Abstract image of a woman sitting on books and studying on a laptop

The computer says no v2

Download as PPTX, PDF
M
Matteo Emili

The document discusses the importance of software quality within the DevOps framework, emphasizing that quality should be integrated at every step of the development process through automation, tools, and best practices. It outlines various industry standards and methods for measuring code quality, including the use of tools like SonarQube and Checkmarx. The author stresses that successful integration of these tools into CI/CD platforms is crucial to avoid friction and enhance code quality.

Social Media
Related topics:
Azure DevOps Essentials
1 of 24
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
The computer says no! Software quality in the DevOps world Matteo Emili Microsoft MVP – Azure DevOps matteo.emili@live.com https://mattvsts.github.io || http://twitter.com/MattVSTS
“My code is perfect fine!” Yeah… about that.
“But it works!” It might, but how?
DevOps is built on top of the concept of quality Even the best craftsmen need a helping hand.
Automation is king You need maximum automation to get the most value
Quality needs to be anywhere Every step of the way has key areas for quality improvement
‘Quality’ or ‘Code Quality’? Two different things indeed…
Industry standards Halstead complexity measures Cyclomatic complexity Maintainability index CERT Secure Coding Standards CWE List … Team-specific choices Documentation standards Style rules Patterns re-use Code Coverage Churn rate … Let’s define code quality first
Industry standards are… …standards. They have been around for a long time.
Matteo Emili • Born in 1990 Industry standards • Cyclomatic complexity (1976) • Halstead complexity measures (1977) • Software Structure Metrics (1981) • ISO/IEC 9126 Product Quality (1991) • … Some of them, older than me!
Team choices are varied Plenty of non-technical factors to consider
How about quality? Quality is all about applying process and practices to ensure the final outcome matches the expectations
Use tools and automation Quality is all about applying process and practices to ensure the final outcome matches the expectations
Tools A modern version control system CI server Scripts or extensions for your CI server Code quality scanner Security Vulnerability analysis tools Practices Peer reviews Bug bashes, dedicated spikes Test-driven Development More testing Secure Development Lifecycle Reaching the quality bar
There is only one pre- requisite for any tool It’s the only rule of modern Software Engineering
Tools must be integrated in the CI/CD platform of choice Doing otherwise creates unnecessary friction, leading to non-adoption
Now, tools… What do you actually need to increase the quality of your code?
Measure (with context) What are you dealing with?
Metric or discipline Engineering quality Direct security risk Dependency-induced risk Pre-emptive infrastructure analysis Recommended tools SonarQube, Kiuwan, … Checkmarx, BinSkim, Fortify, … WhiteSource AzSK, Azure Scanner, … What and how to measure?
Let’s take a look! Our guinea pig: PartsUnlimited https://github.com/microsoft/PartsUnlimited
Each tool should be applied at different stages You don’t want a 30 seconds build to become an hour long…
What? Engineering quality Direct security risk Dependency-induced risk Pre-emptive infrastructure analysis When? CI build (main branches and PRs) Ad-hoc for master, develop branches All builds After DTL, before UAT Examples of When to do what?
Is it DevSecOps? It might be (definitions vary), but it is just common sense
Thanks!

More Related Content

PPTX
The computer says no! Software Quality in the DevOps world
Matteo Emili
 
PDF
A Successful SAST Tool Implementation
Checkmarx
 
PPTX
Open Source Libraries - Managing Risk in Cloud
Suman Sourav
 
PPTX
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
Suman Sourav
 
PDF
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Stefan Streichsbier
 
PPTX
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
PPTX
How not to fall into the DevSecOps trap
Matteo Emili
 
PPTX
Building a high quality+ products with SCA
Suman Sourav
 
The computer says no! Software Quality in the DevOps world
Matteo Emili
 
A Successful SAST Tool Implementation
Checkmarx
 
Open Source Libraries - Managing Risk in Cloud
Suman Sourav
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
Suman Sourav
 
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Stefan Streichsbier
 
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
How not to fall into the DevSecOps trap
Matteo Emili
 
Building a high quality+ products with SCA
Suman Sourav
 

What's hot (20)

PDF
AppSec How-To: Achieving Security in DevOps
Checkmarx
 
PPTX
Turning security into code by Jeff Williams
DevSecCon
 
PPTX
Product Security
Steven Carlson
 
PDF
Vulnerabilities are bugs, Let's Test For Them!
VAddy
 
PDF
Manual Code Review
n|u - The Open Security Community
 
PPTX
Continuous and Visible Security Testing with BDD-Security
Stephen de Vries
 
PPTX
Rapid software testing and conformance with static code analysis
Rogue Wave Software
 
PPTX
Automating security tests for Continuous Integration
Stephen de Vries
 
PPTX
Static analysis tools as the best friend of QA
Mikalai Alimenkou
 
PPTX
Matt carroll - "Security patching system packages is fun" said no-one ever
DevSecCon
 
PDF
Unit testing and code review
Pavel Grushetzky
 
PDF
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon
 
PDF
Integrating DevOps and Security
Stijn Muylle
 
PDF
Scale security for a dollar or less
Mohammed A. Imran
 
PPTX
Lessons learned from Detroit to Deming by Derek Weeks
DevSecCon
 
PPTX
Test parallelization using Jenkins
Rogue Wave Software
 
PDF
Better Security Testing: Using the Cloud and Continuous Delivery
Gene Gotimer
 
PPTX
Topic production code
Kavi Kumar
 
PDF
DevSecOps - The big picture
DevSecOpsSg
 
PPTX
Agile and Secure SDLC
Nazar Tymoshyk, CEH, Ph.D.
 
AppSec How-To: Achieving Security in DevOps
Checkmarx
 
Turning security into code by Jeff Williams
DevSecCon
 
Product Security
Steven Carlson
 
Vulnerabilities are bugs, Let's Test For Them!
VAddy
 
Manual Code Review
n|u - The Open Security Community
 
Continuous and Visible Security Testing with BDD-Security
Stephen de Vries
 
Rapid software testing and conformance with static code analysis
Rogue Wave Software
 
Automating security tests for Continuous Integration
Stephen de Vries
 
Static analysis tools as the best friend of QA
Mikalai Alimenkou
 
Matt carroll - "Security patching system packages is fun" said no-one ever
DevSecCon
 
Unit testing and code review
Pavel Grushetzky
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon
 
Integrating DevOps and Security
Stijn Muylle
 
Scale security for a dollar or less
Mohammed A. Imran
 
Lessons learned from Detroit to Deming by Derek Weeks
DevSecCon
 
Test parallelization using Jenkins
Rogue Wave Software
 
Better Security Testing: Using the Cloud and Continuous Delivery
Gene Gotimer
 
Topic production code
Kavi Kumar
 
DevSecOps - The big picture
DevSecOpsSg
 
Agile and Secure SDLC
Nazar Tymoshyk, CEH, Ph.D.
 
Ad

Similar to The computer says no v2 (20)

PDF
Handbook of Software Quality Assurance 4th ed Edition G. Gordon Schulmeyer
clhcruvc5821
 
PDF
Handbook of Software Quality Assurance 4th ed Edition G. Gordon Schulmeyer
hdmlokugy0224
 
PDF
Handbook of Software Quality Assurance 4th ed Edition G. Gordon Schulmeyer
piucynx4004
 
PDF
Software Quality without Testing
Nagarro
 
PDF
Handbook of Software Quality Assurance 4th ed Edition G. Gordon Schulmeyer
roszakvincel
 
PDF
Handbook of Software Quality Assurance 4th ed Edition G. Gordon Schulmeyer
bedimakan
 
PPTX
Software Quality for Developers
Maira Bay de Souza
 
PPTX
Improving software quality for the future of connected vehicles
Devon Bleibtrey
 
PDF
Agile Gurugram 2019 Conferecne | A "Quality" Debate - Rethinking the mindset ...
AgileNetwork
 
PDF
Repeating the "Quality Debate" @ Agile Gurugram 2019 Conference
Vishal Prasad
 
PDF
Handbook of Software Quality Assurance 4th ed Edition G. Gordon Schulmeyer
kjetilgkelia
 
PDF
Software Engineering Culture - Improve Code Quality
Dmytro Patserkovskyi
 
PPTX
Testing-and-Quality-Assurance-in-Software-Development
Ozias Rondon
 
PDF
Improving Code Quality 1st Edition Yiannis Kanellopoulos & Tim Walker
gioulicikic
 
PPTX
Enforcing Quality with DevOps Pipeline Gates
Michael King
 
PPTX
Scaling r&d org while maintaining quality
Aviran Mordo
 
PDF
Improving Code Quality 1st Edition Yiannis Kanellopoulos & Tim Walker
gdkfcoah224
 
PDF
Improving Code Quality 1st Edition Yiannis Kanellopoulos & Tim Walker
akqkndjhb629
 
PDF
End-to-End Quality Approach: 14 Levels of Testing
Josiah Renaudin
 
PDF
A Guide to Software Quality Engineering 1st Edition Pargaonkar Shravan
edgelcrans47
 
Handbook of Software Quality Assurance 4th ed Edition G. Gordon Schulmeyer
clhcruvc5821
 
Handbook of Software Quality Assurance 4th ed Edition G. Gordon Schulmeyer
hdmlokugy0224
 
Handbook of Software Quality Assurance 4th ed Edition G. Gordon Schulmeyer
piucynx4004
 
Software Quality without Testing
Nagarro
 
Handbook of Software Quality Assurance 4th ed Edition G. Gordon Schulmeyer
roszakvincel
 
Handbook of Software Quality Assurance 4th ed Edition G. Gordon Schulmeyer
bedimakan
 
Software Quality for Developers
Maira Bay de Souza
 
Improving software quality for the future of connected vehicles
Devon Bleibtrey
 
Agile Gurugram 2019 Conferecne | A "Quality" Debate - Rethinking the mindset ...
AgileNetwork
 
Repeating the "Quality Debate" @ Agile Gurugram 2019 Conference
Vishal Prasad
 
Handbook of Software Quality Assurance 4th ed Edition G. Gordon Schulmeyer
kjetilgkelia
 
Software Engineering Culture - Improve Code Quality
Dmytro Patserkovskyi
 
Testing-and-Quality-Assurance-in-Software-Development
Ozias Rondon
 
Improving Code Quality 1st Edition Yiannis Kanellopoulos & Tim Walker
gioulicikic
 
Enforcing Quality with DevOps Pipeline Gates
Michael King
 
Scaling r&d org while maintaining quality
Aviran Mordo
 
Improving Code Quality 1st Edition Yiannis Kanellopoulos & Tim Walker
gdkfcoah224
 
Improving Code Quality 1st Edition Yiannis Kanellopoulos & Tim Walker
akqkndjhb629
 
End-to-End Quality Approach: 14 Levels of Testing
Josiah Renaudin
 
A Guide to Software Quality Engineering 1st Edition Pargaonkar Shravan
edgelcrans47
 
Ad

More from Matteo Emili (20)

PPTX
Transforming the impossible
Matteo Emili
 
PPTX
É ora di passare a Pipeline as code
Matteo Emili
 
PPTX
Il computer dice no!
Matteo Emili
 
PPTX
A selection of short stories where Azure DevOps saved the bacon
Matteo Emili
 
PPTX
Strategie di migrazione da Team Foundation Server ad Azure DevOps Services
Matteo Emili
 
PPTX
What did i learn trying to migrate teams from legacy to modern?
Matteo Emili
 
PPTX
Cosa ho imparato trasformando software factory?
Matteo Emili
 
PPTX
PowerShell and Azure DevOps
Matteo Emili
 
PPTX
Am i doing deployments right v2
Matteo Emili
 
PPTX
Am i doing deployments right?
Matteo Emili
 
PPTX
How telemetry can be your best friend
Matteo Emili
 
PPTX
Containers jumpstart from a DevOps perspective
Matteo Emili
 
PPTX
Far scalare la Continuous Delivery per il middle management
Matteo Emili
 
PPTX
Development and QA dilemmas in DevOps
Matteo Emili
 
PPTX
Tools and practices to use in a Continuous Delivery pipeline
Matteo Emili
 
PPTX
Uno sguardo a Team Foundation Server 2017
Matteo Emili
 
PPTX
A year of SonarQube and TFS/VSTS
Matteo Emili
 
PPTX
Packages as the first choice when deploying - how?
Matteo Emili
 
PPTX
Hybrid DevOps Stack
Matteo Emili
 
PPTX
Make Continuous Delivery work for middle management
Matteo Emili
 
Transforming the impossible
Matteo Emili
 
É ora di passare a Pipeline as code
Matteo Emili
 
Il computer dice no!
Matteo Emili
 
A selection of short stories where Azure DevOps saved the bacon
Matteo Emili
 
Strategie di migrazione da Team Foundation Server ad Azure DevOps Services
Matteo Emili
 
What did i learn trying to migrate teams from legacy to modern?
Matteo Emili
 
Cosa ho imparato trasformando software factory?
Matteo Emili
 
PowerShell and Azure DevOps
Matteo Emili
 
Am i doing deployments right v2
Matteo Emili
 
Am i doing deployments right?
Matteo Emili
 
How telemetry can be your best friend
Matteo Emili
 
Containers jumpstart from a DevOps perspective
Matteo Emili
 
Far scalare la Continuous Delivery per il middle management
Matteo Emili
 
Development and QA dilemmas in DevOps
Matteo Emili
 
Tools and practices to use in a Continuous Delivery pipeline
Matteo Emili
 
Uno sguardo a Team Foundation Server 2017
Matteo Emili
 
A year of SonarQube and TFS/VSTS
Matteo Emili
 
Packages as the first choice when deploying - how?
Matteo Emili
 
Hybrid DevOps Stack
Matteo Emili
 
Make Continuous Delivery work for middle management
Matteo Emili
 

Recently uploaded (20)

PDF
Delhi evenings are unforgettable when you call stylish girls
yukishara652
 
PPTX
Lesson 1- PROF ELECT II tourismmmmmmmmmm
julieanngganzon
 
PPTX
ppt geometri ruang sisi datar micro baru
fransiskarindong82
 
PDF
The Evolution of Excellence - Mobile App Development Companies in Austin.pdf
Mike Brown
 
PDF
People in Delhi call cheerful girls for celebrations
yukishara652
 
PDF
Unlock Success with the Best Digital Marketing Services
Amrit Web
 
PDF
What is TikTok Cyberbullying? 15 Smart Ways to Prevent It
Ufki
 
PDF
Mastering the Digital Game: Marketing That Converts"
manjotsingh00065
 
PDF
From Viral to Vanishing_ How to Maintain Momentum on TikTok
Ufki
 
PDF
AI-Driven Social Media Marketing | Top Social Media Marketing Agency & Strate...
Vemio Advertising Services
 
PPTX
MP3jam 1.1.6.14 Crack Free Download Latest
umnazadiwe
 
PPTX
Unlock Your Business’s Full Online Potential
Nethra A M
 
PPTX
Power BI DAX Formulas and fast easy technical learning
sunil715467
 
PPTX
Download NTLite 2025.06.10473 Crack Free
viwgsqtub
 
PPTX
Best Web Development Company in Lucknow.pptx
learningstudio62
 
PPTX
GridinSoft Anti-Malware 4.3.31 Crack & Activation Code
nawalkhan4536
 
PPTX
Illuminati free in Uganda +256787776712,0741715666
samuelrich256
 
PPTX
EXPOSICION DE INGLES LENGUA EXTRANJERA.pptx
joserobertodelaoisid
 
PDF
IDM UltraCompare Professional 24.1.0.5 Crack
manafveer
 
PPTX
Promote Your Business Through Facebook Ads
Amrit Web
 
Delhi evenings are unforgettable when you call stylish girls
yukishara652
 
Lesson 1- PROF ELECT II tourismmmmmmmmmm
julieanngganzon
 
ppt geometri ruang sisi datar micro baru
fransiskarindong82
 
The Evolution of Excellence - Mobile App Development Companies in Austin.pdf
Mike Brown
 
People in Delhi call cheerful girls for celebrations
yukishara652
 
Unlock Success with the Best Digital Marketing Services
Amrit Web
 
What is TikTok Cyberbullying? 15 Smart Ways to Prevent It
Ufki
 
Mastering the Digital Game: Marketing That Converts"
manjotsingh00065
 
From Viral to Vanishing_ How to Maintain Momentum on TikTok
Ufki
 
AI-Driven Social Media Marketing | Top Social Media Marketing Agency & Strate...
Vemio Advertising Services
 
MP3jam 1.1.6.14 Crack Free Download Latest
umnazadiwe
 
Unlock Your Business’s Full Online Potential
Nethra A M
 
Power BI DAX Formulas and fast easy technical learning
sunil715467
 
Download NTLite 2025.06.10473 Crack Free
viwgsqtub
 
Best Web Development Company in Lucknow.pptx
learningstudio62
 
GridinSoft Anti-Malware 4.3.31 Crack & Activation Code
nawalkhan4536
 
Illuminati free in Uganda +256787776712,0741715666
samuelrich256
 
EXPOSICION DE INGLES LENGUA EXTRANJERA.pptx
joserobertodelaoisid
 
IDM UltraCompare Professional 24.1.0.5 Crack
manafveer
 
Promote Your Business Through Facebook Ads
Amrit Web
 

The computer says no v2

  • 1. The computer says no! Software quality in the DevOps world Matteo Emili Microsoft MVP – Azure DevOps [email protected] https://mattvsts.github.io || http://twitter.com/MattVSTS
  • 2. “My code is perfect fine!” Yeah… about that.
  • 3. “But it works!” It might, but how?
  • 4. DevOps is built on top of the concept of quality Even the best craftsmen need a helping hand.
  • 5. Automation is king You need maximum automation to get the most value
  • 6. Quality needs to be anywhere Every step of the way has key areas for quality improvement
  • 7. ‘Quality’ or ‘Code Quality’? Two different things indeed…
  • 8. Industry standards Halstead complexity measures Cyclomatic complexity Maintainability index CERT Secure Coding Standards CWE List … Team-specific choices Documentation standards Style rules Patterns re-use Code Coverage Churn rate … Let’s define code quality first
  • 9. Industry standards are… …standards. They have been around for a long time.
  • 10. Matteo Emili • Born in 1990 Industry standards • Cyclomatic complexity (1976) • Halstead complexity measures (1977) • Software Structure Metrics (1981) • ISO/IEC 9126 Product Quality (1991) • … Some of them, older than me!
  • 11. Team choices are varied Plenty of non-technical factors to consider
  • 12. How about quality? Quality is all about applying process and practices to ensure the final outcome matches the expectations
  • 13. Use tools and automation Quality is all about applying process and practices to ensure the final outcome matches the expectations
  • 14. Tools A modern version control system CI server Scripts or extensions for your CI server Code quality scanner Security Vulnerability analysis tools Practices Peer reviews Bug bashes, dedicated spikes Test-driven Development More testing Secure Development Lifecycle Reaching the quality bar
  • 15. There is only one pre- requisite for any tool It’s the only rule of modern Software Engineering
  • 16. Tools must be integrated in the CI/CD platform of choice Doing otherwise creates unnecessary friction, leading to non-adoption
  • 17. Now, tools… What do you actually need to increase the quality of your code?
  • 18. Measure (with context) What are you dealing with?
  • 19. Metric or discipline Engineering quality Direct security risk Dependency-induced risk Pre-emptive infrastructure analysis Recommended tools SonarQube, Kiuwan, … Checkmarx, BinSkim, Fortify, … WhiteSource AzSK, Azure Scanner, … What and how to measure?
  • 20. Let’s take a look! Our guinea pig: PartsUnlimited https://github.com/microsoft/PartsUnlimited
  • 21. Each tool should be applied at different stages You don’t want a 30 seconds build to become an hour long…
  • 22. What? Engineering quality Direct security risk Dependency-induced risk Pre-emptive infrastructure analysis When? CI build (main branches and PRs) Ad-hoc for master, develop branches All builds After DTL, before UAT Examples of When to do what?
  • 23. Is it DevSecOps? It might be (definitions vary), but it is just common sense