Rational Test Workbench allows teams to assess their software throughout their delivery life cycle. IBM has a market leading solution for the continuous testing of end-to-end scenarios covering mobile, cloud, cognitive, mainframe and more.
n Digital.ai Continuous Testing (formerly Experitest) enables organizations to reduce risk and provide their customers satisfying, error-free experiences — across all devices and browsers. Digital.ai Continuous Testing provides expansive test coverage across 2,000+ real mobile devices and web browsers, and seamlessly integrates with best-in-class tools throughout the DevOps/DevSecOps pipeline.
n Micro Focus: Accelerate test automation with one intelligent functional testing tool for web, mobile, API and enterprise apps. AI-powered intelligent test automation reduces functional test creation time and maintenance while boosting test coverage and resiliency. n Mobile Labs (acquired by Kobiton) Its patented GigaFox is offered on-premises or
hosted, and solves mobile device sharing and management challenges during development, debugging, manual testing, and automated testing. A pre-installed and preconfigured Appium server provides “instant on” Appium test automation. n NowSecure identifies the broadest array of security threats, compliance gaps and privacy issues in custom-developed, commercial, and business-critical mobile apps. NowSecure customers can choose automated software on-premises or in the cloud, expert professional penetration testing and managed services, or a combination of all as needed. n Orasi is a leading provider of software testing services, utilizing test management, test automation, enterprise testing, Continuous Delivery, monitoring, and mobile testing technology. n Perfecto: Users can pair their favorite frameworks with Perfecto to automate advanced testing capabilities, like GPS, device conditions, audio injection, and more. It also includes full integration into the CI/CD pipeline, continuous testing improves efficiencies across all of DevOps. n ProdPerfect: ProdPerfect is an autonomous, end-to-end (E2E) regression testing solution that continuously identifies, builds and evolves E2E test suites via data-driven, machine-led analysis of live user behavior data. It addresses critical test coverage gaps, eliminates long test suite runtimes and costly bugs in production, and removes the QA burden that consumes massive engineering resources. n Progress: Telerik Test Studio is a test automation solution that helps teams be more efficient in functional, performance and load testing, improving test coverage and reducing the number of bugs that slip into production. n Sauce Labs provides the world’s largest cloud-based platform for automated testing of web and mobile applications. Optimized for use in CI and CD environments, and built with an emphasis on security, reliability and scalability, users can run tests continued on page 23 >
Full Page Ads_SDT058.qxp_Layout 1 3/30/22 7:58 AM Page 21
Full Page Ads_SDT058.qxp_Layout 1 3/24/22 10:07 AM Page 22
Intelligent Test Automation TODAY, software development teams across the globe are facing the challenge of delivering high-quality web applications while keeping pace with business and customer demands. The risk of releasing bugs into production, impeded product velocity, and a diminished customer experience is too great. Built for high-velocity teams, mabl is the leading intelligent, low-code test automation solution. Mabl’s SaaS solution tightly integrates automated end-to-end testing into the entire development lifecycle. That way, test creation, execution, and maintenance across browsers, APIs, and mobile web tests is easier and accelerates the delivery of high-quality, businesscritical applications.
Contribute to quality and velocity with easy test creation
Reduce maintenance with reliable execution and insights
Increase test coverage across devices and browsers
Integrate testing directly into your development pipeline
90%
3x
40%
Avg. increase in test coverage
Faster test creation
Fewer bugs in production
START YOUR FREE TRIAL:
mabl.com/trial-registration
www.sdtimes.com
< continued from page 18
“There’s a different type of behavior mapping; it’s learning from the right hand side this kind of shift right to inform the shift left blueprint model of the system which I think actually helps accelerate everything because you don’t need to create an activity,” Wright added. “You can create it all from real users. You just take their exact journey and then within a matter of minutes, we can actually generate all the automation artifacts with it.” Teams must then slice the user journeys into smaller, more meaningful pieces and automate against those smaller journeys without going too deep. It’s important that they can automate every clique and not merge too many user journeys together in a single test resulting in multiple hundred step tests, according to Gev Hovsepyan, the head of product at mabl. That initial setup of the environment proves to be an interesting discussion between quality engineers and software engineers and in the organization as a whole. “I think that initial configuration, especially when onboarding the test automation platform, becomes an important discussion point, because the way you set it up, is going to define how scalable that approach is,” Hovsepyan said.
The role of service virtualization The key to unlocking continuous testing is having an available, stable, and controllable test environment. Service virtualization makes it possible to simulate a wide range of constraints in test environments, whether due to unavailability or uncontrollable dependencies. The behaviors of various components are mimicked with mock responses that can provide an environment almost identical to a live setting. “Service virtualization is an automation tester’s best friend. It can help to resolve roadblocks and allow teams to focus on the tests themselves instead of
worrying about whether or not they can get access to a certain environment or third party service,” Amit Bhoraniya, the technical lead at Infostretch wrote in a blog post. Organizations can also prevent having too many automated tests by having a unified platform and by ensuring quality earlier on in the pipeline. Companies are looking for an approach that not only helps them with functional testing, but helps them with non-functional testing and scaling across different teams on a single platform, and having visibility across the quality of their product across different teams across different testing domains, according to mabl’s Hovsepyan. A unified approach helps because the responsibilities for testing and quality assurance are often shared within an organization, and that varies based on their DevOps maturity. At more mature organizations in terms of DevOps adoption, there is often a center of excellence of quality engineering, where they deploy the practices and then everyone in the organization participates in assuring the quality, including engineers, or developers. Organizations that are still somewhere early or in the middle of their journey of DevOps adoption have a significant amount of ownership of quality assurance and quality automation at the team level. And these teams have added quality engineers, and they are responsible for ensuring the quality through automation as well as for manual testing. This collaborative effort to test automation can help ensure that the developers and testers both know how these tests should be created and maintained. “Test automation is one of those things that when it’s done it’s a huge enabler and can really give your business a boost,’ Hicken said. “And when it’s done wrong, it’s an absolute nightmare.” z
April 2022
SD Times
A guide to automated testing tools < continued from page 20 written in any language or framework using Selenium or Appium. n SmartBear tools are built to streamline your process while seamlessly working with your existing products. Whether it’s TestComplete, Swagger, Cucumber, ReadyAPI, Zephyr, or one of our other tools, we span test automation, API life cycle, collaboration, performance testing, test management, and more. n Synopsys: A powerful and highly configurable test automation flow provides seamless integration of all Synopsys TestMAX capabilities. Early validation of complex DFT logic is supported through full RTL integration while maintaining physical, timing and power awareness through direct links into the Synopsys Fusion Design Platform. n SOASTA’s Digital Performance Management (DPM) Platform enables measurement, testing and improvement of digital performance. It includes five technologies: TouchTest mobile functional test automation; mPulse real user monitoring (RUM); the CloudTest platform for continuous load testing; Digital Operation Center (DOC) for a unified view of contextual intelligence accessible from any device; and Data Science Workbench, simplifying analysis of current and historical web and mobile user performance data. n testRigor supports “plain English” language that allows users to describe how to find elements on the screen and what to do with those elements from the end user’s perspective. testRigor helps teams deploy their analytics library in production that will make systems automatically produce tests reflecting the most frequently used end-to-end flows from production. n Tricentis Tosca, the #1 continuous test automation platform, accelerates testing with a script-less, AI-based, no-code approach for end-to-end test automation. With support for over 160+ technologies and enterprise applications, Tosca provides resilient test automation for any use case. z
23
024_SDT058.qxp_Layout 1 3/28/22 11:19 AM Page 24
24
SD Times
April 2022
www.sdtimes.com
Guest View BY IRINA LUNIN
Insights from business process analytics Irina Lunin is the vice president of Research and Development at Blueprint Software Systems.
L
inking a better understanding of business processes to reduced costs and improved efficiency may not be new, but the concept has attracted renewed interest in the aftermath of COVID-19 and its repercussions on the labor market. Since spring 2021, some 33 million Americans have quit their jobs. Businesses have been left to deal with yet another challenge as experienced employees have opted to walk out the door, often taking with them the institutional knowledge about how work gets done and how that work is linked to the company’s higher-level business objectives. It has also left those same businesses struggling to train new employees since their deeper understanding of business processes existed only in the minds of those now-departed employees. This potential recipe for disaster is at the heart of the renewed interest so many companies are showing in business processes and, more specifically, business process analysis (BPA), a discipline that focuses on documenting and analyzing business processes to make them better, and improve efficiency and value delivery. More holistic than the slightly outdated business process management approach, BPA relies on data to find business processes and identify ways to optimize them through alignment with the organization’s business objectives and goals. Doing so allows BPA to continuously reduce costs, increase efficiency, and drive higher value by identifying which processes contribute to that, which don’t, and what changes can be made to rectify misaligned or poor processes. Properly implemented, BPA can generate a wide range of benefits, from increasing time-to-value for product applications and identifying capacity limits and potential improvements — an essential consideration for scaling — to exposing labor redundancies, communications gaps, and compliance issues. Just as important in the face of labor shortages, BPA and the subsequent automation it is likely to bring about will mitigate the impact of high employee turnover. By shifting the dependency of mechanical process execution from the worker to an always-on automation, businesses can protect themselves from employee departures and keep
Most businesses have thousands of processes where waste, inefficiencies, and money being lost are hidden.
that process knowledge in-house. Further, BPA breathes new life into the company culture, generating an improved employee experience and better engagement for internal processes. This is particularly important in accommodating the needs of many younger employees, who want to be involved in engaging, mission-critical work. While most current BPA solutions allow businesses to mine event logs and identify the steps involved in a process such as customer engagement, few offer the context which enables the user to determine where there are downturns, blocks, or unexpectedly low conversions. Similarly, most fail to show how those steps are related to ongoing customer relations, retention, attrition, and other processes related to the customer journey. As a result, related processes cannot be analyzed and improvements that will optimize all customerrelated activities are unable to be made. All of this suggests that from a technical perspective, contextual capabilities are among the enhancements most likely to be included in BPA in the not-too-distant future. Doing so will elicit even more intelligence which, in turn, will allow for more insight with respect to an organization’s processes and how they relate to each other. Look too for BPA to add the simulation and analysis capabilities to show where an organization’s processes can be improved in order to drive greater efficiencies and higher quality, while reducing costs. No-code/low-code platforms that use visual development environments featuring drag-and-drop and pre-made elements also seem likely to gain prominence in the near-term. In the face of mounting challenges and a dynamic and increasingly global business landscape, the question facing most companies with regard to implementing BPA shouldn’t be when or why, but how soon. Most businesses have thousands of processes where waste, inefficiencies, and money being lost are hidden. They are, in short, struggling to understand how their businesses operate, often in the face of seeing vital institutional knowledge walk out the door when key employees quit. BPA is the vehicle which enables that understanding to happen and with it, the ability to make better business decisions which reduce costs, increase efficiency, and maintain competitiveness. z
025_SDT058.qxp_Layout 1 3/28/22 5:12 PM Page 25
www.sdtimes.com
April 2022
SD Times
Analyst View BY ROB ENDERLE
Anticipating the 6G revolution M
arch was NVIDIA’s GTC (GPU Technology Conference), and it remains my favorite show of the year. This is because NVIDIA does far more than most in imagining what the future world will look like after deploying their latest technology. In a world of events that focus on speeds and feeds, NVIDIA focuses on why I should care, which is an important aspect of any new technology presentation. One interesting surprise this year was Jensen Huang, NVIDIA’s CEO, speaking about 2026 as not only the year when electric cars would get NVIDIA’s most advanced autonomous driving technology, but the year 6G will be announced. Talking about 6G before we are even done deploying 5G would seem premature, but NVIDIA’s timeline and Qualcomm’s timeline for this technology are in agreement. While Qualcomm is likely a more reliable source for timing on smartphones, since the two agree, I think we can take 2026 to the bank, at least for now, on when we will need to have 6G phones in market. Let us talk about some of the interesting advancements that will make 5G phones obsolete when 6G becomes broadly available.
AI in everything NVIDIA is an end-to-end supplier now. It doesn’t have the client side of this solution, but it’s working with partners on 6G tower technology. NVIDIA is positioning its market-leading AI technology against what will be a significant traffic management problem with 6G. It is anticipated that, like 5G was, 6G will result in greater bandwidth and improved security. It also anticipates that penetration will be better, allowing 6G phones to better function in buildings and tunnels, and that the server back-end these phones will be connected to will be far more robust.
Additional functionality Coming with this broad use of AI in the 6G timeframe are several things that could show up even earlier. One is an enhanced digital assistant that will make today’s offerings from Google and Apple seem stupid by comparison. This future digital assistant could speak to you in a variety of voices, which could include the voice of a celebrity or even a family member. (Personally, I would avoid using a
boyfriend or girlfriend because, should you break up, you might find the voice annoying, and they may not appreciate you continuing to use it, anyway). These AIs will not only be able to answer complex questions but, using eye tracking, can tell you what you are looking at. For instance, implemented in your car, or with eye tracking glasses, you could just say “what is that” and the AI will know what you are looking at and provide any available information that it can find in the cloud on that item or location. Features that currently exist in some phones, like the automatic ability to call for help if you are in an accident or fall, will be enhanced by an AI that can initially query you about your problem or even activate a camera that automatically captures the event for later insurance or police use depending on where the camera is. And NVIDIA made a big deal about two coming features. One is the ability to create a photorealistic avatar that can speak a variety of languages while appearing like you are speaking to them, and when using video, lip sync what you are saying to the image. Oh, and that image can look like you on your best day, so if you get a video call in the middle of the night, you may sound sleepy, but you will appear as if you were dressed for the call. And finally, the technology will include digital employees that can participate on your collaboration team and potentially represent you in meetings taking notes and making measured replies so that the folks on the other end of the call think they are talking to you. This last will introduce some interesting issues on who owns the virtual you. For instance, what would the company do with it if you quit or die? You might think you have plenty of time, but if you wait until 2026, it’ll be too late. Best to start planning for what will likely not only be a 6G revolution in terms of connection, but in terms of what you can do with the phone and even what it looks like (you’ll need a head-mounted display for eye tracking for instance). The only thing that is clear right now is that 6G should be a vastly more disruptive change than 5G was but, by any measure of performance and capability, it should be worth it. z
Rob Enderle is a principal analyst at the Enderle Group.
It is anticipated that, like 5G was, 6G will result in greater bandwidth and improved security.
25
026_SDT058.qxp_Layout 1 3/28/22 5:50 PM Page 26
26
SD Times
April 2022
www.sdtimes.com
Guest View BY VIJOY PANDEY
The case for full-stack observability Vijoy Pandey is VP of Emerging Technologies and Incubations (ET&I) at Cisco.
T
he application-first digital economy and future of work slowly taking shape over the past few years got a jolt of adrenaline in March of 2020. Before the pandemic, 50 percent of companies polled by the World Economic Forum expected that software, automation and AI would lead to some significant reskilling of their workforce as well as some reductions. COVID-19 significantly accelerated and exacerbated this, profoundly impacting software developers.
The application is the new brand The business agility and quality of digital experience provided by modern applications has led to the latest industry mantra: the application experience is the new brand. This application experience demands a faster cadence of features and functions, consistent availability, enhanced application performance, and paramount trust and security around the data being handled by the application. AppDynamics’ App Attention Index shows brands have one shot to deliver the ‘total application experience.’ At the heart of providing this application experience is the developer, who is now tasked to deliver these apps and features faster, with higher availability and better security than ever before. In this distributed modern application development environment, being able to observe your applications end-to-end and top-to-bottom is critical to providing better customer experience, application availability and performance. This visibility is also key to driving down mean time to resolution (MTTR) on failures, and monitoring KPIs on how the business is doing. This is known as full-stack observability. Full-stack observability allows any persona — developer, SRE, product, customer success, or business lead — to answer the questions of “What Happened?” “Where did it happen?” “Why did it happen?” and “Can it happen in the future?”
At the heart of providing this application experience is the developer.
Alice, and her rendezvous with full-stack observability Alice is a developer in the mobile banking app team at New Bank, Inc. Two months into the pan-
demic her product manager asked her to develop a new feature for the New Bank mobile app: Contactless Cash Withdrawal. The customer experience was quite simple, but the development experience was anything but. Alice had to start with mobile (say iOS) APIs, as that’s where her customers interacted with the app. Her entire back end was in AWS, so she had to select her AWS services carefully, while customer data was accessible via Salesforce SaaS APIs. Her bank’s transactional back ends existed on-premises on bare metal servers over a monolithic database whose APIs provided a global and account-level consistency picture, while her branch ATM’s edge compute nodes had a different set of APIs to manage geo-local cash consistency. There were other SaaS APIs to manage location, identity, compliance, etc. A month after production deployment, the customer success team starts getting an increased number of calls around the contactless cash withdrawal feature taking too much time in spitting out the cash at various ATMs. Simultaneously, using a full-stack observability solution, the business metrics team witnesses increased transaction delays in the Digital Endpoint Monitoring (DEM) dashboard for the mobile banking app. Alice and her fellow developers and SREs start invoking code using the full-stack observability APIs that uniformly queries and correlates relevant events across the Data Platform, which includes Metrics, Logs and Traces from every API, app, service, and infrastructure (HW or SW) component outlined in the distributed development environment above. After a few quick debugging cycles, they noticed that the latency between a service in AWS US-East and their on-premises software stack had been steadily increasing over the past hour. Using any capable monitoring tool, one could easily jump to the conclusion that this could be a network problem. But using full-stack observability, they could find out that a few memory (RAM) banks on their on-premises database server had failed. This was causing that database server to queue up incoming requests, which in turn was driving up the service layer latency between the AWS service and their on-premises software stack. z
Full Page Ads_SDT053.qxp_Layout 1 10/27/21 11:41 AM Page 24
The latest news, n news analysis and commentary delivvered to your inbox!
• Reports on the newest technologies affecting enterprise deve developers elopers • Insights into thee practices and innovations reshaping softw ware development • News from softtware providers, industry consortia, open n source projects and more m
Read SD Tim mes Daily to keep up with everything happening in the software devvelopment industry. SUB BSCRIBE TODA AY! Y!
SubscriptionAd_2018.qxp_Layout 1 1/28/22 10:56 AM Page 1
Discovery. Insight. Understanding. SD Times subscriptions are FREE!
SD Times offers in-depth features on the newest technologies, practices, and innovations affecting enterprise developers today — Containers, Microservices, DevOps, IoT, Artificial Intelligence, Machine Learning, Big Data and more. Find the latest news from software providers, industry consortia, open source projects and research institutions. Subscribe TODAY to keep up with everything happening in the ever-changing world of software development! Available in two formats — print or digital.
Sign up for FREE today at www.sdtimes.com.
