SDT100_cover_Layout 1 7/20/17 4:32 PM Page 1
SD TIMES 100
THEY’VE ARRIVED.
A SUPPLEMENT TO
AUGUST 2017
DIAMOND SPONSOR
PLATINUM SPONSOR
SDT02 page 30_WirelessDC Ad.qxd 7/20/17 3:35 PM Page 1
DON’T MISS A SINGLE ISSUE! Renew your FREE subscription to SD Times!
Take a moment to visit sdtimes.com. Subscribing today means you won’t miss in-depth features on the newest technologies affecting enterprise developers — IoT, Artificial Intelligence, Machine Learning and Big Data. SD Times offers insights into the practices and innovations reshaping software development such as containers, microservices, DevOps and more. Find the latest news from the software providers, industry consortia, open source projects and research institutions. Available in two formats — print or e-mail with a link to download the PDF. Subscribe today to keep up with everything happening in the software development industry!
Sign up for FREE today at www.sdtimes.com.
SDT100_p3_Layout 1 7/20/17 4:29 PM Page 3
SD TIMES 100
THEY’VE ARRIVED.
CONTENTS SD TIMES 100 LEADERS Synopsys Ensures Software Integrity .............................................7 Diamond Sponsor
HPE ALM Octane Fuels Enterprise DevOps.......................11 Platinum Sponsor
BY DAVID RUBINSTEIN
ALM & DEVELOPMENT TOOLS Sparx Systems Fuels Collaboration ..............................15 Gold Sponsor
It takes something special, something unique, to make a mark in this world. Elegance (of code).
TESTING
Style (of programming). (End-to-end) Richness.
Parasoft Helps Teams Perfect Software .........................17
This year’s SD Times 100 honors those companies, consortia and projects that have put their
Gold Sponsor
stamps on the industry through innovation, leadership and — dare we say it — panache! Some of the honorees are classics, like a fine
APIS, LIBRARIES & FRAMEWORKS
timepiece. Others are just bursting onto the scene,
Aspose Dominates Document File APIs .....................19
from new designers, architects and engineers.
Gold Sponsor
One thing they have in common, though, is that their work is valued by others in the industry, vault-
USER EXPERIENCE
ing them onto this coveted list. They are talked
Text Control Simplifies Reporting ...21
about, they are desired and they are respected.
Gold Sponsor
Our industry does not stand still, and that is reflected in this year’s selections. We’ve added a category — IT Ops — to reflect the industry’s tearing down of the final wall that siloed developers from QA and deployment. We’ve split testing from performance and security, as the latter issues have become front and center in our
IT OPS Fugue Democratizes IT Environments............................22 Silver Sponsor
DeployHub Agentless Continuous Deployment .............23 Silver Sponsor
ever-more interconnected lives. Let us know what you think of this year’s list by joining the conversation on Twitter at #2017sdtimes100/. EDITOR-IN-CHIEF David Rubinstein ART DIRECTOR Mara Leonardi LEAD WRITER Lisa Morgan
PRESIDENT & CEO David Lyman CHIEF OPERATING OFFICER David Rubinstein D2 EMERGE LLC 225 Broadhollow Road Suite 211 Melville, NY 11747 www.d2emerge.com
SDT100_p4,5_Layout 1 7/20/17 4:15 PM Page 4
THE 2017 SD TIMES 100 ALM & DEVELOPMENT TOOLS Altova CollabNet JetBrains JFrog Micro Focus OutSystems Sparx Systems TechExcel VersionOne ZeroTurnaround
DATABASE & DATABASE MANAGEMENT Couchbase DataStax Melissa MongoDB Neo Technology Oracle PostgreSQL Progress Redgate Software
APIS, LIBRARIES & FRAMEWORKS /n software Accusoft Amyuni Aspose Atalasoft CData Software Isomorphic Software LEAD Technologies Meteor MuleSoft NodeSource SmartBear Software TIBCO Software Zend
THE CLOUD Amazon Google IBM Microsoft Rackspace
BIG DATA
AND
ANALYTICS
Cask Cloudera Confluent Databricks Hortonworks MapR Revulytics Splunk Talend
DEVOPS Ansible Atlassian CA Technologies CloudBees Electric Cloud HashiCorp Hewlett Packard Enterprise OpenMake Software Tasktop XebiaLabs
SDT100_p4,5_Layout 1 7/20/17 4:15 PM Page 5
IT OPS
TESTING
INFLUENCERS
Chef Citrix CoreOS Dell EMC Docker Fugue Puppet Rancher Labs Red Hat VMware
Applause LogiGear Mobile Labs Parasoft QASymphony Rogue Wave Software Sauce Labs TestPlant Tricentis
Apple Facebook Google IBM Intel Microsoft GitHub Netflix Red Hat Slack The Linux Foundation
USER EXPERIENCE SECURITY & PERFORMANCE AppDynamics Black Duck Software Dynatrace Neotys New Relic Rainforest QA Synopsys SOASTA Veracode
DevExpress GrapeCity Infragistics Kony Sencha Syncfusion Text Control Xceed
SDT100_Ads_Layout 1 7/20/17 4:11 PM Page 6
SDT100_Synopsys_Layout 1 7/20/17 4:53 PM Page 7
SD TIMES 100 LEADERS
SYNOPSYS ENSURES SOFTWARE INTEGRITY mid emerging cybersecurity threats and a rapidly changing technology landscape, developers alone can’t ensure the delivery of secure, high-quality software. Software integrity is a journey that must be addressed at the organizational level with a combination of people, processes, and tools. Synopsys specializes in helping companies navigate that journey by building security and quality into the software delivery supply chain while improving productivity. “Everything is changing and a lot of it is falling on developers’ shoulders,” said Sammy Migues, principal scientist at Synopsys. “Most developers aren’t security experts, so part of our mission is to make them security-proficient and more productive in the least disruptive way.” Developers need organizational support to effectively integrate software integrity across an entire application portfolio. This involves enabling developers with the appropriate tools and workflows, but it also requires support and participation management that spans from the engineering department to the C-suite. To achieve this, companies are using the Synopsys Software Integrity Platform, which integrates industry-leading products, managed services, professional services, and program design and development so organizations can plan, build, and execute effective software integrity processes. Synopsys is among the 2017 SD Times 100 for its excellence in the Security and Performance category.
A
ENABLING
THE
DEVELOPER
Synopsys’ in-IDE developer tools identify bugs as a developer is coding. They also provide contextual information about what the bug is and how to fix it so developers can be more productive and learn how to build secure, high-quality products over time. “Early detection or prevention is a big deal, because fixing a bug late in the cycle is very expensive and it consumes a lot of a developer’s time,” said Migues. “If we save developers’ time, we save the company money.” Synopsys’ static application security testing and software composition analysis tools are complemented by intelligent fuzz testing, interactive application security testing, dynamic application security testing, mobile application security testing, and automated test optimization solutions. “Static analysis, fuzz testing, and software composition analysis ensure developers are aware of the risk introduced by their code and the code they’re using from other sources,” said Migues. “That awareness enables everyone to prioritize efforts that make applications more secure over time.”
EFFECTIVE ENGINEERING MANAGEMENT Engineering management must be part of the software integrity process. Synopsys reduces process friction at the engineering management level so software integrity can be efficiently improved across the entire portfolio. “Engineering managers can customize and analyze the output of our tools, the types of bugs we report, the lan-
guage we use, and the way we set severities. That way, they can identify and remove obstacles to productivity across applications,” said Migues. “Our SAST, DAST, and IAST tools integrate directly into CI/CD or Agile environments so engineering managers can enable processes that are tuned to any development cadence.”
CxOS CAN ENSURE POLICY ADHERENCE Cybersecurity has become a Board-level issue. Directors are issuing mandates and directives to ensure that executives address cybersecurity. To do that, CxOs must establish a governance structure — a software security initiative — that ensures alignment among the C-suite, engineering management, and development teams. “If you’re not addressing cybersecurity proactively, you’ve increased the risk of a successful attack or regulatory penalties,” said Migues. “We have a series of management consulting offerings that help CISOs and other executives build software security “Everything is changing and a lot of it is falling on developers’ shoulders.” —Sammy Migues
and quality programs to manage that risk. Those offerings provide foundational policies and standards, create metrics, establish vendor supply chain control, and define a secure SDLC with engineering managers, who can get the resources they need to enable developer success.” Better still, the flow of information is bi-directional. Synopsys ensures developers can make tool and resource requests that can be reviewed in the context of the company’s software security initiatives. “It really doesn’t matter whether you want to start at the CxO, engineering management, or developer level. We have value propositions for all of those individuals so you can build a program that ensures success,” said Migues. “If you want to start with a single tool, CI/CD tooling for automation, or build an entire software security and quality program, we’ll partner with you to ensure your success. Throughout the whole process, we’ll ensure you’re putting into production high integrity software that meets the software quality and security requirements of your market.” Synopsys is the only company to address the full spectrum of software security and quality requirements from the Boardroom to bits. “We’ve helped hundreds of organizations change the way they approach this,” said Migues. “Executives, management, and engineering can finally get on the same page about what an MVP is with respect to quality and security, not just features. Increased software delivery speed is a good thing, but it doesn’t help companies improve software security. You must get corporate and engineering working together. We do that.” Learn more at www.synopsys.com/software. G AUGUST 2017 7
SDT100_Ads_Layout 1 7/20/17 4:12 PM Page 8
7 things every software security program needs for a successful journey
A successful software security journey is an exercise in endurance. As you travel you’ll DWKNF UVTGPIVJ CPF UMKNNU VJCV OCMG VJG RTQEGUU OQTG UVTGCONKPGF CPF GHƒ EKGPV If you make, manage, or purchase software, you need to address software security. Prepare for the adventure by making sure you have the right things in your pack.
1. A Map (aka Software Security Initiative) Identify your starting position and plot your course. Know the compliance requirements and business impact of the applications in your portfolio so you can prioritize them. Make sure you understand how different CRRNKECVKQPU CPF CTEJKVGEVWTGU ƒ V VQIGVJGT CPF UJCTG UGEWTKV[ EQPVTQNU
2. A Team (aka Software Security Group) The fastest way to become a strong hiker is to go with a group. An internal Software Security Group sets standards and policies and serves as a resource for your organization. External security experts can ensure you’re headed in the right direction and motivate you to go the distance.
SDT100_Ads_Layout 1 7/20/17 4:25 PM Page 9
3. Strong Partnerships (aka Software Security Satellites) If you have reluctant partners on the trail, they’ll drag down your efforts. Make sure you build relationships with development leaders and product owners inside your organization. Incorporate their workflow requirements so that building security into your software development lifecycle accelerates development – instead of hindering it.
4. Layers You Can Easily Add On – Or Take Off (aka Managed Services) Quick surveys such as online assessments are a great way to launch your benchmarking strategy. They can give you an initial read on where you stand. Unfortunately, they may give you a false sense of security. To capture your current security posture in detail, a follow-up assessment should include interviews with OWNVKRNG RCTVKGU CPF FQEWOGPVGF CEVKXKVKGU VQ XGTKH[ URGEKƒ EU ;QW OC[ ƒ PF VJCV GNGOGPVU QH [QWT UGEWTKV[ plan are not actually being carried out in practice or activities are different from what you expect.
5. The Right Gear (aka Testing Tools) Choose security testing tools that are flexible and adjust to changing conditions. Keep in mind – you can’t LWUV VCMG VJGO QWV QH VJG DQZ CPF GZRGEV VJG DGUV TGUWNVU ;QWŨNN YCPV VQ VWPG VJGO VQ OCVEJ [QWT UVTKFG Otherwise false positives will end up weighing you down.
6. A Way to Chart Your Progress (aka Security Metrics) &GÆ’ PG C UGV QH UGEWTKV[ OGVTKEU VQ VTCEM QRGTCVKQPCN KORTQXGOGPVU CU YGNN CU TKUM TGFWEVKQP UQ [QW ECP FGOQPUVTCVG UWEEGUU 6JG TGCN CFXGPVWTG DGIKPU YJGP VJKPIU IQ YTQPI ;QWT UQHVYCTG UGEWTKV[ RTQITCO OWUV HQEWU QP TGOGFKCVKPI XWNPGTCDKNKVKGU PQV LWUV Æ’ PFKPI DWIU CPF HNCYU
7. A Conditioning Plan (aka Training) Everyone involved in software security must improve their ability to combat new attack vectors and threat CIGPVU 5KPEG OQUV FGXGNQRGTU CTG PQV VCWIJV VQ OCMG UWTG EQFG VJG[ ETGCVG KU UGEWTG VJG[ŨNN PGGF URGEKƒ E training resources and hands-on practice to build their security skills.
SDT100_Ads_Layout 1 7/20/17 4:12 PM Page 10
Move towards a more optimal DevOps model. Join the webinar to learn how.
saas.hpe.com/software/devops-solutions
SDT100_HPE_Layout 1 7/20/17 4:55 PM Page 11
SD TIMES 100 LEADERS
HPE ALM OCTANE FUELS ENTERPRISE DEVOPS ore businesses are delivering value to customers through software. As the pace of business continues to accelerate, organizations need to improve the efficiency of software delivery while enabling ever better customer experiences. Achieving those goals on a single-project basis is challenging enough. However, to remain competitive, today’s companies must understand and optimize entire product portfolios. HPE Application Lifecycle Management (ALM) Octane provides the visibility and intelligence large enterprises need to continuously improve software development and delivery at enterprise scale. “DevOps adoption has accelerated in large enterprises, although the transformation is still isolated in different groups, applications or projects,” said Ashish Kuthiala, senior director of Hewlett Packard Enterprise (HPE). Now that there are an increasing number of enterprise level proof-points and traction, everyone wants to move in that direction. We’ve gone through the transformation ourselves with 40,000 developers and testers, so we understand what it requires and how large companies can improve efficiencies at scale.” HPE ALM Octane is an integrated open management platform for all lifecycle artifacts. It enables enterprises to deliver high-quality applications faster and at scale. HPE ALM Octane integrates with HPE products, third-party products and open source projects that companies are already using to improve process efficiencies at different phases of the SDLC. Using HPE ALM Octane, users can track the progress of projects and entire portfolios from code status to resource allocation and ROI. HPE is among the 2017 SD Times 100 for it excellence in the DevOps category.
our ALM solution because it’s scalable and reliable for mission critical application portfolios,” said Kuthiala. “They’re taking advantage of the analytics and machine learning algorithms to manage, track and govern everything from requirements to development to test and maintenance.”
ENTERPRISE-CLASS ALM
BUILD
M
Large enterprises want to understand how to improve software delivery cycles across traditional Waterfall, Agile and DevOps projects. They need to ensure that all requirements are being met and all the required testing has been done. They also want to identify bottlenecks in software pipelines and leverage best practices throughout the organization. “You need a single view that ties the entire application portfolio at an enterprise scale,” said Kuthiala. HPE ALM Octane provides insight into requirements, code status, testing status, delivery status, security, performance in production and user feedback loops to prioritize work and improve software delivery cycles. Importantly, HPE ALM Octane also acts as the single hub based on the information it collects from tools throughout the SDLC, enterprise-wide. “For managing a complex application portfolio at an enterprise level, you need to understand the entire delivery cycle from planning to application,” said Kuthiala. “Our customers use Octane to manage DevOps, Agile and Waterfall teams and projects from a single hub.”
MANAGE SOFTWARE
AT
ENTERPRISE SCALE
HPE ALM Octane enables software development teams to consistently deliver high-quality products every time. “We built the next-generation application lifecycle management platform based on an open architecture, data analytics and machine learning algorithms,” said Kuthiala. “It doesn’t matter what kind of tools or delivery methodology you’re using. HPE Octane brings it all together.” HPE Octane integrates out-of-thebox with the most common dev-test ecosystems including Bamboo, Eclipse, Git, Github, Jenkins, JIRA, JUnit, Serena, Visual Studio and more. One thing that distinguishes HPE Octane is its massive scalability. Businesses with tens of thousands of developers, testers and DevOps engineers can manage and govern end-to-end application lifecycle management more effectively for multiple teams, budgets, resources and products. “Large enterprises with 30,000 to 50,000 developers are using “For managing a complex application portfolio at an enterprise level, you need to understand the entire delivery cycle from planning to application,.” —Ashish Kuthiala
IN
SECURITY
HPE Octane integrates with HPE’s Fortify security solution to ensure code is secure early in the SDLC as enterprises look to integrate security scanning into their DevOps adoption. HPE also offers an embedded IDE security scanning tool, HPE DevInspect which inspects code as a user is creating code in the IDE. “It’s like a spellchecker that automatically warns you if you’re violating any security frameworks,” said Kuthiala. “After the code is checked in, HPE Fortify can scan the code and provide feedback back via Octane’s dashboard to let you know right away whether you pass the security checks for those lines of code as opposed to waiting till the end of the SDLC to provide security feedback.” Regardless of what kinds of security testing software tools or methodologies a customer is using, HPE Octane orchestrates them all into a single ecosystem, so customers don’t have to rip and replace the tools they already have. “We help large enterprises with their mission of scaling DevOps throughout the organization,” said Kuthiala. “Getting results takes time. It’s a journey towards continuous improvement for delivering high quality and secure applications faster to your users.” Learn more at: www.saas.hpe.com/software/ alm-octane. G AUGUST 2017 11
SDT100_Ads_Layout 1 7/20/17 4:12 PM Page 12
10 Tips to Start Scaling DevOps Moving the Enterprise from isolated pilots to organization-wide success
A number of surveys and analysts’ estimates have shown that DevOps is no longer a start-up and tech unicorn play, with the majority of enterprises reporting that they’ve either adopted some DevOps practices or are planning to in the near future. But the operative word here is ‘some.’ Typically, when enterprises say they’re doing DevOps, a look under the covers will show that their transformation is still isolated by business groups, applications or projects. The true test comes when it is time to learn from these smaller deployments by broadening the scope across the enterprise. While many fewer enterprises have accomplished the task of doing DevOps at scale than those who have simply piloted DevOps, these firms are out there. And the efforts of their intrepid DevOps champions have typically helped these enterprises reap ample strategic and operational benefits at every level of the business. We’ve gathered some of the insights from a number of DevOps experts who have lived through or are currently living through the process of scaling DevOps in order to offer some tips, tricks and meaningful advice on how to do it successfully. Tip #1: Bottom-up? Top-down? Middle-out? Yes! When smaller organizations or teams start DevOps initiatives, one of the biggest agents of change is empowerment at the grassroots level. But large organizations are different, warns Gary Gruver, president of Gruver Consulting and author of Leading the Transformation: Applying Agile and DevOps Principles at Scale. “In a large organization it’s about executive
SDT100_Ads_Layout 1 7/20/17 4:13 PM Page 13
leadership and getting them to coordinate improvements, because I see a lot of changes with DevOps where it starts grassroots and eventually you can’t influence anybody above you or across from you to change,” Ideas and experiments generated at the grassroots level are what provide the proof points and metrics necessary to garner executive support for wider adoption. Then it is a matter of packaging up the evidence — both from internal successes and external case studies and research — in ways that will galvanize sponsors at the highest levels of the IT org chart. Tip #2: Define the elephant Even when an organization manages to garner across-the-board enthusiasm for transitioning to DevOps, that excitement can be very difficult to translate to real change. That’s mainly because everyone is excited about very different preconceived notions as to what exactly DevOps does for an organization. “It’s like five blind men describing an elephant,” Gruver says. If large organizations are going to truly scale their DevOps efforts, they’ll need to ensure there’s a “common view of the elephant” so that everyone is on the same page about roles, responsibilities and, most importantly, outcomes. Tip #3: Automated testing is crucial Automation is the name of the game for so many facets of DevOps success, but if there is a single automation improvement that will make or break an enterprise’s ability to scale its DevOps success, Gruver would undoubtedly name test automation. Test automation is the most important thing I think in terms of transforming your software development processes, and it’s the thing that’s most frequently being done wrong,” he says. “Organizations must start by evaluating their test framework and getting it stable, reliable and repeatable”. Some of these suggestions are universal and some may seem contradictory - that’s because every organization is different. Depending on culture, org charts and business models, some tips that may work well within some organizations would work terribly at others. The goal here is to provide some perspectives for readers to start thinking about workflows and philosophies shared by their peers so they can stumble onto at least a few that may apply within their own organizations. For the complete list of ten tips with advice from actual practitioners, listen to the complete discussion at http://bit.ly/2u2BjYt.
SDT100_Ads_Layout 1 7/20/17 4:13 PM Page 14
SDT100_Sparx_Layout 1 7/20/17 4:53 PM Page 15
ALM & DEVELOPMENT TOOLS
SPARX SYSTEMS FUELS COLLABORATION oday’s software has the power to make or break businesses. To stay competitive, software design and development stakeholders need to collaborate effectively. More than 580,000 users, including more than 80 percent of Fortune 100 firms, choose Sparx Systems Enterprise Architect to support and manage highly complex projects across distributed teams. “Development has become more collaborative and iterative, requiring faster turnaround and agility. Meanwhile, software development, architectures and systems have become more complex and sophisticated,” said Geoffrey Sparks, Founder and CEO of Sparx Systems. “Enterprise Architect helps minimize these conflicting imperatives by providing a solid platform that underpins the delivery and support of new applications, services and technology.” Enterprise Architect is an advanced, enterprise-wide, visual modeling platform that manages every aspect of software planning, design, construction and delivery. It enables effective collaboration and ensures complete traceability. Businesses across industries depend on Enterprise Architect’s modeldriven design capabilities and powerful visualization tools to improve understanding across roles and responsibilities. Sparx Systems is among the 2017 SD Times 100 for its continued innovation in ALM & Development Tools.
matched objects is displayed. All matched object counts can be clicked on to display the list of objects that match a particular activity type. That way, all stakeholders can monitor changes and stay well-informed of issues that may impact project milestones. Pro Cloud Server also provides a Review element which is a simple, yet powerful mechanism for capturing discussions about a particular event in real time.
INTRODUCING PRO CLOUD SERVER
neapolis-St. Paul so our American, Canadian and Mexican customers have a convenient place where they can learn how to achieve the maximum value from their Enterprise Architect deployments and investments.”
T
The Pro Cloud Server radically transforms the business value of modeling and design by extending model access to the entire organization. Users can review and discuss models and solutions, assign and manage resources, file bugs, create requirements and much more from a familiar, mobile friendly web-based interface. A simple URL enables global collaboration on models without the need for database drivers or other client-side access components. “Our new Pro Cloud Server, WebEA and OSLC-based RESTful API are integrated so Enterprise Architect repositories can be hosted in the cloud or on a corporate intranet to provide optimized web-based access from browsers, mobile devices, Enterprise Architect and other network-based devices,” said Sparks. “Pro Cloud Server is fast, secure and easily managed with minimal deployment overhead.” WebEA provides immediate web-based access to models so users don’t have to publish or export content. They can simply connect a model to the Pro Cloud Server and share access to the content and visual models created in Enterprise Architect. With WebEA, users can easily review, discuss, manage and collaborate on models. The OLSC RESTful API enables a heightened level of integration between Enterprise Architect and other technologies, including plug-ins or enterprise level standalone systems. In addition to WebEA and the OLSC RESTful API, Pro Cloud Server includes a watch list feature so users can rapidly identify recent activity in a model. Whenever a Watch List Summary is generated, all object types of interest are checked for recent activity and a count of
NORTH AMERICA GETS LOCAL SUPPORT Sparx Services North America is a new facility providing a unique combination of integrated strategic process improvement consulting, customized classroom training, professional development products and project coaching so customers can achieve a sustainable development process. “Our presence in North America has grown so much over the years, it’s in everyone’s best interest to expand our services and support offerings,” said Sparks. “The new facility is located near Min“It’s the first-time business analysis techniques have been actualized in this way.” —Geoffrey Sparks
DRIVE VALUE
FROM
DISRUPTION
Sparx Systems and the International Institute of Business Analysis (IIBA) recently released a Tools & Techniques reference model for IIBA’s A Guide to the Business Analysis Body of Knowledge (BABOK Guide v3). The solution supports leading standards and frameworks of both enterprise architecture and business analysis practices so users can improve their capabilities, productivity and business performance. It is supported via the Pro Cloud Server and Model Driven Generation (MDG) Technology within Enterprise Architect. Enterprise Architect’s Tools & Techniques for BABOK Guide v3 is the product of a 2015 Memorandum of Understanding between the IIBA and Sparx Systems, both of whom aim to create greater connections and engagements across the business analysis community. “We’ve combined IIBA’s internationally-recognized standard for business analysis with Sparx Systems’ industry-leading modeling environment for enterprise-wide digital transformation,” said Sparks. “It’s the first-time business analysis techniques have been actualized in this way.” The new toolset shows professionals how to implement business analysis standards for greater reliability, repeatability and improved productivity. Common benefits include effective knowledge sharing and better business outcomes. Learn more at www.sparxsystems.com. G AUGUST 2017 15
SDT100_Ads_Layout 1 7/20/17 4:14 PM Page 16
COMPREHENSIVE TEST AUTOMATION SUPPORT
Perfecting Software
Get a complete software testing solution with test environment support
STATIC & DYNAMIC ANALYSIS
UNIT TESTING
“ The importance of software testing and error prevention has risen dramatically, paralleling the continued escalation of software complexity. Parasoft provides developers with the tools and infrastructure necessary to test early and regularly, ensuring quality throughout the software development lifecycle. Theresa Lanowitz, voke inc.
”
API, LOAD, PERFORMANCE, & SECURITY TESTING
SERVICE VIRTUALIZATION
Learn more at parasoft.com
LEARN MORE
SDT100_Parasoft_Layout 1 7/20/17 4:54 PM Page 17
TESTING
PARASOFT HELPS TEAMS PERFECT SOFTWARE ast software delivery is a competitive differentiator and so is software quality. Companies can easily find themselves vilified in the media and on social media for shipping software that fails, malfunctions or is hacked. To mitigate this risk and prevent software failures, software teams that are serious about the quality of their embedded, IoT and enterprise software depend on Parasoft to ensure comprehensive testing throughout the SDLC. “As more teams develop software for the connected era, they need to implement safeguards and evolve their testing processes,” said Marc Brown, CMO at Parasoft. “Software complexity is skyrocketing, with greater connectivity, functionality, security threats, government regulations and standards. All the while, companies are racing to deliver software to the market. They need to balance their pace with market risk.” Parasoft was named to the 2017 SD Times 100 in the Testing category for its consistent innovation.
F
WHO
IS
RESPONSIBLE
FOR
QUALITY?
The correct answer: everyone. Nevertheless, it is still being overlooked. Business leaders are demanding faster software delivery to drive more revenue, grow markets and meet quarterly objectives. Risk is often a secondary consideration, until remediation becomes mandatory. “With social media and its front-and-center visibility into software failures, bad software quality can have a huge impact on company reputation and revenue,” said Brown. “More companies are relying on the Internet for connectivity, including moving to the cloud because deployment is easy. Many of them don’t understand the associated risks because they haven’t needed to understand it in the past. And unfortunately, even when they understand the risks, they aren’t necessarily addressing them properly.” Part of the problem is that testing processes are not evolving at the same pace as technology and application design, especially as more systems are connected. To address this problem, Parasoft helps customers by evolving testing processes, providing insights into where risks are lurking and educating customers about how to institute policies and time-saving reporting. “Threat assessments, for instance, should be done upfront in the design phase, with thorough security and quality testing throughout the lifecycle from beginning to end,” said Brown. “You also need policies defined to dictate release criteria for alphas, betas and GA releases.” Unfortunately, despite high-profile breaches and malfunctions, there are still organizations that haven’t adopted end-toend software testing. In today’s hyper-connected world, component-level testing isn’t enough anymore — entire systems must be tested. In a recent blog, Brown points out that embedded device developers tend not to think about IoT in terms of services,
which is a mistake. They need to change their thinking to more holistically address the end user, as they strive to meet functional, quality, performance, and security requirements.
A COMPREHENSIVE TESTING SUITE Parasoft’s comprehensive portfolio of testing tools automates time-consuming testing tasks and provides management with intelligent analytics and reporting so they can focus on what matters. Software organizations developing and deploying embedded, enterprise and IoT applications depend on Parasoft’s static analysis, unit testing, functional testing and load/performance testing to ensure that quality is achieved, including security, safety, reliability and compliance. Parasoft’s family of software solutions provide end-to-end testing capabilities, along with test environments, which are enabled through service virtualization and environment management. “We have the broadest portfolio of testing solutions on the “Threat assessments, for instance, should be done upfront in the design phase.” —Marc Brown
market, supported by the most intelligent reporting and analytics engine,” said Brown. “This combination ensures that thorough testing is achieved, even as software technology evolves.” Parasoft’s testing products include Insure++, C/C++test, Jtest, and dotTEST, SOAtest and a robust reporting and intelligent analytics platform. Parasoft Virtualize, the company’s test environment platform, is integrated with these testing products to enable continuous testing and DevOps support. Parasoft Virtualize is an open, automated service virtualization solution for creating, deploying and managing simulated services. It simulates the behavior of dependent applications and/or devices that are still evolving, difficult to access or difficult to configure. Service virtualization is essential for testing today’s highlyconnected applications, as many dependent services/systems are not available or too costly to use for testing purposes. It’s ideal for developers who don’t want to write mocks and stubs, and it helps address risk for organizations that want more assurance than mocks and stubs can provide. “We are software testing experts, uniquely supporting the testing requirements of embedded, IoT and IT application development,” said Brown. “You can get all the tools you need, which makes Parasoft ideal for all companies, including those working to improve agile processes or achieve continuous testing and DevOps.” Learn more at www.parasoft.com. G
AUGUST 2017 17
SDT100_Ads_Layout 1 7/20/17 4:14 PM Page 18
SDT100_Aspose_Layout 1 7/20/17 5:18 PM Page 19
APIS, LIBRARIES & FRAMEWORKS
ASPOSE DOMINATES DOCUMENT FILE APIS nterprise software teams need to edit, create, and convert popular business file formats programmatically such as Microsoft Word documents, Microsoft Excel spreadsheets, and Adobe PDF files. With Aspose, they can do all of that and a lot more. The company also supports developers working with niche file formats including Micosoft Visio files, Autodesk CAD files, and Microsoft Outlook PST files. In fact, Aspose supports more than 100 file formats which makes the company the go-to vendor for business file format APIs. “Our APIs work with almost any platform to accommodate the file format manipulation needs of the vast majority of developers,” said Justin Anderson, Business Team Member, at Aspose. “Since 2002, we’ve continued to expand our capabilities so developers have the flexibility and choices they need to keep their customers satisfied.” Aspose offers native support for .NET and Java via downloadable standalone libraries. It also offers support for Perl, Ruby, NodeJS, ObjectiveC, PHP, and Python programming languages with downloadable SDKs for use with its Aspose for Cloud product line. Aspose was selected as one of the 2017 SD Times 100 for its contributions to the APIs, Libraries, and Frameworks category.
E
ASPOSE.TOTAL DELIVERS VALUE, FAST Aspose.Total is a complete set of file format manipulation APIs. It includes all the APIs Aspose offers. Software teams working across platforms that need broad file format capabilities choose the Aspose.Total all-in-one suite. Individual teams or developers building applications for a specific platform can purchase Aspose.Total for .Net, Java, Cloud or Android. Of course, customers have the option of purchasing Aspose APIs in whatever manner suits their organization best, whether it’s one of the Aspose.Total suites, a function-specific API family, or a single API. “The Aspose.Total product family is the most comprehensive suite of file format APIs, rendering extensions and exporters available anywhere,” said Anderson. “Customers trust us to deliver the capabilities they need as software development technologies continue to change and grow.” Aspose.Total for .NET can be used for Windows Forms, ASP.NET, WPF, WCF or any type of application based on the .NET Framework 2.0 or later. Java developers can take advantage of Aspose.Total for Java, which is a set of native Java APIs for desktop, web, and mobile applications based on Java SE or EE. Mobile developers use Aspose.Total for Android via Java. With it, they can manipulate Word, Excel, PowerPoint and other formats in mobile apps. Aspose.Total for Android works with Android OS 2.3 or later. SharePoint developers choose Aspose.Total for Sharepoint to convert Word, Excel, PowerPoint and other formats in SharePoint Foundation and Server.
Developers building reports appreciate Aspose.Total for Reporting Services which exports RDL reports to Word, Excel, PowerPoint and other formats from SQL Server Reporting Services (SSRS). There is also an Aspose.Total for JasperReports option which exports Word, Excel, PowerPoint, and other formats from Jasper Reports or Jasper Server. Given the popularity of cloud platforms today, developers appreciate Aspose.Total for Cloud because it runs everywhere. Aspose.Total for Cloud supports any language or platform capable of calling REST APIs. “Software teams that need business-centric file APIs on any platform choose Aspose,” said Anderson. “Organizations building apps for different platforms also prefer us because they can deliver consistent functionality regardless of which language they’re using.”
ASPOSE’S MOST POPULAR APIS Three of the most popular APIs are Aspose.Words, Aspose.Cells and Aspose.Pdf, all of which are available in any of the “The Aspose.Total product family is the most comprehensive suite of file format APIs, rendering extensions and exporters available anywhere.” —Justin Anderson
Aspose.Total suites. Organizations that only need one particular type of capability across platforms, such as Microsoft Word manipulation capabilities, can purchase these and other APIs as product families. The Aspose.Words family is a set of APIs for creating, editing, converting and printing Word documents using popular platforms including .NET, Java, Cloud, Android via Java, Android via Xamarin, SharePoint, SSRS and JasperReports. Developers use the APIs to build high-performance apps that are capable of creating, editing, converting or printing Word document formats using Aspose’s native APIs for .NET, Java and Cloud. Customers who just want Word capabilities can purchase the Aspose.Words product family or Aspose.Words for an individual platform as a single solution. Using Aspose.Cells, developers can manipulate Microsoft Excel worksheets in any platform. With the APIs, developers can create faster applications to create, editor or convert Excel using Aspose’s APIs for .NET, Java, Cloud, and Android. Like Aspose.Words, Aspose.Cells is available as a product family and for individual platforms. Aspose.Pdf enables the manipulation of PDF documents in any platform. Developers use it to build high-performance apps capable of creating, editing or converting PDF file formats using Aspose’s native APIs for .NET, Java, Cloud and Android. Aspose.Pdf is also available as a product family and for individual platforms. Learn more at www.aspose.com. G
AUGUST 2017 19
SDT100_Ads_Layout 1 7/20/17 4:14 PM Page 20
CREATE DOCUMENTS IN THE
SDT100_TextControl_Layout 1 7/20/17 4:55 PM Page 21
USER EXPERIENCE
TEXT CONTROL SIMPLIFIES REPORTING igital transformation is changing the way companies operate. From digitized business processes to better customer experiences, information remains at the heart of transactions, which is why reporting capabilities are essential today. With Text Control, developers can add powerful reporting capabilities to their applications anyone can use. “We talk to developers every day to find out how we can make reporting and word processing easier and more efficient,” said Bjöern Meyer, president of Text Control USA. “Business processes, whether digital or not, require documents and reports that need to be designed, created, shared and archived.” For the last 25 years, developers have been using Text Control components to deliver powerful capabilities that require only basic Microsoft Word skills to use. “Our core business is reporting and word processing tools so we focus all of our innovation efforts on those two things,” said Meyer. “We’re always inventing new technologies, products and services.” 2016 was another record growth year for Text Control in terms of licenses and users. The company was selected as one of the 2017 SD Times 100 for its continued excellence in the ALM & Developer Tools category.
D
X14 ADDS POWERFUL FEATURES TX Text Control X14 includes a complete reporting tool that meets document workflow requirements. While reporting features are not new to TX Text Control, the capabilities continue to get more powerful without becoming more difficult to use. “The typical reporting workflow has three stages: designing reporting templates, merging templates with data, and sharing created documents,” said Meyer. “All of those stages have different requirements and user groups. We support them all.” TX Text Control X14 includes the Text Control Reporting Framework which provides sophisticated components that address the needs of users at each of the three stages. Theframework does not depend on any third-party tools, including Microsoft Word, so developers can deliver exceptional user experiences without the hassle and cost of such dependencies. To design a template, developers can simply choose a designer for ASP.NET, Windows Forms, or WPF, all of which provide the “Business processes, whether digital or not, require documents and reports that need to be designed, created, shared and archived.” —Bjöern Meyer
CREATE AND MANAGE CLOUD REPORTS Text Control ReportingCloud brings complete reporting functionality to the cloud so all developers can use it, irrespective of the platform or language they’re using. Its highly RESTful API can be used to merge Microsoft Word compatible templates with JSON data from all clients including .NET, JavaScript, PHP, Node.JS, jQuery, Ruby, Python, Android, Java and iOS. Using the admin portal, developers can manage, upload, download and create templates and JSON datasource excerpts. The admin portal also provides an overview of recent transactions and account settings. “ReportingCloud templates can be created and edited directly online using an HTML5-based editor,” said Meyer. “Datasource excerpts from JSON files can be uploaded to insert matching merge fields, repeating merge blocks and preview the template directly. The templates can be edited using any browser on any platform.” ReportingCloud enables documents to be created anytime, anywhere. That way, invoices, quotes or other dynamic documents can be created from any desktop, web or mobile application. “Whether you’re creating an iPhone, Android, Windows Phone or web App, Text Control ReportingCloud enables professional documents to be creating using one simple Web API call,” said Meyer. “The Web API endpoints allow developers to manage templates and create documents.” There’s no need to install TX Text Control on servers, machines or devices.
same functionality. Because the editor is Microsoft Word compatible, developers can provide the look and feel of Microsoft Word with specialized capabilities that have been customized or adapted to suit specific end user requirements. “The Microsoft Word templates can be reused and edited in TX Text Control, and because all templates can be stored in industry formats such as DOCX, DOC, and RTF, they are always compatible with other word processors including Microsoft Word,” Meyer said. The report designer also includes an out-of-the-box editor with a fully-featured reporting tab that provides fast access to reporting features so users can easily load data sources and insert merge fields and repeating, nested merge blocks for master-detail views. After a template has been successfully designed, the reporting engine MailMerge merges data into the template. For each data row of the master table in the data source, a document is created. The merge fields are then populated with column values. Repeating blocks are merged with data rows of related child tables in the data source. A data source can be any IEnumerable object including JSON objects, DataSet and DataTable objects. Documents created with TX Text Control are typically shared or presented in the developers’ application. Alternatively, TX Text Control editors can be used to view the documents. The DocumentViewer renders pages in a true WYSIWYG manner so there are no discrepancies when printed. It also provides familiar Microsoft Word search and select capabilities. Learn more at Textcontrol.com. G
AUGUST 2017 21
SDT100_Fugue_Layout 1 7/21/17 11:54 AM Page 22
IT OPS
FUGUE DEMOCRATIZES IT ENVIRONMENTS s more testing shifts left, developers and DevOps teams need access to production environments without causing disruption to business operations or violating organizational policies. Cloud alternatives provide easy access to production environments, but as virtual environments scale they become more complex, which can expose the organization to risks. “A data center with hundreds of resources is a large system,” said Josh Stella, co-founder and CEO of Fugue. “In the cloud, a system that has hundreds of resources is relatively small.” Fugue simplifies the building and operation of virtual IT resources so organizations can scale their environments without losing control of the environment. Fugue uniquely delivers a capability that allows organizations to validate policies before runtime so no one can build anything that breaks the rules. Then, Fugue continually and automatically enforces the system’s policy definitions and infrastructure specs to accomplish self-healing system state. “To be successful in cloud, you need to automate everything,” said Stella. “Fugue automates deployment, operations, monitoring, modifying, updating, and termination of resources.” Fugue is included in the 2017 SD Times 100 for its innovative contributions to IT Ops. Cloud technology has evolved from virtual data centers to complex service-enabled systems that include containers, machine learning and a lot more. The environmental complexity is driving the need for infrastructure as code, policy as code and security as code. Fugue handles all of that, which saves time and lowers risks.
A
AUTOMATED INTELLIGENCE Fugue rapidly provisions and builds infrastructure. It also monitors infrastructure, heals it, and returns it to the correct specification, at cloud speed. Meanwhile, it’s providing constant insight into everything that’s happening, faster than anything on the market.
THE FUGUE CONDUCTOR The Fugue Conductor provisions all infrastructure. Every 30 seconds, it ensures that the infrastructure is what it’s supposed to “A data center with hundreds of resources is a large system. In the cloud, a system that has hundreds of resources is relatively small.” —Josh Stella be. That way, if someone opens a port to work from home or hacks into a system, the Fugue Conductor recognizes the violation and fixes it.
FUGUE COMPOSITIONS Fugue compositions allow users to declare what the infrastructure should be as code. Unlike template build systems and deployment tools, Fugue provides a domain-specific language that prevents infrastructure errors before they’re instantiated. There’s also a beta product in visual form that examines compositions and shows accurate diagrams of everything a user wants to build and run on cloud. Learn more at www.fugue.com. G
Survey results found here
SDT100_Openmake_Layout 1 7/20/17 4:54 PM Page 23
DEVOPS
DEPLOYHUB AGENTLESS CONTINUOUS DEPLOYMENT
A
gile teams are using continuous delivery to increase the speed of release cycles. A key component of continuous delivery is continuous deployment. Few teams have mastered continuous deployment because production struggles to keep up with the pace of agile. DeployHub conquers traditional software deployment challenges with safe, agentless release automation so continuous deployment can be achieved across the pipeline. “To master Agile’s last mile, deployments must adapt across the continuous delivery pipeline,” said Tracy Ragan, co-founder and CEO at OpenMake Software. “In reality this can be difficult. The different environments have mixed configurations from physical servers to containers. Waterfall deployment approaches rely on the luxury of time to tweak scripts across the life cycle. Agile needs more. Application release automation (ARA) tools are used to elim“Everyone needs continuous deployment to master Agile’s last mile — the point in which production becomes lean.” —Tracy Ragan inate old scripted processes to achieve continuous deployment for all.” While there’s no shortage of ARA products, the dysfunction in the market is in the acquisition and implementation of these tools. Developers need ARA but can’t afford to buy expensive agent based solutions. Production teams look to buy one deployment solution to satisfy all teams — a high-cost and risky proposition. OpenMake Software is addressing this dysfunction by first allowing developers to get their hands on an open source ARA tool. Testing and production can easily upgrade to the ‘Pro’ version for security, release management and audit requirements. Best yet, DeployHub does not require end point agents making adoption by test and production a reality — one project at a time. OpenMake was named to the 2017 SD Times 100 list for its contributions to DevOps.
EFFECTIVE AND AFFORDABLE CONTINUOUS DEPLOYMENT “ARA solutions should not be a big dollar ‘enterprise’ purchase. This is old school thinking,” said Ragan. “It’s like the days of version control. Github and Subversion came along and disrupted the market. We are doing the same for ARA.” DeployHub OSS offers core ARA features to support continuous deployment. DeployHub Pro, the commercial version, makes release management as easy as choosing a time and date on a calendar. The product is unusually affordable, so no team has to assume technical debt to use it. In August 2017, the PaaS version will be available, which will lower continuous deployment costs even further. “Everyone needs continuous deployment to master Agile’s last mile — the point in which production becomes lean,” said Ragan. “We allow you to do that easily and affordably.” Learn more at www.openmakesoftware.com. G AUGUST 2017 23
SDT100_Ads_Layout 1 7/20/17 4:14 PM Page 24
Synopsys offers the most comprehensive solution for building integrity—security and quality—into your SDLC and supply chain. Synopsys is a leader on Gartner’s Magic Quadrant for Application Security Testing.
For more information, go to www.synopsys.com/software
Gartner Magic Quadrant for Application Security Testing, Dionisio Zumerle, Ayal Tirosh, February 28, 2017 Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.