SlideShare a Scribd company logo

Shift Left with Continuous Inspection

Serena Software
Serena Software

FUG Dimensions CM Presentation (Shift Left with Continuous Inspection)

Technology
1 of 58
Download to read offline
1 FUG2016Copyright © Serena Software 2016 WE OWN IT! Shift Left with Continuous Inspection Don Irvine Vice President ALM Products
2 FUG2016
3 FUG2016 How Many Bugs Are Too Many? “Industry Average: about 15 – 50 errors per 1,000 lines of delivered code” Source: Code Complete by Steve McConnell
4 FUG2016 Quality is Expensive
5 FUG2016 But Getting Quality Wrong is Costly Too!
6 FUG2016 But Getting Quality Wrong is Costly Too!
7 FUG2016 But Getting Quality Wrong is Costly Too!
8 FUG2016 Cheaper to Fix Bugs Early Shift Left
9 FUG2016 What to Invest in to Shift Left?
10 FUG2016 Five Simple Steps to Shift Left
11 FUG2016 #1 Build every change Five Simple Steps to Shift Left Detect broken builds early
12 FUG2016 #2 Code review every change Code Inspection often more than 65% efficient at defecting defects (Capers-Jones) Five Simple Steps to Shift Left
13 FUG2016 #3 Use a static analysis tool regularly Static Analysis combined with peer review can detect up to 95% of bugs (Capers-Jones) Five Simple Steps to Shift Left
14 FUG2016 #4 Be aware of third-party components and their vulnerabilities Five Simple Steps to Shift Left In a security analysis across 5,300 applications, Veracode also found and confirmed that an average application has 24 known security vulnerabilities associated with open source and third-party components (State of the Software Supply Chain Report)
15 FUG2016 #5 Provide visibility of all changes and their health Five simple steps to Shift Left
16 FUG2016 1. Build every change 2. Code review every change 3. Use a static analysis tool regularly 4. Be aware of third-party components and their vulnerabilities 5. Provide visibility of all changes and their health Five Simple Steps to Shift Left
17 FUG2016 Serena’s
18 FUG2016 Change Build Static Analysis Security Scan Peer Review Visibility Continuous Inspection The process of putting software code changes through a series of expert inspections to rapidly identify and respond to coding issues, improving quality and reducing costs
19 FUG2016 Continuous Inspection Key Capabilities • Extensible plug-in architecture • Schedule & inspect code changes • Report findings & vulnerabilities • Supports DevOps “Shift-Left” • Aggregated KPI Metrics Value Benefits • Display results in code review • Real-time developer feedback • Reduce coding risks & issues • Monitor code health & quality • Speed release readiness "Given enough eyeballs, all bugs are shallow." The Cathedral and the Bazar —Eric Raymond
20 FUG2016 Changeset Graph and Change Health Key Capabilities • Visualize branch dependencies • Navigation of change history • Visual approach to merging • Integrated with CI Value Benefits • Insight into release readiness • Change timeline visibility • Complexity of merging
21 FUG2016 Integrated Peer Review Key Capabilities • Collaborative web based peer review • Linked to Continuous Inspection • Configurable process • Full audit trail • Tightly integrated into Dimensions Value Benefits • Improved code quality • Find 70-90% of all defects earlier • Cost reduction • Save up to 30% of re-work hours • Developer productivity • Up to 25% improvement in coding
22 FUG2016 Automatic Detection of Known Vulnerabilities Key Capabilities • Built in vulnerability scanner • Works with public OWASP project • Checks NVD security issues with delivered components • Scan on regularly or on every checkin Value Benefits • Provides full report of your components and their vulnerabilities • Know when vulnerabilities are reported in your third-party components
23 FUG2016 Work Item Management (due in May) Key Capabilities • Backlog management, Kanban, burn-down and reporting • Development focused • Planning of CM requests • Management of teams • Integrated with SBM, RM and Jira Value Benefits • Visualize and plan work within CM • Track progress, identify bottlenecks • Manage movement of work between backlogs in other tools • Integrates with the full CM lifecycle
24 FUG2016 Demo
25 FUG2016 1. Build every change 2. Code review every change 3. Use a static analysis tool regularly 4. Be aware of third-party components and their vulnerabilities 5. Provide visibility of all changes and their health The Corridor Test…
26 FUG2016 Thank You Don Irvine dirvine@serena.com
27 FUG2016Copyright © Serena Software 2016 WE OWN IT! Julian Fish Director of Products Serena Software Move Fast Without Breaking Things DevOps, Continuous Delivery and Multi-Speed IT Delivery in Regulated Environments
28 FUG2016
29 FUG2016 Need to drive competitive advantage and respond to market needs Adoption of Agile practices have increased the speed of engineering delivery Still ruled by a SLA’s, stability and an inherent resistance to change BUSINESS DEVELOPMENT OPERATIONS Move Fast Without Breaking Things COMPLIANCE (CONTROL)AGILITY (SPEED)
30 FUG2016 “Who has an Agile Transformation Project / Program in place currently?” Define Develop Construct Deploy Verify
31 FUG2016 “Who has a DevOps Transformation Project / Program in place currently?”Development Teams “Shift Right” Dev Test UAT Prod Operations Teams “Shift Left”
32 FUG2016 “Who has a defined goal / objective for these programs in place?”
33 FUG2016 “What is DevOps?”
34 FUG2016 DevOps – NOT just Release or Infrastructure Management Image: IT Revolution
35 FUG2016 “Devops good news! Devops is 100% peoples and culture so you not have of understand functional programming!” DevOps? © 2013 @DevOpsBorat
36 FUG2016 DevOps, Continuous Delivery and Multi-Speed IT DevOps tries to align goals between Development and Operations Continuous Delivery ensures software is always production ready and releases are tied to business needs and not operational constraints Multi-Speed IT understands that there isn’t a simple ‘CD or non-CD’ approach but a collection of approaches and speeds that IT can use to release software
37 FUG2016 DevOps… Automation? Infrastructure as code? Continuous Delivery (CD)? Infrastructure Automation? Continuous Integration (CI)? “A movement to address the gap between Dev and Ops” What is DevOps? “82% of high performing companies automate their code deployments”
38 FUG2016 DevOps / CD Benefits for Regulated Industries Reduced risk by implementing frequent, smaller changes Developers have better understanding of development, test and production infrastructure Operations gain application-centric understanding Simplified end to end IT processes inclusive of Audit and Compliance requirements Supportive of Application Automation = Increased collaboration between Dev and Ops / Lower Risk / Faster Time to Value Ops QADev DevOps
39 FUG2016 End to End Domain Interaction – The Sum of the Parts Continuous Delivery Source Code Management BUILD / CI Deployment / Test Automation Formal Release Containers Virtual Infrastructure Physical Infrastructure Cloud Infrastructure Enterprise Change Management Dev Test UAT Prod APM IT Service Management & DML Agile Planning Requirements Management Project Portfolio Management Enterprise Release Management Is this DevOps? Is this DevOps?Is THIS DevOps?
40 FUG2016 Identifying the Challenges in Federal / Regulated Industries One size fits all approach won’t work for traditional Federal organizations Legacy, Transitional and Innovative Applications must co-exist Organizational Framework based approach with multiple ”Flavors” of implementation Multiple Contract teams own areas of the End to End process, adding complexity SPOC and ownership is difficult to find – what is the sponsor trying to achieve Startup “Application is the Business” doesn’t apply
41 FUG2016 “More than 95% of IT operations organizations lack a centralized release management process” “Through 2016, a lack of effective release management will contribute up to 80% of production incidents in large organizations with complex IT services” “82% of high performing companies automate their code deployments”
42 FUG2016 Bi-Modal vs Multi-Modal IT “By 2017, 75% of IT organizations will have a bimodal capability”* “95% of Large Enterprises require multi-modal capabilities. Type 1 & Type 2 becomes Type 1 - 5”
43 FUG2016 “By 2017, 75% of IT organizations will have a bimodal capability”* Systems of Innovation Systems of Differentiation Systems of Record Mode 1 Reliability Waterfall, V-Model IT-centric Release in Months/Years Mode 2 Agility Agile, Kanban Business-centric Release in Days/Weeks Dependencies Governance Change *Gartner predictions, 2014
44 FUG2016 Systems of Innovation Systems of Differentiation Systems of Record App 1 Traditional Waterfall, V-Model IT-centric Release in Months/Years App 2 Agile Agile, Kanban Business-centric Release in Days/Weeks Governance Change App 3 Transitional Scrum fall Product-centric Release in Weeks/Months Serena Provides Multi-Modal IT Support Dependencies Application Deployment speed determined by Application Architecture, Application Type and Compliance requirements
45 FUG2016 Shift Left vs. Shift Right Development Teams “Shift Right” Dev Test UAT Prod Operations Teams “Shift Left” Measured Functional Competence (High – Low)Key:
46 FUG2016 46 Where to Start? • What matters to the business? • How do we Define and measure success • Look to Eliminate waste • Incremental changes/quick wins • Focus on continuous improvement • Implement Process and Technology Simultaneously • Automate Everything
47 FUG2016 How Responsive are you to the Business? • How do you measure success? • Average cycle time for moving a business request from Development to Production? • Number of business requests implements this week, month, year? • Cost of moving a unit of change through your application lifecycle? • Percentage of a release focused on technical debt? • Develop metrics to support what matters to the business
48 FUG2016 inetOrgPerson inetOrgPerson Secured Repository Common Build Process Secured build processes ensures audit compliance and artifact traceability. Secured artifact repository provides common source for artifact deployment. Continuous Integration & Standard Build Frameworks
49 FUG2016 49 Automate Almost Everything • People should not move the “bits” • Automate code and configuration deployments with a single set of deployment processes across all environments • All pre-prod deployments should be rehearsals for the final deploy into prod • Quick incremental wins with big impact
50 FUG2016 Developer Commits Code Test Automation Validates Code Operations Releases Code DEV TEST PROD Process Artifacts Build Initiated Centralized Release Management Process and Path to Production
51 FUG2016 51 Standardize the Release Process Streamline and accelerate the release lifecycle • Single system of record for release planning and execution – Schedules – Milestones – Gates and Approvals • Automatic cycle-time capture • Ensure audit trails for compliance and learning
52 FUG2016 Process and Technology work together Release Control Release Train Release Package Tasks Integration Framework / Service Layer / Widgets SDA DIM CM ZMF EROOTHER RELEASE PROCESS ARTIFACT MANAGEMENT
53 FUG2016 Identify Teams for Continuous Delivery vs. Release Management Continuous Delivery Enterprise Release Management Dev Source Code Management BUILD / CI Deployment / Test Automation Test UAT Prod Formal Release Containers Virtual Infrastructure Physical InfrastructureCloud Infrastructure Infrastructure as Code Enterprise Change Management APM IT Service Management
54 FUG2016 Release Control Object Overview Release Package Dev Test UAT Prod Request Release Train Deployment Path Release Package Release Package Release Package Deploy UnitDeploy Task Dev Test UAT Prod Request Deployment Path Deploy Unit Deploy Task Dev Test UAT Prod Request Deployment Path Deploy Unit Deploy Task Integration Framework Integration Framework
55 FUG2016 Package level control and visibility Dev Test UAT Prod Request Deployment Path Deploy UnitDeploy Task Release Package Integration to Serena and 3rd party artifact management / source code solutions (Dimensions CM, ChangeMan ZMF, Serena Deployment Automation, Artifactory, TFS, Jenkins, IBM, CA etc.) Integration to Serena and 3rd party request / ticketing systems (Dimensions CM, SBM, Rally, Jira, Version One, Bugzilla etc.) Defines the activities to deploy / implement the Package via integrations to Serena and 3rd party tools (Dimensions CM, ChangeMan ZMF, Serena Deployment Automation, CA Nolio, IBM uDeploy, XebiaLabs, Manual Steps etc.) Integration Framework Package Deployed via configurable deployment paths
56 FUG2016 Enterprise Deployment Pipelines Key Capabilities • Create, manage and automate deployment pipelines • Enforce environment sequencing and auto promote • Full stack automation with new plug-ins: • Chef, Puppet, Jenkins workflow • Docker, Bamboo, Openstack and more Benefits • Supports Dev / Test Churn with Managed Stage & Production Releases • Improves quality with a single repeatable deployment process • Reduces cycle time • Provides end-to-end traceability for compliance and audit
57 FUG2016 Continuous Delivery Maturity Model for Enterprises REPEATABLE BUILD CONTINUOUS INTEGRATION AUTOMATED APPLICATION AND INFRASTRUCTURE DEPLOYMENTS TEST AUTOMATION ENTERPRISE CONTINUOUS DELIVERY Standard Build processes across all development and SCM tools. Daily / nightly builds exist utilizing secured SDLC CI Build processes build deliverables upon code commit and invoke automated unit tests Target integrated Application and Infrastructure Deployments (provisioning on demand – Cloud, Virtual or Physical for app deployments) Fully Automated Test Suites allowing entire application to be Tested without user intervention End to End Build, Test and Deployment Capabilities
58 FUG2016 “Full Stack” Provisioning APPLICATION CONFIGURATION APPLICATION DEPLOYMENT CONFIGURED APPLICATION STACK VM VM VM OS PROVISIONINGPROVISIOINGORDER OS CONFIGURATION BARE METAL / CLOUD STORAGE • Infrastructure / Cloud / Virtual Provisioning • Application Architecture Deployment • Application Configuration • Build Up &Tear Down Capabilities Essential Steps for Enterprise Continuous Delivery

Recommended

Dimensions RM: Agile Requirements Management
Dimensions RM: Agile Requirements ManagementDimensions RM: Agile Requirements Management
Dimensions RM: Agile Requirements Management
Serena Software
 
Automation and Release in Federal
Automation and Release in FederalAutomation and Release in Federal
Automation and Release in Federal
Serena Software
 
Serena Business Manager Visualizing 2016
Serena Business Manager Visualizing 2016Serena Business Manager Visualizing 2016
Serena Business Manager Visualizing 2016
Serena Software
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and Deploy
Serena Software
 
Software Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous InspectionSoftware Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous Inspection
Josh Gough
 
FUG Agile software engineering practices
FUG Agile software engineering practicesFUG Agile software engineering practices
FUG Agile software engineering practices
Serena Software
 
Centralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMCentralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CM
Serena Software
 
SBM Orchestrations - Beginners Guide (FUG Presentation)
SBM Orchestrations - Beginners Guide (FUG Presentation)SBM Orchestrations - Beginners Guide (FUG Presentation)
SBM Orchestrations - Beginners Guide (FUG Presentation)
Serena Software
 

Recommended

Dimensions RM: Agile Requirements Management
Dimensions RM: Agile Requirements ManagementDimensions RM: Agile Requirements Management
Dimensions RM: Agile Requirements Management
Serena Software
 
Automation and Release in Federal
Automation and Release in FederalAutomation and Release in Federal
Automation and Release in Federal
Serena Software
 
Serena Business Manager Visualizing 2016
Serena Business Manager Visualizing 2016Serena Business Manager Visualizing 2016
Serena Business Manager Visualizing 2016
Serena Software
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and Deploy
Serena Software
 
Software Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous InspectionSoftware Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous Inspection
Josh Gough
 
FUG Agile software engineering practices
FUG Agile software engineering practicesFUG Agile software engineering practices
FUG Agile software engineering practices
Serena Software
 
Centralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CMCentralized Secure Vault with Dimensions CM
Centralized Secure Vault with Dimensions CM
Serena Software
 
SBM Orchestrations - Beginners Guide (FUG Presentation)
SBM Orchestrations - Beginners Guide (FUG Presentation)SBM Orchestrations - Beginners Guide (FUG Presentation)
SBM Orchestrations - Beginners Guide (FUG Presentation)
Serena Software
 
Creating High Performance teams by using a DevOps culture (FUG presentation)
Creating High Performance teams by using a DevOps culture (FUG presentation)Creating High Performance teams by using a DevOps culture (FUG presentation)
Creating High Performance teams by using a DevOps culture (FUG presentation)
Serena Software
 
Dimensions CM 14.3 launch webcast (slides)
Dimensions CM 14.3 launch webcast (slides)Dimensions CM 14.3 launch webcast (slides)
Dimensions CM 14.3 launch webcast (slides)
Serena Software
 
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
Serena Software
 
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena Software
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged Applications
Worksoft
 
Overview and Demonstration of Dimensions CM 14.2 (FUG presentation track 2)
Overview and Demonstration of Dimensions CM 14.2 (FUG presentation track 2)Overview and Demonstration of Dimensions CM 14.2 (FUG presentation track 2)
Overview and Demonstration of Dimensions CM 14.2 (FUG presentation track 2)
Serena Software
 
Support Federal Software Development Contracts with End-to-End Traceability
Support Federal Software Development Contracts with End-to-End TraceabilitySupport Federal Software Development Contracts with End-to-End Traceability
Support Federal Software Development Contracts with End-to-End Traceability
Tasktop
 
A Quick Intro to Agile, DevOps & Lean Development in the Enterprise
A Quick Intro to Agile, DevOps & Lean Development in the EnterpriseA Quick Intro to Agile, DevOps & Lean Development in the Enterprise
A Quick Intro to Agile, DevOps & Lean Development in the Enterprise
Tasktop
 
Achieving Continuous Visibility Across the DevOps Lifecycle
Achieving Continuous Visibility Across the DevOps LifecycleAchieving Continuous Visibility Across the DevOps Lifecycle
Achieving Continuous Visibility Across the DevOps Lifecycle
Tasktop
 
DevOps Monitoring and Alerting
DevOps Monitoring and AlertingDevOps Monitoring and Alerting
DevOps Monitoring and Alerting
Khairul Zebua
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloud
rsg00usa
 
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
XebiaLabs
 
Packaged vs. Custom Application Testing
Packaged vs. Custom Application TestingPackaged vs. Custom Application Testing
Packaged vs. Custom Application Testing
Worksoft
 
Salesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSalesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & Agile
Sai Jithesh ☁️
 
Accelerate Your Test Automation Journey with Process Mining for SAP
Accelerate Your Test Automation Journey with Process Mining for SAPAccelerate Your Test Automation Journey with Process Mining for SAP
Accelerate Your Test Automation Journey with Process Mining for SAP
Worksoft
 
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
XebiaLabs
 
Lights-Out Testing for Lights-On Business
Lights-Out Testing for Lights-On BusinessLights-Out Testing for Lights-On Business
Lights-Out Testing for Lights-On Business
Worksoft
 
What's New with Worksoft Certify
What's New with Worksoft CertifyWhat's New with Worksoft Certify
What's New with Worksoft Certify
Worksoft
 
Salesforce & GitLab Integration for Next-gen DevOps with CEPTES
Salesforce & GitLab Integration for Next-gen DevOps with CEPTESSalesforce & GitLab Integration for Next-gen DevOps with CEPTES
Salesforce & GitLab Integration for Next-gen DevOps with CEPTES
CEPTES Software Inc
 
YETI Cooler's Guide to Pulling off a Rock Solid SAP S/4HANA Software Implemen...
YETI Cooler's Guide to Pulling off a Rock Solid SAP S/4HANA Software Implemen...YETI Cooler's Guide to Pulling off a Rock Solid SAP S/4HANA Software Implemen...
YETI Cooler's Guide to Pulling off a Rock Solid SAP S/4HANA Software Implemen...
Worksoft
 
Building and Delivering Software in a Faster and More Consistent Way
Building and Delivering Software in a Faster and More Consistent WayBuilding and Delivering Software in a Faster and More Consistent Way
Building and Delivering Software in a Faster and More Consistent Way
DevOps Indonesia
 
Code to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningCode to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine Learning
STePINForum
 

More Related Content

What's hot

Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
XebiaLabs
 
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
XebiaLabs
 

What's hot (20)

Creating High Performance teams by using a DevOps culture (FUG presentation)
Creating High Performance teams by using a DevOps culture (FUG presentation)Creating High Performance teams by using a DevOps culture (FUG presentation)
Creating High Performance teams by using a DevOps culture (FUG presentation)
 
Dimensions CM 14.3 launch webcast (slides)
Dimensions CM 14.3 launch webcast (slides)Dimensions CM 14.3 launch webcast (slides)
Dimensions CM 14.3 launch webcast (slides)
 
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
 
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
Serena DevOps Drive-in: Leading the Agile and DevOps transformation with Gary...
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged Applications
 
Overview and Demonstration of Dimensions CM 14.2 (FUG presentation track 2)
Overview and Demonstration of Dimensions CM 14.2 (FUG presentation track 2)Overview and Demonstration of Dimensions CM 14.2 (FUG presentation track 2)
Overview and Demonstration of Dimensions CM 14.2 (FUG presentation track 2)
 
Support Federal Software Development Contracts with End-to-End Traceability
Support Federal Software Development Contracts with End-to-End TraceabilitySupport Federal Software Development Contracts with End-to-End Traceability
Support Federal Software Development Contracts with End-to-End Traceability
 
A Quick Intro to Agile, DevOps & Lean Development in the Enterprise
A Quick Intro to Agile, DevOps & Lean Development in the EnterpriseA Quick Intro to Agile, DevOps & Lean Development in the Enterprise
A Quick Intro to Agile, DevOps & Lean Development in the Enterprise
 
Achieving Continuous Visibility Across the DevOps Lifecycle
Achieving Continuous Visibility Across the DevOps LifecycleAchieving Continuous Visibility Across the DevOps Lifecycle
Achieving Continuous Visibility Across the DevOps Lifecycle
 
DevOps Monitoring and Alerting
DevOps Monitoring and AlertingDevOps Monitoring and Alerting
DevOps Monitoring and Alerting
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloud
 
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
Building a Software Chain of Custody: A Guide for CTOs, CIOs, and Enterprise ...
 
Packaged vs. Custom Application Testing
Packaged vs. Custom Application TestingPackaged vs. Custom Application Testing
Packaged vs. Custom Application Testing
 
Salesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSalesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & Agile
 
Accelerate Your Test Automation Journey with Process Mining for SAP
Accelerate Your Test Automation Journey with Process Mining for SAPAccelerate Your Test Automation Journey with Process Mining for SAP
Accelerate Your Test Automation Journey with Process Mining for SAP
 
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
Jenkins CI + XebiaLabs for Release Orchestration: A Recipe for Continuous Del...
 
Lights-Out Testing for Lights-On Business
Lights-Out Testing for Lights-On BusinessLights-Out Testing for Lights-On Business
Lights-Out Testing for Lights-On Business
 
What's New with Worksoft Certify
What's New with Worksoft CertifyWhat's New with Worksoft Certify
What's New with Worksoft Certify
 
Salesforce & GitLab Integration for Next-gen DevOps with CEPTES
Salesforce & GitLab Integration for Next-gen DevOps with CEPTESSalesforce & GitLab Integration for Next-gen DevOps with CEPTES
Salesforce & GitLab Integration for Next-gen DevOps with CEPTES
 
YETI Cooler's Guide to Pulling off a Rock Solid SAP S/4HANA Software Implemen...
YETI Cooler's Guide to Pulling off a Rock Solid SAP S/4HANA Software Implemen...YETI Cooler's Guide to Pulling off a Rock Solid SAP S/4HANA Software Implemen...
YETI Cooler's Guide to Pulling off a Rock Solid SAP S/4HANA Software Implemen...
 

Similar to Shift Left with Continuous Inspection

Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to Continuous
Parasoft
 
Moving to Agile Methods and DevOps on IBM i with ARCAD Pack for Rational 1479...
Moving to Agile Methods and DevOps on IBM i with ARCAD Pack for Rational 1479...Moving to Agile Methods and DevOps on IBM i with ARCAD Pack for Rational 1479...
Moving to Agile Methods and DevOps on IBM i with ARCAD Pack for Rational 1479...
Philippe Krief
 
Keys to continuous testing for faster delivery euro star webinar
Keys to continuous testing for faster delivery euro star webinar Keys to continuous testing for faster delivery euro star webinar
Keys to continuous testing for faster delivery euro star webinar
TEST Huddle
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
DevOps.com
 

Similar to Shift Left with Continuous Inspection (20)

Building and Delivering Software in a Faster and More Consistent Way
Building and Delivering Software in a Faster and More Consistent WayBuilding and Delivering Software in a Faster and More Consistent Way
Building and Delivering Software in a Faster and More Consistent Way
 
Code to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningCode to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine Learning
 
Avoiding the DevOps Tax
Avoiding the DevOps Tax Avoiding the DevOps Tax
Avoiding the DevOps Tax
 
DevOps - Transforming the Traditional SDLC
DevOps - Transforming the Traditional SDLCDevOps - Transforming the Traditional SDLC
DevOps - Transforming the Traditional SDLC
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to Continuous
 
Upmc tpdev1
Upmc tpdev1Upmc tpdev1
Upmc tpdev1
 
What is the future of DevOps and its growing trends.pptx
What is the future of DevOps and its growing trends.pptxWhat is the future of DevOps and its growing trends.pptx
What is the future of DevOps and its growing trends.pptx
 
Moving to Agile Methods and DevOps on IBM i with ARCAD Pack for Rational 1479...
Moving to Agile Methods and DevOps on IBM i with ARCAD Pack for Rational 1479...Moving to Agile Methods and DevOps on IBM i with ARCAD Pack for Rational 1479...
Moving to Agile Methods and DevOps on IBM i with ARCAD Pack for Rational 1479...
 
Draftkings: Launching w/ Confidence at Scale, FutureStack17 NYC
Draftkings: Launching w/ Confidence at Scale, FutureStack17 NYCDraftkings: Launching w/ Confidence at Scale, FutureStack17 NYC
Draftkings: Launching w/ Confidence at Scale, FutureStack17 NYC
 
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValueDevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
 
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOpsContinuous Testing- A Key Ingredient for Success in Agile & DevOps
Continuous Testing- A Key Ingredient for Success in Agile & DevOps
 
The Anti-Transformation transformation @DevOps Summit Amsterdam
The Anti-Transformation transformation @DevOps Summit AmsterdamThe Anti-Transformation transformation @DevOps Summit Amsterdam
The Anti-Transformation transformation @DevOps Summit Amsterdam
 
[India Merge World Tour] Coverity
[India Merge World Tour] Coverity[India Merge World Tour] Coverity
[India Merge World Tour] Coverity
 
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
 
Keys to continuous testing for faster delivery euro star webinar
Keys to continuous testing for faster delivery euro star webinar Keys to continuous testing for faster delivery euro star webinar
Keys to continuous testing for faster delivery euro star webinar
 
Freedom and Responsibility
Freedom and ResponsibilityFreedom and Responsibility
Freedom and Responsibility
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
 
Achieving Agile in the Enterprise From dream to reality
Achieving Agile in the Enterprise From dream to realityAchieving Agile in the Enterprise From dream to reality
Achieving Agile in the Enterprise From dream to reality
 
Advanced sap cybersecurity webinar
Advanced sap cybersecurity webinarAdvanced sap cybersecurity webinar
Advanced sap cybersecurity webinar
 
Soirée du Test Logiciel - Présentation de Kiuwan (Jack ABDO)
Soirée du Test Logiciel - Présentation de Kiuwan (Jack ABDO)Soirée du Test Logiciel - Présentation de Kiuwan (Jack ABDO)
Soirée du Test Logiciel - Présentation de Kiuwan (Jack ABDO)
 

More from Serena Software

Integrated Requirements Management with Serena Dimensions RM 02-2016
Integrated Requirements Management with Serena Dimensions RM 02-2016Integrated Requirements Management with Serena Dimensions RM 02-2016
Integrated Requirements Management with Serena Dimensions RM 02-2016
Serena Software
 
DevOps drivein - Mind the Gap
DevOps drivein - Mind the GapDevOps drivein - Mind the Gap
DevOps drivein - Mind the Gap
Serena Software
 
Mainframe vug july 30 2015
Mainframe vug july 30 2015Mainframe vug july 30 2015
Mainframe vug july 30 2015
Serena Software
 
Dimensions RM 12.3 webcast
Dimensions RM 12.3 webcast Dimensions RM 12.3 webcast
Dimensions RM 12.3 webcast
Serena Software
 
Dimensions CM 14.2 Webcast: Running the Gauntlet
Dimensions CM 14.2 Webcast: Running the GauntletDimensions CM 14.2 Webcast: Running the Gauntlet
Dimensions CM 14.2 Webcast: Running the Gauntlet
Serena Software
 
Continuous Delivery series: How to automate your infrastructure toolchain
Continuous Delivery series: How to automate your infrastructure toolchainContinuous Delivery series: How to automate your infrastructure toolchain
Continuous Delivery series: How to automate your infrastructure toolchain
Serena Software
 

More from Serena Software (18)

Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
 
Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...
Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...
Edit Privacy Settings Analytics FREE Collect Leads Micro Focus DevOps Drive-i...
 
What's new in SBM 11.1
What's new in SBM 11.1What's new in SBM 11.1
What's new in SBM 11.1
 
Mainframe VUG Presentation April 2016
Mainframe VUG Presentation April 2016Mainframe VUG Presentation April 2016
Mainframe VUG Presentation April 2016
 
FUG Keynote presentation: Vision 2020
FUG Keynote presentation: Vision 2020FUG Keynote presentation: Vision 2020
FUG Keynote presentation: Vision 2020
 
Integrated Requirements Management with Serena Dimensions RM 02-2016
Integrated Requirements Management with Serena Dimensions RM 02-2016Integrated Requirements Management with Serena Dimensions RM 02-2016
Integrated Requirements Management with Serena Dimensions RM 02-2016
 
Sneak Peek into the New ChangeMan ZMF Release
Sneak Peek into the New ChangeMan ZMF ReleaseSneak Peek into the New ChangeMan ZMF Release
Sneak Peek into the New ChangeMan ZMF Release
 
The Top 5 Practices of a Highly Successful ChangeMan ZMF Administrator
The Top 5 Practices of a Highly Successful ChangeMan ZMF AdministratorThe Top 5 Practices of a Highly Successful ChangeMan ZMF Administrator
The Top 5 Practices of a Highly Successful ChangeMan ZMF Administrator
 
DevOps drivein - Mind the Gap
DevOps drivein - Mind the GapDevOps drivein - Mind the Gap
DevOps drivein - Mind the Gap
 
Take your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareTake your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena Software
 
Dimensions CM Summer VUG Presentation
Dimensions CM Summer VUG PresentationDimensions CM Summer VUG Presentation
Dimensions CM Summer VUG Presentation
 
Mainframe vug july 30 2015
Mainframe vug july 30 2015Mainframe vug july 30 2015
Mainframe vug july 30 2015
 
Dimensions RM 12.3 webcast
Dimensions RM 12.3 webcast Dimensions RM 12.3 webcast
Dimensions RM 12.3 webcast
 
Dimensions CM 14.2 Webcast: Running the Gauntlet
Dimensions CM 14.2 Webcast: Running the GauntletDimensions CM 14.2 Webcast: Running the Gauntlet
Dimensions CM 14.2 Webcast: Running the Gauntlet
 
Continuous Delivery series: How to automate your infrastructure toolchain
Continuous Delivery series: How to automate your infrastructure toolchainContinuous Delivery series: How to automate your infrastructure toolchain
Continuous Delivery series: How to automate your infrastructure toolchain
 
GoToWebinar Vs Webex
GoToWebinar Vs WebexGoToWebinar Vs Webex
GoToWebinar Vs Webex
 
Deploy Fast Without Breaking Things Webinar Presentation June 25
Deploy Fast Without Breaking Things Webinar Presentation June 25Deploy Fast Without Breaking Things Webinar Presentation June 25
Deploy Fast Without Breaking Things Webinar Presentation June 25
 
Spring Mainframe VUG 2015: How to google your way through your mainframe appl...
Spring Mainframe VUG 2015: How to google your way through your mainframe appl...Spring Mainframe VUG 2015: How to google your way through your mainframe appl...
Spring Mainframe VUG 2015: How to google your way through your mainframe appl...
 

Recently uploaded

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Shift Left with Continuous Inspection

  • 1. 1 FUG2016Copyright © Serena Software 2016 WE OWN IT! Shift Left with Continuous Inspection Don Irvine Vice President ALM Products
  • 3. 3 FUG2016 How Many Bugs Are Too Many? “Industry Average: about 15 – 50 errors per 1,000 lines of delivered code” Source: Code Complete by Steve McConnell
  • 5. 5 FUG2016 But Getting Quality Wrong is Costly Too!
  • 6. 6 FUG2016 But Getting Quality Wrong is Costly Too!
  • 7. 7 FUG2016 But Getting Quality Wrong is Costly Too!
  • 8. 8 FUG2016 Cheaper to Fix Bugs Early Shift Left
  • 9. 9 FUG2016 What to Invest in to Shift Left?
  • 11. 11 FUG2016 #1 Build every change Five Simple Steps to Shift Left Detect broken builds early
  • 12. 12 FUG2016 #2 Code review every change Code Inspection often more than 65% efficient at defecting defects (Capers-Jones) Five Simple Steps to Shift Left
  • 13. 13 FUG2016 #3 Use a static analysis tool regularly Static Analysis combined with peer review can detect up to 95% of bugs (Capers-Jones) Five Simple Steps to Shift Left
  • 14. 14 FUG2016 #4 Be aware of third-party components and their vulnerabilities Five Simple Steps to Shift Left In a security analysis across 5,300 applications, Veracode also found and confirmed that an average application has 24 known security vulnerabilities associated with open source and third-party components (State of the Software Supply Chain Report)
  • 15. 15 FUG2016 #5 Provide visibility of all changes and their health Five simple steps to Shift Left
  • 16. 16 FUG2016 1. Build every change 2. Code review every change 3. Use a static analysis tool regularly 4. Be aware of third-party components and their vulnerabilities 5. Provide visibility of all changes and their health Five Simple Steps to Shift Left
  • 18. 18 FUG2016 Change Build Static Analysis Security Scan Peer Review Visibility Continuous Inspection The process of putting software code changes through a series of expert inspections to rapidly identify and respond to coding issues, improving quality and reducing costs
  • 19. 19 FUG2016 Continuous Inspection Key Capabilities • Extensible plug-in architecture • Schedule & inspect code changes • Report findings & vulnerabilities • Supports DevOps “Shift-Left” • Aggregated KPI Metrics Value Benefits • Display results in code review • Real-time developer feedback • Reduce coding risks & issues • Monitor code health & quality • Speed release readiness "Given enough eyeballs, all bugs are shallow." The Cathedral and the Bazar —Eric Raymond
  • 20. 20 FUG2016 Changeset Graph and Change Health Key Capabilities • Visualize branch dependencies • Navigation of change history • Visual approach to merging • Integrated with CI Value Benefits • Insight into release readiness • Change timeline visibility • Complexity of merging
  • 21. 21 FUG2016 Integrated Peer Review Key Capabilities • Collaborative web based peer review • Linked to Continuous Inspection • Configurable process • Full audit trail • Tightly integrated into Dimensions Value Benefits • Improved code quality • Find 70-90% of all defects earlier • Cost reduction • Save up to 30% of re-work hours • Developer productivity • Up to 25% improvement in coding
  • 22. 22 FUG2016 Automatic Detection of Known Vulnerabilities Key Capabilities • Built in vulnerability scanner • Works with public OWASP project • Checks NVD security issues with delivered components • Scan on regularly or on every checkin Value Benefits • Provides full report of your components and their vulnerabilities • Know when vulnerabilities are reported in your third-party components
  • 23. 23 FUG2016 Work Item Management (due in May) Key Capabilities • Backlog management, Kanban, burn-down and reporting • Development focused • Planning of CM requests • Management of teams • Integrated with SBM, RM and Jira Value Benefits • Visualize and plan work within CM • Track progress, identify bottlenecks • Manage movement of work between backlogs in other tools • Integrates with the full CM lifecycle
  • 25. 25 FUG2016 1. Build every change 2. Code review every change 3. Use a static analysis tool regularly 4. Be aware of third-party components and their vulnerabilities 5. Provide visibility of all changes and their health The Corridor Test…
  • 27. 27 FUG2016Copyright © Serena Software 2016 WE OWN IT! Julian Fish Director of Products Serena Software Move Fast Without Breaking Things DevOps, Continuous Delivery and Multi-Speed IT Delivery in Regulated Environments
  • 29. 29 FUG2016 Need to drive competitive advantage and respond to market needs Adoption of Agile practices have increased the speed of engineering delivery Still ruled by a SLA’s, stability and an inherent resistance to change BUSINESS DEVELOPMENT OPERATIONS Move Fast Without Breaking Things COMPLIANCE (CONTROL)AGILITY (SPEED)
  • 30. 30 FUG2016 “Who has an Agile Transformation Project / Program in place currently?” Define Develop Construct Deploy Verify
  • 31. 31 FUG2016 “Who has a DevOps Transformation Project / Program in place currently?”Development Teams “Shift Right” Dev Test UAT Prod Operations Teams “Shift Left”
  • 32. 32 FUG2016 “Who has a defined goal / objective for these programs in place?”
  • 34. 34 FUG2016 DevOps – NOT just Release or Infrastructure Management Image: IT Revolution
  • 35. 35 FUG2016 “Devops good news! Devops is 100% peoples and culture so you not have of understand functional programming!” DevOps? © 2013 @DevOpsBorat
  • 36. 36 FUG2016 DevOps, Continuous Delivery and Multi-Speed IT DevOps tries to align goals between Development and Operations Continuous Delivery ensures software is always production ready and releases are tied to business needs and not operational constraints Multi-Speed IT understands that there isn’t a simple ‘CD or non-CD’ approach but a collection of approaches and speeds that IT can use to release software
  • 37. 37 FUG2016 DevOps… Automation? Infrastructure as code? Continuous Delivery (CD)? Infrastructure Automation? Continuous Integration (CI)? “A movement to address the gap between Dev and Ops” What is DevOps? “82% of high performing companies automate their code deployments”
  • 38. 38 FUG2016 DevOps / CD Benefits for Regulated Industries Reduced risk by implementing frequent, smaller changes Developers have better understanding of development, test and production infrastructure Operations gain application-centric understanding Simplified end to end IT processes inclusive of Audit and Compliance requirements Supportive of Application Automation = Increased collaboration between Dev and Ops / Lower Risk / Faster Time to Value Ops QADev DevOps
  • 39. 39 FUG2016 End to End Domain Interaction – The Sum of the Parts Continuous Delivery Source Code Management BUILD / CI Deployment / Test Automation Formal Release Containers Virtual Infrastructure Physical Infrastructure Cloud Infrastructure Enterprise Change Management Dev Test UAT Prod APM IT Service Management & DML Agile Planning Requirements Management Project Portfolio Management Enterprise Release Management Is this DevOps? Is this DevOps?Is THIS DevOps?
  • 40. 40 FUG2016 Identifying the Challenges in Federal / Regulated Industries One size fits all approach won’t work for traditional Federal organizations Legacy, Transitional and Innovative Applications must co-exist Organizational Framework based approach with multiple ”Flavors” of implementation Multiple Contract teams own areas of the End to End process, adding complexity SPOC and ownership is difficult to find – what is the sponsor trying to achieve Startup “Application is the Business” doesn’t apply
  • 41. 41 FUG2016 “More than 95% of IT operations organizations lack a centralized release management process” “Through 2016, a lack of effective release management will contribute up to 80% of production incidents in large organizations with complex IT services” “82% of high performing companies automate their code deployments”
  • 42. 42 FUG2016 Bi-Modal vs Multi-Modal IT “By 2017, 75% of IT organizations will have a bimodal capability”* “95% of Large Enterprises require multi-modal capabilities. Type 1 & Type 2 becomes Type 1 - 5”
  • 43. 43 FUG2016 “By 2017, 75% of IT organizations will have a bimodal capability”* Systems of Innovation Systems of Differentiation Systems of Record Mode 1 Reliability Waterfall, V-Model IT-centric Release in Months/Years Mode 2 Agility Agile, Kanban Business-centric Release in Days/Weeks Dependencies Governance Change *Gartner predictions, 2014
  • 44. 44 FUG2016 Systems of Innovation Systems of Differentiation Systems of Record App 1 Traditional Waterfall, V-Model IT-centric Release in Months/Years App 2 Agile Agile, Kanban Business-centric Release in Days/Weeks Governance Change App 3 Transitional Scrum fall Product-centric Release in Weeks/Months Serena Provides Multi-Modal IT Support Dependencies Application Deployment speed determined by Application Architecture, Application Type and Compliance requirements
  • 45. 45 FUG2016 Shift Left vs. Shift Right Development Teams “Shift Right” Dev Test UAT Prod Operations Teams “Shift Left” Measured Functional Competence (High – Low)Key:
  • 46. 46 FUG2016 46 Where to Start? • What matters to the business? • How do we Define and measure success • Look to Eliminate waste • Incremental changes/quick wins • Focus on continuous improvement • Implement Process and Technology Simultaneously • Automate Everything
  • 47. 47 FUG2016 How Responsive are you to the Business? • How do you measure success? • Average cycle time for moving a business request from Development to Production? • Number of business requests implements this week, month, year? • Cost of moving a unit of change through your application lifecycle? • Percentage of a release focused on technical debt? • Develop metrics to support what matters to the business
  • 48. 48 FUG2016 inetOrgPerson inetOrgPerson Secured Repository Common Build Process Secured build processes ensures audit compliance and artifact traceability. Secured artifact repository provides common source for artifact deployment. Continuous Integration & Standard Build Frameworks
  • 49. 49 FUG2016 49 Automate Almost Everything • People should not move the “bits” • Automate code and configuration deployments with a single set of deployment processes across all environments • All pre-prod deployments should be rehearsals for the final deploy into prod • Quick incremental wins with big impact
  • 50. 50 FUG2016 Developer Commits Code Test Automation Validates Code Operations Releases Code DEV TEST PROD Process Artifacts Build Initiated Centralized Release Management Process and Path to Production
  • 51. 51 FUG2016 51 Standardize the Release Process Streamline and accelerate the release lifecycle • Single system of record for release planning and execution – Schedules – Milestones – Gates and Approvals • Automatic cycle-time capture • Ensure audit trails for compliance and learning
  • 52. 52 FUG2016 Process and Technology work together Release Control Release Train Release Package Tasks Integration Framework / Service Layer / Widgets SDA DIM CM ZMF EROOTHER RELEASE PROCESS ARTIFACT MANAGEMENT
  • 53. 53 FUG2016 Identify Teams for Continuous Delivery vs. Release Management Continuous Delivery Enterprise Release Management Dev Source Code Management BUILD / CI Deployment / Test Automation Test UAT Prod Formal Release Containers Virtual Infrastructure Physical InfrastructureCloud Infrastructure Infrastructure as Code Enterprise Change Management APM IT Service Management
  • 54. 54 FUG2016 Release Control Object Overview Release Package Dev Test UAT Prod Request Release Train Deployment Path Release Package Release Package Release Package Deploy UnitDeploy Task Dev Test UAT Prod Request Deployment Path Deploy Unit Deploy Task Dev Test UAT Prod Request Deployment Path Deploy Unit Deploy Task Integration Framework Integration Framework
  • 55. 55 FUG2016 Package level control and visibility Dev Test UAT Prod Request Deployment Path Deploy UnitDeploy Task Release Package Integration to Serena and 3rd party artifact management / source code solutions (Dimensions CM, ChangeMan ZMF, Serena Deployment Automation, Artifactory, TFS, Jenkins, IBM, CA etc.) Integration to Serena and 3rd party request / ticketing systems (Dimensions CM, SBM, Rally, Jira, Version One, Bugzilla etc.) Defines the activities to deploy / implement the Package via integrations to Serena and 3rd party tools (Dimensions CM, ChangeMan ZMF, Serena Deployment Automation, CA Nolio, IBM uDeploy, XebiaLabs, Manual Steps etc.) Integration Framework Package Deployed via configurable deployment paths
  • 56. 56 FUG2016 Enterprise Deployment Pipelines Key Capabilities • Create, manage and automate deployment pipelines • Enforce environment sequencing and auto promote • Full stack automation with new plug-ins: • Chef, Puppet, Jenkins workflow • Docker, Bamboo, Openstack and more Benefits • Supports Dev / Test Churn with Managed Stage & Production Releases • Improves quality with a single repeatable deployment process • Reduces cycle time • Provides end-to-end traceability for compliance and audit
  • 57. 57 FUG2016 Continuous Delivery Maturity Model for Enterprises REPEATABLE BUILD CONTINUOUS INTEGRATION AUTOMATED APPLICATION AND INFRASTRUCTURE DEPLOYMENTS TEST AUTOMATION ENTERPRISE CONTINUOUS DELIVERY Standard Build processes across all development and SCM tools. Daily / nightly builds exist utilizing secured SDLC CI Build processes build deliverables upon code commit and invoke automated unit tests Target integrated Application and Infrastructure Deployments (provisioning on demand – Cloud, Virtual or Physical for app deployments) Fully Automated Test Suites allowing entire application to be Tested without user intervention End to End Build, Test and Deployment Capabilities
  • 58. 58 FUG2016 “Full Stack” Provisioning APPLICATION CONFIGURATION APPLICATION DEPLOYMENT CONFIGURED APPLICATION STACK VM VM VM OS PROVISIONINGPROVISIOINGORDER OS CONFIGURATION BARE METAL / CLOUD STORAGE • Infrastructure / Cloud / Virtual Provisioning • Application Architecture Deployment • Application Configuration • Build Up &Tear Down Capabilities Essential Steps for Enterprise Continuous Delivery