18. 18
Issue - Review
There are various review points.
Coding Style
Security
Business Logic
It was difficult to analyze the quality of the
source code
It was difficult to do a accurate review of
several lines of code and avoid human error.
19. 19
Solution - Review
Static code analyzer + CI
SonarQube
It allows to find “code style mistake” and “potential types of errors”
It allows to check the result on web browser.
Veracode Static Application Security Testing (SAST)
Security white-box test
It allows to find “potential types of security issue”
It allows to check result on web browser.
21. 21
After improvements
Only one type of code review is required.
Code Style
Security
Business Logic only!
Solved!
It is possible to visually analyze the quality of
code.
SonarQube and Veracode reduce the human error.
23. 23
Issue - Deployment
Release operation took long times.
Each release operations were different every
time.
It was necessary to write and review of release
procedure every time!
24. 24
Solutions - Deployment
Standardization of operation
Write automation scripts
– For checkout
– For build
– For deploy
28. 28
Issue - Monitoring
Multiples servers must be checked (web, api,
DB…).
It is required to log on in each server to obtain
the log files.
Each log must be analyzed.
Alert Driven Analyze
– Automatic mechanism to analyze the alert messages.
30. 30
Monitoring - Solutions
Zabbix
System status monitoring
Applications monitoring
Oracle Enterprise Manager
Middleware status monitoring
Flight Recorder
To obtain Java VM detailed logs
To obtain Weblogic detailed logs
31. 31
Simple monitoring
Web API-X API-Z
Deep Inspection
JVM
Middleware
Flight Recorder
Systems and Applications
Zabbix
Enterprise Manager
32. 32
After improvements
Centralized monitoring systems.
No need to logon in production servers every time.
– It is possible to access the logs from one access point.
Predict Driven Analyze
– Allows to predict the problem based on detailed log and system
status analysis.
It facilitates and increases the agility to solve the problem.
It added the ability to receive various information before the
occurrence of the problem.
36. 36
Summary
We did the following improvement to gain more
quality and agility.
We increased the automation, visualization
and analysis of our daily operation