SlideShare una empresa de Scribd logo

Building the Pipeline of My Dreams

Gene Gotimer
Gene Gotimer

I often suggest to teams that they should be using all sorts of tools in their pipelines- from simple static analysis checks and automated builds to security scans and performance testing. I've done presentations and talks at conferences. I've lobbied to clients. I've commiserated with my colleagues. But I've never put together my dream pipeline in one of my own projects. There are always reasons that some tests and tools get left out- our policies won't allow them, they will take too long to get approved, we don't have time, we have bigger problems to deal with, it just isn't what the client is looking for right now. And I usually think, if only I were in charge, I'd make sure we were using those... In late 2017 I took over maintenance on an open-source project. Now I have no restrictions. The sky's the limit. No one is around to tell me what I can't do. So why don't I have my dream pipeline in place yet? I'll talk about the trade-offs and compromises I made when building out the pipeline. Why I decided to focus on some tools and tests but skipped others, and what I need to do or change to make this delivery process the pipeline I've always dreamed about, now that I have no one else to blame.

Software
1 de 23
Descargar para leer sin conexión
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 1@CoverosGene #AgileDC Building the Pipeline of My Dreams Gene Gotimer © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED.@CoverosGene #AgileDC
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 2@CoverosGene #AgileDC About Coveros • Coveros helps companies accelerate the delivery of secure, reliable software using agile methods • Services • Agile Transformations & Coaching • Agile Software Development • Agile Testing & Automation • DevOps and DevSecOps Implementations • Software Security Assurance & Testing • Agile, DevOps, Test Auto, Security Training • Open Source Products • SecureCI – Secure DevOps toolchain • Selenified – Agile test framework Areas of Expertise
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 3@CoverosGene #AgileDC Selected Clients
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 4@CoverosGene #AgileDC Delivery Pipeline Process of taking a code change from developers and getting it deployed into production or delivered to the customer automated, manual, or a mix
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 5@CoverosGene #AgileDC Tests Your Pipeline Might Be Missing • List of different types of tests to add to your pipeline • Presented as a 10-minute lightning talk at AgileDC 2017 • Also, TestBash Philadelphia 2017 has longer version, full video https://goo.gl/pyuvyL
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 6@CoverosGene #AgileDC zap-sonar-plugin • Integrates reports from OWASP ZAP into SonarQube • Written by Steve Springett https://github.com/Coveros/zap-sonar-plugin
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 7@CoverosGene #AgileDC Challenges • zap-sonar-plugin is a library • Many of the system-level tests don’t apply • Open-source • Everything must be accessible from the Internet • Nothing private • Anyone should be able to contribute • I’m cheap • No recurring monthly charges, subscriptions • Including VMs • Must be easy • Infrequent use means I’ll forget anything complicated
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 8@CoverosGene #AgileDC Source Control • Using GitHub • Was already hosted on GitHub • Would have considered GitLab if I wanted private • Pull requests • Issue tracker • README.md rendering • Wiki
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 9@CoverosGene #AgileDC zap-sonar-plugin on GitHub
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 10@CoverosGene #AgileDC Branching • Usually I recommend Git Flow • Flexible • Supports most use cases • Merge features to develop • Release from master • Switching to GitHub Flow • Simpler • No develop branch • Pull requests merge to master • Avoids extra merge from develop to master https://guides.github.com/introduction/flow/
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 11@CoverosGene #AgileDC Build System • Using Maven • Clear winner for Java • Convention over configuration • Everyone can use it immediately • Excellent dependency management • Lots and lots of plugins • I recommend against Gradle • Not because it is bad • Because most projects don’t need it https://maven.apache.org
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 12@CoverosGene #AgileDC Continuous Integration • Usually I recommend Jenkins • Free, open source • Commercial option available • Lots and lots of plugins • De facto standard • Really, so many plugins • Using TravisCI • Free for open source, hosted • Easy GitHub integration, badge https://travis-ci.com
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 13@CoverosGene #AgileDC Static Analysis • Usually I recommend SonarQube • Free, open source • Lots of plugins • Many languages supported • De facto standard • Using Codacy • Free for open source • Easy GitHub integration, badge • Also trying Code Climate • More specific on maintainability https://www.codacy.com https://codeclimate.com
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 14@CoverosGene #AgileDC Libraries up-to-date • Usually I recommend OWASP Dependency Check • And OWASP Dependency Track • My clients often use Sonatype Nexus Lifecycle • Want to keep all security findings in house • Using Sonatype DepShield • Free for open source • Currently Maven only • npm and Python coming soon https://depshield.github.io
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 15@CoverosGene #AgileDC Repeatable, Reliable Deployments • Usually I recommend Chef, Puppet, Docker • Any of them work • Automated deploys are a must have for a pipeline • Using Docker • Not deploying, just for testing • zap-sonar-plugin is built into a SonarQube image https://www.docker.com • dockerfile-maven-plugin from Spotify https://github.com/spotify/dockerfile-maven
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 16@CoverosGene #AgileDC Functional Testing • Normally I’d recommend smoke tests after every deploy • To test the deploy • In this case, the smoke tests = functional tests • Load the Docker image • Run Selenium tests • Load known OWASP ZAP report • Make sure expected data is displayed • Not written yet • Lots of excuses, but they just aren’t done https://www.seleniumhq.org
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 17@CoverosGene #AgileDC Security Testing • Limited exposed interface • No API to speak of • Relying on • Static analysis • Library scanning • Manual review • But considering security on every change • In case we need to do some real scanning
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 18@CoverosGene #AgileDC Performance Testing • Usually I recommend JMeter • Free, open source • Written in Java • Not just for testing Java https://jmeter.apache.org • Not doing any performance tests • Should measure load and parse times • Not currently a concern
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 19@CoverosGene #AgileDC Releasing • Release means pushing to Central Repository • maven-release-plugin • To switch from -SNAPSHOT build to release • maven-gpg-plugin • To sign the release with my GPG private key • Cannot easily be automated • nexus-staging-maven-plugin • To push to Central Repository • Also publish library to GitHub releases • Using TravisCI
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 20@CoverosGene #AgileDC Future Work • Add Selenium tests • Add a performance baseline • Full automated release
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 21@CoverosGene #AgileDC #Coveros5 • Be flexible with tool selection. Fill a role, don’t just use the tool. • Not all pipelines are created equal. Not all projects are the same. • Easy of use is important if you don’t do it often. Automation can be especially helpful. • There are always trade offs. Even when you only answer to yourself
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 22@CoverosGene #AgileDC The pipeline is never done A little better is still better. Keep improving.
© COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 23@CoverosGene #AgileDC Questions? Gene Gotimer gene.gotimer@coveros.com @CoverosGene https://github.com/Coveros/zap-sonar-plugin

Recomendados

A Reference Architecture to Enable Visibility and Traceability across the Ent...
A Reference Architecture to Enable Visibility and Traceability across the Ent...A Reference Architecture to Enable Visibility and Traceability across the Ent...
A Reference Architecture to Enable Visibility and Traceability across the Ent...CollabNet
 
Introducing GitLab
Introducing GitLabIntroducing GitLab
Introducing GitLabTaisuke Inoue
 
Drone presentation
Drone presentationDrone presentation
Drone presentationLance Smith
 
Git Lab Introduction
Git Lab IntroductionGit Lab Introduction
Git Lab IntroductionKrunal Doshi
 
Self Hosted Web-based GIT Repository Managers
Self Hosted Web-based GIT Repository ManagersSelf Hosted Web-based GIT Repository Managers
Self Hosted Web-based GIT Repository ManagersPurav Gandhi
 
Gerrit linuxtag2011
Gerrit linuxtag2011Gerrit linuxtag2011
Gerrit linuxtag2011thkoch
 
Integrating Git, Gerrit and Jenkins/Hudson with Mylyn
Integrating Git, Gerrit and Jenkins/Hudson with MylynIntegrating Git, Gerrit and Jenkins/Hudson with Mylyn
Integrating Git, Gerrit and Jenkins/Hudson with MylynSascha Scholz
 
Git 101 - Crash Course in Version Control using Git
Git 101 - Crash Course in Version Control using GitGit 101 - Crash Course in Version Control using Git
Git 101 - Crash Course in Version Control using GitGeoff Hoffman
 

Recomendados

A Reference Architecture to Enable Visibility and Traceability across the Ent...
A Reference Architecture to Enable Visibility and Traceability across the Ent...A Reference Architecture to Enable Visibility and Traceability across the Ent...
A Reference Architecture to Enable Visibility and Traceability across the Ent...CollabNet
 
Introducing GitLab
Introducing GitLabIntroducing GitLab
Introducing GitLabTaisuke Inoue
 
Drone presentation
Drone presentationDrone presentation
Drone presentationLance Smith
 
Git Lab Introduction
Git Lab IntroductionGit Lab Introduction
Git Lab IntroductionKrunal Doshi
 
Self Hosted Web-based GIT Repository Managers
Self Hosted Web-based GIT Repository ManagersSelf Hosted Web-based GIT Repository Managers
Self Hosted Web-based GIT Repository ManagersPurav Gandhi
 
Gerrit linuxtag2011
Gerrit linuxtag2011Gerrit linuxtag2011
Gerrit linuxtag2011thkoch
 
Integrating Git, Gerrit and Jenkins/Hudson with Mylyn
Integrating Git, Gerrit and Jenkins/Hudson with MylynIntegrating Git, Gerrit and Jenkins/Hudson with Mylyn
Integrating Git, Gerrit and Jenkins/Hudson with MylynSascha Scholz
 
Git 101 - Crash Course in Version Control using Git
Git 101 - Crash Course in Version Control using GitGit 101 - Crash Course in Version Control using Git
Git 101 - Crash Course in Version Control using GitGeoff Hoffman
 
Perforce Innovations Showcase 
Perforce Innovations Showcase Perforce Innovations Showcase 
Perforce Innovations Showcase Perforce
 
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...Edureka!
 
Working effectively with OpenShift
Working effectively with OpenShiftWorking effectively with OpenShift
Working effectively with OpenShiftShekhar Gulati
 
Building a Service Delivery Platform - JCICPH 2014
Building a Service Delivery Platform - JCICPH 2014Building a Service Delivery Platform - JCICPH 2014
Building a Service Delivery Platform - JCICPH 2014Andreas Rehn
 
Gerrit is Getting Native with RPM, Deb and Docker
Gerrit is Getting Native with RPM, Deb and DockerGerrit is Getting Native with RPM, Deb and Docker
Gerrit is Getting Native with RPM, Deb and DockerLuca Milanesio
 
Code Review with Git and Gerrit - Devoxx 2011 - Tools in Action - 2011-11-14
Code Review with Git and Gerrit - Devoxx 2011 - Tools in Action - 2011-11-14Code Review with Git and Gerrit - Devoxx 2011 - Tools in Action - 2011-11-14
Code Review with Git and Gerrit - Devoxx 2011 - Tools in Action - 2011-11-14msohn
 
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyer
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyerCase Study: Migration to GitLab (from Bitbucket) at AppsFlyer
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyerNoa Harel
 
Developing Great Apps with Apache Cordova
Developing Great Apps with Apache CordovaDeveloping Great Apps with Apache Cordova
Developing Great Apps with Apache CordovaShekhar Gulati
 
Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)
Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)
Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)Roberto Pérez Alcolea
 
Jenkins vs GitLab CI
Jenkins vs GitLab CIJenkins vs GitLab CI
Jenkins vs GitLab CICEE-SEC(R)
 
Application Deployment at UC Riverside
Application Deployment at UC RiversideApplication Deployment at UC Riverside
Application Deployment at UC RiversideMichael Kennedy
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web FrameworkDaniel Woods
 
Ratpack - SpringOne2GX 2015
Ratpack - SpringOne2GX 2015Ratpack - SpringOne2GX 2015
Ratpack - SpringOne2GX 2015Daniel Woods
 
CloudSkew Architecture
CloudSkew ArchitectureCloudSkew Architecture
CloudSkew ArchitectureMithun Shanbhag
 
Preventing Supply Chain Attacks on Open Source Software
Preventing Supply Chain Attacks on Open Source SoftwarePreventing Supply Chain Attacks on Open Source Software
Preventing Supply Chain Attacks on Open Source SoftwareAll Things Open
 
DevOps Transformation in Technical
DevOps Transformation in TechnicalDevOps Transformation in Technical
DevOps Transformation in TechnicalOpsta
 
Continuous Integration & Development with Gitlab
Continuous Integration & Development with GitlabContinuous Integration & Development with Gitlab
Continuous Integration & Development with GitlabAyush Sharma
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDNico Meisenzahl
 
It’s 2021. Why are we -still- rebooting for patches? A look at Live Patching.
It’s 2021. Why are we -still- rebooting for patches? A look at Live Patching.It’s 2021. Why are we -still- rebooting for patches? A look at Live Patching.
It’s 2021. Why are we -still- rebooting for patches? A look at Live Patching.All Things Open
 
Becoming a Git Master - Nicola Paolucci
Becoming a Git Master - Nicola PaolucciBecoming a Git Master - Nicola Paolucci
Becoming a Git Master - Nicola PaolucciAtlassian
 
A better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the governmentA better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the governmentGene Gotimer
 
Agile DevOps Transformation At HUD (AgileDC 2017)
Agile DevOps Transformation At HUD (AgileDC 2017)Agile DevOps Transformation At HUD (AgileDC 2017)
Agile DevOps Transformation At HUD (AgileDC 2017)Marco Corona
 

Más contenido relacionado

La actualidad más candente

Perforce Innovations Showcase 
Perforce Innovations Showcase Perforce Innovations Showcase 
Perforce Innovations Showcase Perforce
 
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...Edureka!
 
Working effectively with OpenShift
Working effectively with OpenShiftWorking effectively with OpenShift
Working effectively with OpenShiftShekhar Gulati
 
Building a Service Delivery Platform - JCICPH 2014
Building a Service Delivery Platform - JCICPH 2014Building a Service Delivery Platform - JCICPH 2014
Building a Service Delivery Platform - JCICPH 2014Andreas Rehn
 
Gerrit is Getting Native with RPM, Deb and Docker
Gerrit is Getting Native with RPM, Deb and DockerGerrit is Getting Native with RPM, Deb and Docker
Gerrit is Getting Native with RPM, Deb and DockerLuca Milanesio
 
Code Review with Git and Gerrit - Devoxx 2011 - Tools in Action - 2011-11-14
Code Review with Git and Gerrit - Devoxx 2011 - Tools in Action - 2011-11-14Code Review with Git and Gerrit - Devoxx 2011 - Tools in Action - 2011-11-14
Code Review with Git and Gerrit - Devoxx 2011 - Tools in Action - 2011-11-14msohn
 
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyer
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyerCase Study: Migration to GitLab (from Bitbucket) at AppsFlyer
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyerNoa Harel
 
Developing Great Apps with Apache Cordova
Developing Great Apps with Apache CordovaDeveloping Great Apps with Apache Cordova
Developing Great Apps with Apache CordovaShekhar Gulati
 
Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)
Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)
Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)Roberto Pérez Alcolea
 
Jenkins vs GitLab CI
Jenkins vs GitLab CIJenkins vs GitLab CI
Jenkins vs GitLab CICEE-SEC(R)
 
Application Deployment at UC Riverside
Application Deployment at UC RiversideApplication Deployment at UC Riverside
Application Deployment at UC RiversideMichael Kennedy
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web FrameworkDaniel Woods
 
Ratpack - SpringOne2GX 2015
Ratpack - SpringOne2GX 2015Ratpack - SpringOne2GX 2015
Ratpack - SpringOne2GX 2015Daniel Woods
 
Preventing Supply Chain Attacks on Open Source Software
Preventing Supply Chain Attacks on Open Source SoftwarePreventing Supply Chain Attacks on Open Source Software
Preventing Supply Chain Attacks on Open Source SoftwareAll Things Open
 
DevOps Transformation in Technical
DevOps Transformation in TechnicalDevOps Transformation in Technical
DevOps Transformation in TechnicalOpsta
 
Continuous Integration & Development with Gitlab
Continuous Integration & Development with GitlabContinuous Integration & Development with Gitlab
Continuous Integration & Development with GitlabAyush Sharma
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDNico Meisenzahl
 
It’s 2021. Why are we -still- rebooting for patches? A look at Live Patching.
It’s 2021. Why are we -still- rebooting for patches? A look at Live Patching.It’s 2021. Why are we -still- rebooting for patches? A look at Live Patching.
It’s 2021. Why are we -still- rebooting for patches? A look at Live Patching.All Things Open
 
Becoming a Git Master - Nicola Paolucci
Becoming a Git Master - Nicola PaolucciBecoming a Git Master - Nicola Paolucci
Becoming a Git Master - Nicola PaolucciAtlassian
 

La actualidad más candente (20)

Perforce Innovations Showcase 
Perforce Innovations Showcase Perforce Innovations Showcase 
Perforce Innovations Showcase 
 
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
Git Tutorial | Git Basics - Branching, Merging, Rebasing | Learn Git | DevOps...
 
Working effectively with OpenShift
Working effectively with OpenShiftWorking effectively with OpenShift
Working effectively with OpenShift
 
Building a Service Delivery Platform - JCICPH 2014
Building a Service Delivery Platform - JCICPH 2014Building a Service Delivery Platform - JCICPH 2014
Building a Service Delivery Platform - JCICPH 2014
 
Gerrit is Getting Native with RPM, Deb and Docker
Gerrit is Getting Native with RPM, Deb and DockerGerrit is Getting Native with RPM, Deb and Docker
Gerrit is Getting Native with RPM, Deb and Docker
 
Code Review with Git and Gerrit - Devoxx 2011 - Tools in Action - 2011-11-14
Code Review with Git and Gerrit - Devoxx 2011 - Tools in Action - 2011-11-14Code Review with Git and Gerrit - Devoxx 2011 - Tools in Action - 2011-11-14
Code Review with Git and Gerrit - Devoxx 2011 - Tools in Action - 2011-11-14
 
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyer
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyerCase Study: Migration to GitLab (from Bitbucket) at AppsFlyer
Case Study: Migration to GitLab (from Bitbucket) at AppsFlyer
 
Developing Great Apps with Apache Cordova
Developing Great Apps with Apache CordovaDeveloping Great Apps with Apache Cordova
Developing Great Apps with Apache Cordova
 
Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)
Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)
Leveraging Gradle @ Netflix (Madrid GUG Feb 2, 2021)
 
Jenkins vs GitLab CI
Jenkins vs GitLab CIJenkins vs GitLab CI
Jenkins vs GitLab CI
 
Application Deployment at UC Riverside
Application Deployment at UC RiversideApplication Deployment at UC Riverside
Application Deployment at UC Riverside
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web Framework
 
Ratpack - SpringOne2GX 2015
Ratpack - SpringOne2GX 2015Ratpack - SpringOne2GX 2015
Ratpack - SpringOne2GX 2015
 
CloudSkew Architecture
CloudSkew ArchitectureCloudSkew Architecture
CloudSkew Architecture
 
Preventing Supply Chain Attacks on Open Source Software
Preventing Supply Chain Attacks on Open Source SoftwarePreventing Supply Chain Attacks on Open Source Software
Preventing Supply Chain Attacks on Open Source Software
 
DevOps Transformation in Technical
DevOps Transformation in TechnicalDevOps Transformation in Technical
DevOps Transformation in Technical
 
Continuous Integration & Development with Gitlab
Continuous Integration & Development with GitlabContinuous Integration & Development with Gitlab
Continuous Integration & Development with Gitlab
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
 
It’s 2021. Why are we -still- rebooting for patches? A look at Live Patching.
It’s 2021. Why are we -still- rebooting for patches? A look at Live Patching.It’s 2021. Why are we -still- rebooting for patches? A look at Live Patching.
It’s 2021. Why are we -still- rebooting for patches? A look at Live Patching.
 
Becoming a Git Master - Nicola Paolucci
Becoming a Git Master - Nicola PaolucciBecoming a Git Master - Nicola Paolucci
Becoming a Git Master - Nicola Paolucci
 

Similar a Building the Pipeline of My Dreams

A better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the governmentA better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the governmentGene Gotimer
 
Agile DevOps Transformation At HUD (AgileDC 2017)
Agile DevOps Transformation At HUD (AgileDC 2017)Agile DevOps Transformation At HUD (AgileDC 2017)
Agile DevOps Transformation At HUD (AgileDC 2017)Marco Corona
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperGene Gotimer
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper Coveros, Inc.
 
Experiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD ProjectExperiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD ProjectGene Gotimer
 
Emulators as an Emerging Best Practice for API Providers
Emulators as an Emerging Best Practice for API ProvidersEmulators as an Emerging Best Practice for API Providers
Emulators as an Emerging Best Practice for API ProvidersCisco DevNet
 
Code Hosting: The Key to Autonomous, Self-Service Development
Code Hosting: The Key to Autonomous, Self-Service DevelopmentCode Hosting: The Key to Autonomous, Self-Service Development
Code Hosting: The Key to Autonomous, Self-Service DevelopmentRachel Maxwell
 
Atagg2015 Continuous delivery by building environment using docker
Atagg2015 Continuous delivery by building environment using dockerAtagg2015 Continuous delivery by building environment using docker
Atagg2015 Continuous delivery by building environment using dockerAgile Testing Alliance
 
BYOP: Custom Processor Development with Apache NiFi
BYOP: Custom Processor Development with Apache NiFiBYOP: Custom Processor Development with Apache NiFi
BYOP: Custom Processor Development with Apache NiFiDataWorks Summit
 
Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017Mandi Walls
 
Introducing GitLab (September 2018)
Introducing GitLab (September 2018)Introducing GitLab (September 2018)
Introducing GitLab (September 2018)Noa Harel
 
Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018hernanibf
 
Supercharging CI/CD with GitLab and Rancher - June 2017 Online Meetup
Supercharging CI/CD with GitLab and Rancher - June 2017 Online MeetupSupercharging CI/CD with GitLab and Rancher - June 2017 Online Meetup
Supercharging CI/CD with GitLab and Rancher - June 2017 Online MeetupShannon Williams
 
#ATAGTR2019 Presentation "Role of QA in world of DevOps" By Prashant Beniwal
#ATAGTR2019 Presentation "Role of QA in world of DevOps" By Prashant Beniwal#ATAGTR2019 Presentation "Role of QA in world of DevOps" By Prashant Beniwal
#ATAGTR2019 Presentation "Role of QA in world of DevOps" By Prashant BeniwalAgile Testing Alliance
 
A Better, Faster Pipeline for Software Delivery
A Better, Faster Pipeline for Software DeliveryA Better, Faster Pipeline for Software Delivery
A Better, Faster Pipeline for Software DeliveryGene Gotimer
 
DevOpsing Greenfield - AgileDC2018 - Mills - v1.4 2018.10.15
DevOpsing Greenfield - AgileDC2018 - Mills - v1.4 2018.10.15DevOpsing Greenfield - AgileDC2018 - Mills - v1.4 2018.10.15
DevOpsing Greenfield - AgileDC2018 - Mills - v1.4 2018.10.15Rich Mills
 
Tests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be MissingTests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be MissingGene Gotimer
 
Dev ops in the cloud use case and best practices meetup
Dev ops in the cloud use case and best practices meetupDev ops in the cloud use case and best practices meetup
Dev ops in the cloud use case and best practices meetupNitu Parimi
 
Agile Secure Cloud Application Development Management
Agile Secure Cloud Application Development ManagementAgile Secure Cloud Application Development Management
Agile Secure Cloud Application Development ManagementAdam Getchell
 

Similar a Building the Pipeline of My Dreams (20)

A better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the governmentA better faster pipeline for software delivery, even in the government
A better faster pipeline for software delivery, even in the government
 
Agile DevOps Transformation At HUD (AgileDC 2017)
Agile DevOps Transformation At HUD (AgileDC 2017)Agile DevOps Transformation At HUD (AgileDC 2017)
Agile DevOps Transformation At HUD (AgileDC 2017)
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
 
Experiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD ProjectExperiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD Project
 
Emulators as an Emerging Best Practice for API Providers
Emulators as an Emerging Best Practice for API ProvidersEmulators as an Emerging Best Practice for API Providers
Emulators as an Emerging Best Practice for API Providers
 
Code Hosting: The Key to Autonomous, Self-Service Development
Code Hosting: The Key to Autonomous, Self-Service DevelopmentCode Hosting: The Key to Autonomous, Self-Service Development
Code Hosting: The Key to Autonomous, Self-Service Development
 
Atagg2015 Continuous delivery by building environment using docker
Atagg2015 Continuous delivery by building environment using dockerAtagg2015 Continuous delivery by building environment using docker
Atagg2015 Continuous delivery by building environment using docker
 
BYOP: Custom Processor Development with Apache NiFi
BYOP: Custom Processor Development with Apache NiFiBYOP: Custom Processor Development with Apache NiFi
BYOP: Custom Processor Development with Apache NiFi
 
Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017Habitat Workshop at Velocity London 2017
Habitat Workshop at Velocity London 2017
 
Introducing GitLab (September 2018)
Introducing GitLab (September 2018)Introducing GitLab (September 2018)
Introducing GitLab (September 2018)
 
Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018
 
Supercharging CI/CD with GitLab and Rancher - June 2017 Online Meetup
Supercharging CI/CD with GitLab and Rancher - June 2017 Online MeetupSupercharging CI/CD with GitLab and Rancher - June 2017 Online Meetup
Supercharging CI/CD with GitLab and Rancher - June 2017 Online Meetup
 
#ATAGTR2019 Presentation "Role of QA in world of DevOps" By Prashant Beniwal
#ATAGTR2019 Presentation "Role of QA in world of DevOps" By Prashant Beniwal#ATAGTR2019 Presentation "Role of QA in world of DevOps" By Prashant Beniwal
#ATAGTR2019 Presentation "Role of QA in world of DevOps" By Prashant Beniwal
 
A Better, Faster Pipeline for Software Delivery
A Better, Faster Pipeline for Software DeliveryA Better, Faster Pipeline for Software Delivery
A Better, Faster Pipeline for Software Delivery
 
DevOpsing Greenfield - AgileDC2018 - Mills - v1.4 2018.10.15
DevOpsing Greenfield - AgileDC2018 - Mills - v1.4 2018.10.15DevOpsing Greenfield - AgileDC2018 - Mills - v1.4 2018.10.15
DevOpsing Greenfield - AgileDC2018 - Mills - v1.4 2018.10.15
 
Tests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be MissingTests Your Pipeline Might Be Missing
Tests Your Pipeline Might Be Missing
 
Dev ops in the cloud use case and best practices meetup
Dev ops in the cloud use case and best practices meetupDev ops in the cloud use case and best practices meetup
Dev ops in the cloud use case and best practices meetup
 
Agile Secure Cloud Application Development Management
Agile Secure Cloud Application Development ManagementAgile Secure Cloud Application Development Management
Agile Secure Cloud Application Development Management
 
Meetup devops
Meetup devopsMeetup devops
Meetup devops
 

Más de Gene Gotimer

A Developer’s Guide to Kubernetes Security
A Developer’s Guide to Kubernetes SecurityA Developer’s Guide to Kubernetes Security
A Developer’s Guide to Kubernetes SecurityGene Gotimer
 
How I Learned to Stop Worrying and Love Legacy Code
How I Learned to Stop Worrying and Love Legacy CodeHow I Learned to Stop Worrying and Love Legacy Code
How I Learned to Stop Worrying and Love Legacy CodeGene Gotimer
 
Ten Ways To Doom Your DevOps
Ten Ways To Doom Your DevOpsTen Ways To Doom Your DevOps
Ten Ways To Doom Your DevOpsGene Gotimer
 
Keeping Your Kubernetes Cluster Secure
Keeping Your Kubernetes Cluster SecureKeeping Your Kubernetes Cluster Secure
Keeping Your Kubernetes Cluster SecureGene Gotimer
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureGene Gotimer
 
Explain DevOps To Me Like I’m Five: DevOps for Managers
Explain DevOps To Me Like I’m Five: DevOps for ManagersExplain DevOps To Me Like I’m Five: DevOps for Managers
Explain DevOps To Me Like I’m Five: DevOps for ManagersGene Gotimer
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureGene Gotimer
 
Creative Solutions to Already Solved Problems II
Creative Solutions to Already Solved Problems IICreative Solutions to Already Solved Problems II
Creative Solutions to Already Solved Problems IIGene Gotimer
 
Creative Solutions to Already Solved Problems
Creative Solutions to Already Solved ProblemsCreative Solutions to Already Solved Problems
Creative Solutions to Already Solved ProblemsGene Gotimer
 
Get to Green: How to Safely Refactor Legacy Code
Get to Green: How to Safely Refactor Legacy CodeGet to Green: How to Safely Refactor Legacy Code
Get to Green: How to Safely Refactor Legacy CodeGene Gotimer
 
DevOps for Leadership
DevOps for LeadershipDevOps for Leadership
DevOps for LeadershipGene Gotimer
 
Pyramid Discussion: DevOps Adoption in Large, Slow Organizations
Pyramid Discussion: DevOps Adoption in Large, Slow OrganizationsPyramid Discussion: DevOps Adoption in Large, Slow Organizations
Pyramid Discussion: DevOps Adoption in Large, Slow OrganizationsGene Gotimer
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOpsGene Gotimer
 
Open Source Security Tools for the Pipeline
Open Source Security Tools for the PipelineOpen Source Security Tools for the Pipeline
Open Source Security Tools for the PipelineGene Gotimer
 
Which Development Metrics Should I Watch?
Which Development Metrics Should I Watch?Which Development Metrics Should I Watch?
Which Development Metrics Should I Watch?Gene Gotimer
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineGene Gotimer
 
Bringing CD to the DoD
Bringing CD to the DoDBringing CD to the DoD
Bringing CD to the DoDGene Gotimer
 
Tests your pipeline might be missing
Tests your pipeline might be missingTests your pipeline might be missing
Tests your pipeline might be missingGene Gotimer
 
Continuous Delivery in a Legacy Shop - One Step at a Time
Continuous Delivery in a Legacy Shop - One Step at a TimeContinuous Delivery in a Legacy Shop - One Step at a Time
Continuous Delivery in a Legacy Shop - One Step at a TimeGene Gotimer
 
Create Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and PuppetCreate Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and PuppetGene Gotimer
 

Más de Gene Gotimer (20)

A Developer’s Guide to Kubernetes Security
A Developer’s Guide to Kubernetes SecurityA Developer’s Guide to Kubernetes Security
A Developer’s Guide to Kubernetes Security
 
How I Learned to Stop Worrying and Love Legacy Code
How I Learned to Stop Worrying and Love Legacy CodeHow I Learned to Stop Worrying and Love Legacy Code
How I Learned to Stop Worrying and Love Legacy Code
 
Ten Ways To Doom Your DevOps
Ten Ways To Doom Your DevOpsTen Ways To Doom Your DevOps
Ten Ways To Doom Your DevOps
 
Keeping Your Kubernetes Cluster Secure
Keeping Your Kubernetes Cluster SecureKeeping Your Kubernetes Cluster Secure
Keeping Your Kubernetes Cluster Secure
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster Secure
 
Explain DevOps To Me Like I’m Five: DevOps for Managers
Explain DevOps To Me Like I’m Five: DevOps for ManagersExplain DevOps To Me Like I’m Five: DevOps for Managers
Explain DevOps To Me Like I’m Five: DevOps for Managers
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster Secure
 
Creative Solutions to Already Solved Problems II
Creative Solutions to Already Solved Problems IICreative Solutions to Already Solved Problems II
Creative Solutions to Already Solved Problems II
 
Creative Solutions to Already Solved Problems
Creative Solutions to Already Solved ProblemsCreative Solutions to Already Solved Problems
Creative Solutions to Already Solved Problems
 
Get to Green: How to Safely Refactor Legacy Code
Get to Green: How to Safely Refactor Legacy CodeGet to Green: How to Safely Refactor Legacy Code
Get to Green: How to Safely Refactor Legacy Code
 
DevOps for Leadership
DevOps for LeadershipDevOps for Leadership
DevOps for Leadership
 
Pyramid Discussion: DevOps Adoption in Large, Slow Organizations
Pyramid Discussion: DevOps Adoption in Large, Slow OrganizationsPyramid Discussion: DevOps Adoption in Large, Slow Organizations
Pyramid Discussion: DevOps Adoption in Large, Slow Organizations
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOps
 
Open Source Security Tools for the Pipeline
Open Source Security Tools for the PipelineOpen Source Security Tools for the Pipeline
Open Source Security Tools for the Pipeline
 
Which Development Metrics Should I Watch?
Which Development Metrics Should I Watch?Which Development Metrics Should I Watch?
Which Development Metrics Should I Watch?
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
 
Bringing CD to the DoD
Bringing CD to the DoDBringing CD to the DoD
Bringing CD to the DoD
 
Tests your pipeline might be missing
Tests your pipeline might be missingTests your pipeline might be missing
Tests your pipeline might be missing
 
Continuous Delivery in a Legacy Shop - One Step at a Time
Continuous Delivery in a Legacy Shop - One Step at a TimeContinuous Delivery in a Legacy Shop - One Step at a Time
Continuous Delivery in a Legacy Shop - One Step at a Time
 
Create Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and PuppetCreate Disposable Test Environments with Vagrant and Puppet
Create Disposable Test Environments with Vagrant and Puppet
 

Último

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 

Último (20)

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 

Building the Pipeline of My Dreams

  • 1. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 1@CoverosGene #AgileDC Building the Pipeline of My Dreams Gene Gotimer © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED.@CoverosGene #AgileDC
  • 2. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 2@CoverosGene #AgileDC About Coveros • Coveros helps companies accelerate the delivery of secure, reliable software using agile methods • Services • Agile Transformations & Coaching • Agile Software Development • Agile Testing & Automation • DevOps and DevSecOps Implementations • Software Security Assurance & Testing • Agile, DevOps, Test Auto, Security Training • Open Source Products • SecureCI – Secure DevOps toolchain • Selenified – Agile test framework Areas of Expertise
  • 3. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 3@CoverosGene #AgileDC Selected Clients
  • 4. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 4@CoverosGene #AgileDC Delivery Pipeline Process of taking a code change from developers and getting it deployed into production or delivered to the customer automated, manual, or a mix
  • 5. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 5@CoverosGene #AgileDC Tests Your Pipeline Might Be Missing • List of different types of tests to add to your pipeline • Presented as a 10-minute lightning talk at AgileDC 2017 • Also, TestBash Philadelphia 2017 has longer version, full video https://goo.gl/pyuvyL
  • 6. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 6@CoverosGene #AgileDC zap-sonar-plugin • Integrates reports from OWASP ZAP into SonarQube • Written by Steve Springett https://github.com/Coveros/zap-sonar-plugin
  • 7. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 7@CoverosGene #AgileDC Challenges • zap-sonar-plugin is a library • Many of the system-level tests don’t apply • Open-source • Everything must be accessible from the Internet • Nothing private • Anyone should be able to contribute • I’m cheap • No recurring monthly charges, subscriptions • Including VMs • Must be easy • Infrequent use means I’ll forget anything complicated
  • 8. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 8@CoverosGene #AgileDC Source Control • Using GitHub • Was already hosted on GitHub • Would have considered GitLab if I wanted private • Pull requests • Issue tracker • README.md rendering • Wiki
  • 9. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 9@CoverosGene #AgileDC zap-sonar-plugin on GitHub
  • 10. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 10@CoverosGene #AgileDC Branching • Usually I recommend Git Flow • Flexible • Supports most use cases • Merge features to develop • Release from master • Switching to GitHub Flow • Simpler • No develop branch • Pull requests merge to master • Avoids extra merge from develop to master https://guides.github.com/introduction/flow/
  • 11. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 11@CoverosGene #AgileDC Build System • Using Maven • Clear winner for Java • Convention over configuration • Everyone can use it immediately • Excellent dependency management • Lots and lots of plugins • I recommend against Gradle • Not because it is bad • Because most projects don’t need it https://maven.apache.org
  • 12. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 12@CoverosGene #AgileDC Continuous Integration • Usually I recommend Jenkins • Free, open source • Commercial option available • Lots and lots of plugins • De facto standard • Really, so many plugins • Using TravisCI • Free for open source, hosted • Easy GitHub integration, badge https://travis-ci.com
  • 13. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 13@CoverosGene #AgileDC Static Analysis • Usually I recommend SonarQube • Free, open source • Lots of plugins • Many languages supported • De facto standard • Using Codacy • Free for open source • Easy GitHub integration, badge • Also trying Code Climate • More specific on maintainability https://www.codacy.com https://codeclimate.com
  • 14. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 14@CoverosGene #AgileDC Libraries up-to-date • Usually I recommend OWASP Dependency Check • And OWASP Dependency Track • My clients often use Sonatype Nexus Lifecycle • Want to keep all security findings in house • Using Sonatype DepShield • Free for open source • Currently Maven only • npm and Python coming soon https://depshield.github.io
  • 15. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 15@CoverosGene #AgileDC Repeatable, Reliable Deployments • Usually I recommend Chef, Puppet, Docker • Any of them work • Automated deploys are a must have for a pipeline • Using Docker • Not deploying, just for testing • zap-sonar-plugin is built into a SonarQube image https://www.docker.com • dockerfile-maven-plugin from Spotify https://github.com/spotify/dockerfile-maven
  • 16. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 16@CoverosGene #AgileDC Functional Testing • Normally I’d recommend smoke tests after every deploy • To test the deploy • In this case, the smoke tests = functional tests • Load the Docker image • Run Selenium tests • Load known OWASP ZAP report • Make sure expected data is displayed • Not written yet • Lots of excuses, but they just aren’t done https://www.seleniumhq.org
  • 17. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 17@CoverosGene #AgileDC Security Testing • Limited exposed interface • No API to speak of • Relying on • Static analysis • Library scanning • Manual review • But considering security on every change • In case we need to do some real scanning
  • 18. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 18@CoverosGene #AgileDC Performance Testing • Usually I recommend JMeter • Free, open source • Written in Java • Not just for testing Java https://jmeter.apache.org • Not doing any performance tests • Should measure load and parse times • Not currently a concern
  • 19. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 19@CoverosGene #AgileDC Releasing • Release means pushing to Central Repository • maven-release-plugin • To switch from -SNAPSHOT build to release • maven-gpg-plugin • To sign the release with my GPG private key • Cannot easily be automated • nexus-staging-maven-plugin • To push to Central Repository • Also publish library to GitHub releases • Using TravisCI
  • 20. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 20@CoverosGene #AgileDC Future Work • Add Selenium tests • Add a performance baseline • Full automated release
  • 21. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 21@CoverosGene #AgileDC #Coveros5 • Be flexible with tool selection. Fill a role, don’t just use the tool. • Not all pipelines are created equal. Not all projects are the same. • Easy of use is important if you don’t do it often. Automation can be especially helpful. • There are always trade offs. Even when you only answer to yourself
  • 22. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 22@CoverosGene #AgileDC The pipeline is never done A little better is still better. Keep improving.
  • 23. © COPYRIGHT 2018 COVEROS, INC. ALL RIGHTS RESERVED. 23@CoverosGene #AgileDC Questions? Gene Gotimer gene.gotimer@coveros.com @CoverosGene https://github.com/Coveros/zap-sonar-plugin