Most of us like things done the right way and (more often than not) our way. Nothing can be more infuriating than looking through poorly documented logs or code, and trying to understand poor documentation and what it was meant to get across. During development we often look to setting up good coding practices that […]
The focus of continuous delivery isn’t just about being quicker when developing and deploying, but rather delivering business value continuously. And we only see business value from software when it is made available to end users. I heard a project lead explain that his team had a continuous delivery process. They used source control management […]
Coveros recently published an article in the March/April 2010 edition of CrossTalk. The article is entitled “Building Security In Using Continuous Integration.” Building security into software is harder than it should be. This article explores a way to align application security practices with other software development best practices in order to make building security in […]
SecureCI is an open-source continuous integration solution. We’ve assembled a number of open-source tools that we use, installed them in a VMware image and configured them to work together. SecureCI is packaged as a virtual machine that can be run with the VMware Player that way you can be up and running in minutes without […]
Sonar is a tool to analyze and visualize code quality in Java projects. It isn’t a static code analysis tool itself, rather it uses a number of open source tools to analyze the code, then Sonar gathers the metrics. Its strength is in providing a dashboard, trend reports, and drill downs to help visualize the state […]
How do you fit security into your Continuous Integration (CI)? The common response would be, “We do not because … “. Well, you can, without a large effort or a large impact. At a high level you can integrate source code analysis into your daily integration builds so that you know if the change from the previous day […]
