Buyers Guide Archives - SD Times https://sdtimes.com/category/buyers-guide/ Software Development News Fri, 16 Dec 2022 21:50:14 +0000 en-US hourly 1 https://wordpress.org/?v=6.1.1 https://sdtimes.com/wp-content/uploads/2019/06/bnGl7Am3_400x400-50x50.jpeg Buyers Guide Archives - SD Times https://sdtimes.com/category/buyers-guide/ 32 32 A guide to automated testing tools https://sdtimes.com/test/a-guide-to-automated-testing-tools-4/ Thu, 01 Dec 2022 21:06:40 +0000 https://sdtimes.com/?p=49708 The following is a listing of automated testing tool providers, along with a brief description of their offerings. FEATURED PROVIDERS mabl is the enterprise SaaS leader of intelligent, low-code test automation that empowers high-velocity software teams to embed automated end-to-end tests into the entire development lifecycle. Customer-centric brands rely on mabl’s unified platform for creating, managing, and … continue reading

The post A guide to automated testing tools appeared first on SD Times.

]]>
The following is a listing of automated testing tool providers, along with a brief description of their offerings.
FEATURED PROVIDERS

mabl is the enterprise SaaS leader of intelligent, low-code test automation that empowers high-velocity software teams to embed automated end-to-end tests into the entire development lifecycle. Customer-centric brands rely on mabl’s unified platform for creating, managing, and running automated tests that result in faster delivery of high-quality, business critical applications. Learn more at https://www.mabl.com; follow @mablhq on Twitter and @mabl on LinkedIn.

Parasoft helps organizations continuously deliver quality software with its market-proven automated software testing solutions. Parasoft’s AI-enhanced technologies reduce the time, effort, and cost of delivering secure, reliable, compliant software with everything from deep code analysis and unit testing to web UI and API testing, plus service virtualization and merged code coverage. Bringing all this together, Parasoft’s award-winning reporting and analytics dashboard delivers a centralized view of application quality, enabling organizations to deliver with confidence.

testRigor helps organizations dramatically reduce time spent on test maintenance, improve test stability, and dramatically improve the speed of test creation. This is achieved through its support of “plain English” language that allows users to describe how to find elements on the screen and what to do with those elements from the end-user’s perspective. People creating tests on their system build 2,000+ tests per year per person. On top of it,  testRigor helps teams deploy their analytics library in production that will make systems automatically produce tests reflecting the most frequently used end-to-end flows from production.

OTHER PROVIDERS

Applitools is built to test all the elements that appear on a screen with just one line of code. Using Visual AI, you can automatically verify that your web or mobile app functions and appears correctly across all devices, all browsers and all screen sizes. It is designed to integrate with your existing tests. We support all major test automation frameworks and programming languages covering web, mobile, and desktop apps.

Appvance IQ can generate its own tests, surfacing critical bugs in minutes with limited human involvement in web and mobile applications. AIQ empowers enterprises to improve the quality, performance and security of their most critical applications, while transforming the efficiency and output of their testing teams and lowering QA costs.

Digital.ai Continuous Testing enables organizations to reduce risk and provide their customers satisfying, error-free experiences — across all devices and browsers. Digital.ai Continuous Testing provides expansive test coverage across 2000+ real mobile devices and web browsers, and seamlessly integrates with best-in-class tools throughout the DevOps/DevSecOps pipeline.

HCL Software develops, markets, sells, and supports over 20 product families with particular focus on Customer Experience, Digital Solutions, Secure DevOps, and Security & Automation. Its mission is to drive ultimate customer success of their IT investments through relentless innovation of our software products. 

HPE Software’s automated testing solutions simplify software testing within fast-moving agile teams and for continuous integration scenarios. Integrated with DevOps tools and ALM solutions, HPE automated testing solutions keep quality at the center of today’s modern applications and hybrid infrastructures. 

IBM: Quality is essential and the combination of automated testing and service virtualization from IBM Rational Test Workbench allows teams to assess their software throughout their delivery life cycle. IBM has a market leading solution for the continuous testing of end-to-end scenarios covering mobile, cloud, cognitive, mainframe and more. 

Keysight Technologies Digital Automation Intelligence (DAI) platform is the first AI-driven test automation solution with unique capabilities that make the testing process faster and easier. With DAI, you can automate 95% of activities, including test-case design, test execution, and results analysis. This enables teams to rapidly accelerate testing, improve the quality of software and integrate with DevOps at speed. The intelligent automation reduces time to market and ensures a consistent experience across all devices.

Micro Focus enables customers to accelerate test automation with one intelligent functional testing tool for web, mobile, API and enterprise apps. Users can test both the front-end functionality and back-end service parts of an application to increase test coverage across the UI and API.

Microsoft’s Visual Studio helps developers create, manage, and run unit tests by offering the Microsoft unit test framework or one of several third-party and open-source frameworks. The company provides a specialized tool set for testers that delivers an integrated experience starting from Agile planning to test and release management, on-premises or in the cloud. 

Kobiton offers its patented GigaFox on-premises or hosted, and solves mobile device sharing and management challenges during development, debugging, manual testing, and automated testing. A pre-installed and pre-configured Appium server provides “instant on” Appium test automation.

NowSecure identifies the broadest array of security threats, compliance gaps and privacy issues in custom-developed, commercial, and business-critical mobile apps. NowSecure customers can choose automated software on-premises or in the cloud, expert professional penetration testing and managed services, or a combination of all as needed. 

Orasi is a leading provider of software testing services, utilizing test management, test automation, enterprise testing, Continuous Delivery, monitoring, and mobile testing technology. 

Perfecto users can pair their favorite frameworks with Perfecto to automate advanced testing capabilities, like GPS, device conditions, audio injection, and more. It also includes full integration into the CI/CD pipeline, continuous testing improves efficiencies across all of DevOps.  

ProdPerfect is an autonomous, end-to-end (E2E) regression testing solution that continuously identifies, builds and evolves E2E test suites via data-driven, machine-led analysis of live user behavior data. It addresses critical test coverage gaps, eliminates long test suite runtimes and costly bugs in production, and removes the QA burden that consumes massive engineering resources.  

Progress Software’s Telerik Test Studio is a test automation solution that helps teams be more efficient in functional, performance and load testing, improving test coverage and reducing the number of bugs that slip into production. 

Sauce Labs provides a cloud-based platform for automated testing of web and mobile applications. Optimized for use in CI and CD environment, and built with an emphasis on security, reliability and scalability, users can run tests written in any language or framework using Selenium or Appium.

SmartBear tools are built to streamline your process while seamlessly working with your existing products. Whether it’s TestComplete, Swagger, Cucumber, ReadyAPI, Zephyr, or one of our other tools, we span test automation, API life cycle, collaboration, performance testing, test management, and more. 

Synopsys offers a powerful and highly configurable test automation flow that provides seamless integration of all Synopsys TestMAX capabilities. Early validation of complex DFT logic is supported through full RTL integration while maintaining physical, timing and power awareness through direct links into the Synopsys Fusion Design Platform.

SOASTA’s Digital Performance Management (DPM) Platform includes five technologies: TouchTest mobile functional test automation; mPulse real user monitoring (RUM); the CloudTest platform for continuous load testing; Digital Operation Center (DOC) for a unified view of contextual intelligence accessible from any device; and Data Science Workbench, simplifying analysis of current and historical web and mobile user performance data. 

Tricentis Tosca, the #1 continuous test automation platform, accelerates testing with a script-less, AI-based, no-code approach for end-to-end test automation. With support for over 160+ technologies and enterprise applications, Tosca provides resilient test automation for any use case. 

To read the full Buyers Guide, click here. To see how companies are helping with automated testing initiatives, click here.

 

The post A guide to automated testing tools appeared first on SD Times.

]]>
How these companies can help with your automated testing initiatives https://sdtimes.com/test/how-these-companies-can-help-with-your-automated-testing-initiatives/ Thu, 01 Dec 2022 20:57:36 +0000 https://sdtimes.com/?p=49705 We asked these tool providers to share more information on how their solutions help companies with automated testing. Their responses are below Darrel Farris, manager of solutions engineering at mabl Software development teams are realizing that automated testing is key to accelerating product velocity and reaching the full potential of DevOps. When fully integrated into … continue reading

The post How these companies can help with your automated testing initiatives appeared first on SD Times.

]]>
We asked these tool providers to share more information on how their solutions help companies with automated testing. Their responses are below

Darrel Farris, manager of solutions engineering at mabl

Software development teams are realizing that automated testing is key to accelerating product velocity and reaching the full potential of DevOps. When fully integrated into a company’s development pipeline, testing becomes an early alert system for short-term defects as well as long-term performance issues. The key to realizing this potential: simple test creation and rich reporting features. 

Mabl is low-code, intelligent test software that allows everyone to create automated tests covering web UIs, APIs, and mobile browsers with 80% less effort. Quality teams can extend the value of end-to-end tests even further with automated accessibility checks that help ensure every user has a delightful experience, regardless of access needs. Machine learning and AI features like auto-healing and Intelligent Wait help teams create more reliable tests and reduce test maintenance. Results from every test are tracked within mabl’s comprehensive suite of reporting features, making it easy to understand product quality trends. With test creation simplified and quality data at their fingertips, everyone can focus on resolving defects quickly and improving product quality. 

Mabl also includes native integrations with tools like Microsoft Teams, Slack, and Jira, so that testing information can be seamlessly integrated into workflows and everyone can benefit from mabl’s rich diagnostic data. Teams can monitor performance with speed indexes for all web pages, and manage API quality with data on the response time for each API endpoint. This allows teams to shift from reacting to failed tests and customer complaints to proactively managing product quality, improving the customer experience.

Arthur Hicken, chief evangelist at Parasoft

At Parasoft, we have various AI components and capabilities that augment the testers’ work at every layer of the testing pyramid. 

Our AI improves the static analysis experience with fewer false positives, better prioritization and understanding of risk models, and it has the necessary standards such as ISO 26262, PCI-DSS, OWASP, and CWE for compliance in certain industries. 

On top of that, we have advanced test creation with the generation of mocks and stubs to follow the best practices of unit testing in isolation and we have the tools that can help you determine how you can expand a test to provide additional code coverage. 

Test impact analysis helps you understand what tests you need to run when there are changes in code, tests, or requirements. 

We also have AI for API testing to record manual tester behavior and automatically convert that into API tests that are highly maintainable and execute quickly. We can apply AI to create test assets that not only perform functional testing, but you can automatically apply additional testing like security tests, or load and performance tests.

Further, we can use AI to capture a manual test and use it to create a test that can be run automatically because it can be automated and integrated in regression, have AI-based self-healing capabilities and perform security tests without additional tester effort or special training.

Parasoft’s solution can perform deep code analysis, which provides users with the ability to find structural problems. It also helps in functional testing, whether API testing, UI testing, or automated testing. We have a unique position in testing because our solutions cover both a white-box view at the code level as well as a black-box view at the functional and application level. Because we have both views, it enables us to make inferences that wouldn’t be possible otherwise. So, we can start to correlate literally what’s going on at the code analysis level and the unit and functional test level with what the external tests are doing and use this to provide better advice on where a problem exists in the code and how to repair it.

Parasoft’s capability of using AI to automate testing and having a full understanding from deep code analysis all the way through the external testing lets us provide a better experience to the end user. 

Artem Golubev, CEO at testRigor

testRigor empowers manual testers to build functional end-to-end test automation at any degree of complexity, without the need for engineering knowledge in the mix. If a user can express manual test case steps in English, they’ll be able to build tests on the platform. testRigor will then execute the test for you from a human’s standpoint, interacting with a web, native, or mobile application. 

Any person, including those that don’t necessarily have coding skills, will be able to edit, maintain, upgrade, in addition to creating those tests. Also, our tests were measured to be 200 times more stable than Selenium tests, and our customers are typically spending 95% less time managing these tests. 

The QA teams can then be freed from click-through manual regression testing and maintaining automated scripts because the issue of maintenance with testRigor is eliminated for good. 

Just ask Keith Powe, VP of Engineering at IDT Corporation. His team could automate only four test cases a week per person, but with testRigor, they have increased their testing coverage from less than 34% to more than 91% in under 9 months. Spending a maximum of 0.1% of the time in test maintenance, IDT has a 90% reduction in bugs and a more effective CI/CD. Many other companies such as Upgrade, DataHerald, and others have cited drastic improvements in their testing strategy with the benefits that testRigor offers. 

Be sure to visit our site https://testrigor.com/ to learn more about how testRigor can help solve the biggest challenges that you’re facing with automated testing today.

 

To read the full Buyers Guide, click here. To see the guide to automated testing tools, click here.

The post How these companies can help with your automated testing initiatives appeared first on SD Times.

]]>
While automated testing has rebounded this year, it still has a long way to go https://sdtimes.com/test/while-automated-testing-has-rebounded-this-year-it-still-has-a-long-way-to-go/ Thu, 01 Dec 2022 20:47:49 +0000 https://sdtimes.com/?p=49702 Despite all the changes automated software testing has undergone in recent years, data shows that it still has some way to go to accelerate delivery of value and quality to the business, according to Forrester.  However, while test automation coverage saw a notable dip during the pandemic, it has since rebounded last year, according to … continue reading

The post While automated testing has rebounded this year, it still has a long way to go appeared first on SD Times.

]]>
Despite all the changes automated software testing has undergone in recent years, data shows that it still has some way to go to accelerate delivery of value and quality to the business, according to Forrester. 

However, while test automation coverage saw a notable dip during the pandemic, it has since rebounded last year, according to SmartBear’s State of Quality Testing 2022 report. 

Last year saw the amount of companies performing just manual tests at 11%, while that number dwindled to 7% this year, almost returning to pre-pandemic levels of 5% of all tests being performed completely manually. 

When looking at the different types of tests and how they are performed, over half of respondents reported using manual testing for usability and user acceptance tests.

Unit tests, performance tests, and BDD framework tests were highest among all automated testing. 

This year, the most time-consuming activity was performing manual and exploratory tests, jumping to 26% from 18% last year as the most time-consuming task. In the same time period, learning how to use test tools as the most time-consuming challenge with testing fell from 22% to just 8%.

In the Agile and DevOps realm, there are higher levels of automation versus those companies that are still in the waterfall stages, according to Diego Lo Giudice, VP, principal analyst at Forrester. This is inherent to DevOps because if most of the testing is manual, it’s just going to slow down the rest of the team. 

“With DevOps and all the automation going on around it, testing needs to be very high, it needs to be above 80%. You kind of see that only for a few companies or specific projects inside an organization, but if you look at the rest of the market, probably it’s less than 30%,” Lo Giudice said. “I would say we’ve made some progress, but there’s more automation that’s needed.”

In fact, some of the companies that are adopting agile or DevOps methods find that testing sometimes becomes the bottleneck to rapid delivery, according to Darrel Farris, manager of solutions engineering at mabl. Testing in DevOps must be integrated into the pipeline so developers aren’t throwing code over to QA that hasn’t been tested – especially if teams are deploying multiple times per week or month.

Some of the big challenges to implementing automated testing are that there’s a lack of skills and because test automation requires change within the organization. 

“So there are a number of changes regarding people, processes, and technology, it’s not just getting a tool. And automating tests, this is about organizing, testing completely in a different way,” Lo Giudice added. 

Challenges with getting automated testing just right 

“One of the challenges we see from people is that they’re fundamentally approaching this wrong. We’ve had some of our customers talk about this, how they had to change the way they were thinking and so that the kind of common obvious symptom that you see about this today is people saying ‘we had a whole bunch of manual testers and so we’ll build a whole strategy on recording what they do and playing it back and building from there. And this is just fundamentally the wrong approach,” said Arthur Hicken, chief evangelist at Parasoft. 

Another challenge is that automated tests can become incredibly time-consuming to maintain due to the sheer number of tests that are generated. 

“The largest issue is that once a person builds 300 tests, it becomes a full-time job to maintain those tests and you hit the ceiling,” Artem Golubev, CEO at testRigor said. “Coupled with the fact that budgets are limited, people just can’t build more automations.” 

Golubev added that this difficulty to maintain all automated tests is the main reason why the majority of tests are still executed manually today. Automating tests can also be futile if it’s focused on the wrong areas. 

“QA teams are spending 80% of their weeks maintaining scripts due to rapidly changing UIs, instead of focusing on growing functional test coverage or expanding the types of testing they are doing on their application, such as accessibility or performance testing,” mabl’s Farris said. 

“I believe the testing pyramid is built on false assumptions that have never been correct in the first place,” Golubev said. “In a perfect vacuum, of course this is how things work and there are maybe one or two companies which have done it that way. In a real scenario, it’s always been more of an hourglass shape of testing.” 

He explained that this is because engineers who mostly write unit tests are very unlikely to contribute to end-to-end tests, very few engineers would write integration tests since they are such a pain to maintain, and there would be a lot of end-to-end tests where you have people working on them full-time. 

While the integration test value is to make sure that the system integrates properly, it doesn’t matter if you enter and the system doesn’t work properly, Golubev continued. End-to-end tests are actually the ones covering integration because those tests are the test which will prove that your system is usable by your end users.

“Let’s say you’re logging into a banking application and they can’t transfer money from account A to account B, then it does not matter. Even if all your integration tests are green and all your unit tests pass through it, it’s completely useless,” Golubev said. “So the most important tests are end-to-end tests, only then can that system function as intended. And therefore end-to-end tests should be the bulk of the tests that are done.”

The best way to then optimize end-to-end tests to make them run faster is to prioritize because end-to-end tests will inherently be much slower than unit tests. 

“With every type of testing in the organization, people need to assess whether they need to really leverage automation? Is it worth it? Is it something that will be repeated over and over that changes continuously? If you have to run a test, the same test more than three, four times you start asking yourself, well, maybe I should automate this,” Forrester’s Lo Giudice said. “So I don’t think 100% is what customers will achieve and will keep it more towards 80% as I said.”

One of the most efficient ways to make sure that all testing resources are aligned correctly is to align as a team on a testing strategy by starting with the most critical test cases that will ensure a high quality application experience for users, according to mabl’s Farris. This can be done by taking on a few test cases at first, then layering in additional test cases over time.

One way to do this is to create a quality center of excellence or a “quality champion” in an organization. This person or group is a testing expert who can advise and coach everyone from developers to product owners on testing best practices, Farris explained. Some of the manual testing is changing too because of the increasing use of exploratory testing, Lo Giudice explained. This type of manual testing is where the tester sits down with the developer and they work out the issues together. The tester puts the application through certain scenarios, the developer sees the problems and tries to fix them, and they take about two hours a day like that. 

The structure around automated testing is shifting

Both companies’ attitudes towards testing and who gets involved have shifted. As testing becomes more federated, you no longer have a centralized team that does all the testing as an afterthought, according to Lo Giudice. 

Now, there are testers that are moving into the development teams and the product teams to get all of the testing done together. And so what remains in the central team is specialized testing resources that maybe choose the tools that define what the new practices would look like, whether that’s shifting testing to the left or suggesting test-driven development or behavior-driven development. 

The test center is now much smaller working in consulting with the teams but testers move into the team itself, Lo Giudice explained. 

“So the typical manual tester that used to put a test case in an Excel sheet and run it through the application looking at what the test case told him to do suddenly now finds himself with a tool that is quite technical where he needs to write code to automate what he was doing manually,” Lo Giudice said. To solve this, there’s a trend among vendors to raise the level of abstraction of the tools so that a manual tester or even a person on the business side can test using a low code testing tool. 

Then come the technologies, platforms, and tools because after all, an organization needs testing tools that are integrated into CI/CD pipelines with the rest of the development and delivery tools that integrate with CI servers effectively on the cloud. 

“The point really is that testing takes a village and it takes all these different personas in an organization: business tester, and a subject matter expert in testing who is technical but not a coder, and developers that also may be doing API testing, lower level infrastructure testing within their IDE at a very technical level,” Lo Giudice said. 

According to testRigor’s Golubev, the directors of QA will benefit the most from automated testing since they’ll be able to cover far more functionality faster than they ever could before. However, engineers, manual testers, and product management will also be able to benefit from automated testing tooling since they’ll be able to collaborate together on the same tool. 

Previously, it was companies in the banking and health sectors that have been getting automated testing right but now it’s organizations like Lenovo or Volkswagen that have these 

highly complex software test, build, and deploy systems that are the envy of anybody, Parasoft’s Hicken said. Ultimately, it’s one of the things companies are going to do because that is what they’re competitors are moving toward.

AI helps with various levels of testing 

When you send data of all the tests that passed: the log files, the bugs and feed them to AI it can start telling you what you need to test and how when there’s a change coming. It also helps to tell whether to run all of the tests or just to select the few ones that will be impacted by the change. 

There have been impressive improvements in the vision and computer vision space to enable visual testing, Lo Giudice said. There’s a tool out there that sees what the human eye does when looking at the application and will notice things that are going wrong. It can also do it on types of applications that move very fast that the human eye can’t capture. 

One can also teach AI to not fail tests in certain scenarios to help with self-healing. For example, tests can sometimes fail simply because an object moved on the screen differently on the same application on a browser, and then on a mobile device because the layout might change and it’s not necessarily a bug. And so one can now teach the algorithm to not fail the test even though it’s not in the same position because it can find the locator of that object in some other place, Lo Giudice explained. 

There are also AI models that help minimize tests to solve the maintenance problem.

“This is the idea of the AI guiding a person to create tests that are more stable. The Holy Grail is that you create a set of tests that maximize coverage, but minimize the number of tests so that you have less to maintain, and that they’re not brittle,” Hicken said. “You want tests that have proper levels of abstraction, so that you aren’t spending more on keeping them alive than you were in creating them in the first place.”

Also with error clustering, AI can help find and classify bugs in a way that a tester can quickly recognize the bug and can suggest the right developer to fix the bug to reduce mean time to repair. It can use data from production to find out what are the most frequently used features within that application. There’s even a tool that generates unit tests as you code, which Forrester refers to as the tester Turing bot. 

“AI can also support the execution of more stable tests. For example, tests running in the cloud can execute almost too fast, before your application is in a loaded state,” mabl’s Farris said. “It applies intelligence that can slow down or speed up the execution of your tests by automatically adjusting wait times.”

“So AI is infusing along the entire software development lifecycle. And testing is one of the stages where it’s actually more mature than any other stage of the development lifecycle,” Forrester’s Lo Giudice said. 

To read how providers are helping with automated testing initiatives, click here. To read the guide to automated testing tools, click here.

The post While automated testing has rebounded this year, it still has a long way to go appeared first on SD Times.

]]>
A guide to release automation tools https://sdtimes.com/ai/a-guide-to-release-automation-tools-2/ Mon, 03 Oct 2022 14:13:38 +0000 https://sdtimes.com/?p=49076 The following is a listing of API management tool providers, along with a brief description of their offerings. HCL Accelerate is a data-driven value stream management platform that automates the delivery and interpretation of data so businesses can make faster, more strategic decisions and streamline processes. By integrating with the tools you’re already using, HCL … continue reading

The post A guide to release automation tools appeared first on SD Times.

]]>
The following is a listing of API management tool providers, along with a brief description of their offerings.

HCL Accelerate is a data-driven value stream management platform that automates the delivery and interpretation of data so businesses can make faster, more strategic decisions and streamline processes. By integrating with the tools you’re already using, HCL Accelerate aggregates data from across your DevOps pipeline to give you actionable insights so you can get the most out of your DevOps investments. HCL Accelerate is part of HCL Software DevOps, a comprehensive DevOps product suite comprised of powerful, industry-proven software solutions.

Octopus Deploy sets the standard for deployment automation for DevOps. We help software teams deploy freely – when and where they need, in a streamlined, routine way. More than 3,000 organizations and 350,000 users worldwide use its universal deployment automation tool and framework to make their complex deployments easy. From modern containers and microservices to trusted legacy applications, Octopus orchestrates software delivery in data centers, multi-cloud, and hybrid IT infrastructure. 

Atlassian: Bitbucket Pipelines is a modern cloud-based continuous delivery service that automates the code from test to production. Bamboo is Atlassian’s on-premises option with first-class support for the “delivery” aspect of Continuous Delivery, tying automated builds, tests and releases together in a single workflow. 

CA Technologies, A Broadcom Company: CA Technologies’ solutions address the wide range of capabilities necessary to minimize friction in the pipeline to achieve business agility and compete in today’s marketplace. These solutions include everything from application life cycle management to release automation to continuous testing to application monitoring—and much more. 

Chef: Chef Automate, the leader in Continuous Automation, provides a platform that enables you to build, deploy and manage your infrastructure and applications collaboratively. Chef Automate works with Chef’s three open-source projects; Chef for infrastructure automation, Habitat for application automation, and Inspec for compliance automation, as well as associated tools. 

CloudBees: The CloudBees Suite builds on continuous integration and continuous delivery automation, adding a layer of governance, visibility and insights necessary to achieve optimum efficiency and control new risks. This automated software delivery system is becoming the most mission-critical business system in the modern enterprise.

Digital.ai: The company’s Deploy product helps organizations automate and standardize complex, enterprise-scale application deployments to any environment — from mainframes and middleware to containers and the cloud. Speed up deployments with increased reliability. Enable self-service deployment while maintaining governance and control.

GitLab: GitLab’s built-in continuous integration and continuous deployment offerings enable developers to easily monitor the progress of tests and build pipelines, then deploy with the confidence across multiple environments — with minimal human interaction. 

IBM: UrbanCode Deploy accelerates delivery of software change to any platform – from containers on cloud to mainframe in data centers. Manage build configurations and build infrastructures at scale. Release interdependent applications with pipelines of pipelines, plan release events, orchestrate simultaneous deployments of multiple applications. 

LaunchDarkly: is a feature management platform that empowers all teams to safely deliver and control software through feature flags. By separating code deployments from feature releases, LaunchDarkly enables you to deploy faster, reduce risk, and iterate continuously. Over 1,500 organizations around the world — including Atlassian, IBM, and Square — use LaunchDarkly to control the entire feature lifecycle from concept, to launch, to value.

Micro Focus: ALM Octane provides a framework for a quality-oriented approach to software delivery that reduces the cost of resolution, enables faster delivery, and enables adaptability at scale. Deployment Automation seamlessly enables deployment pipeline automation reducing cycle times and providing rapid feedback on deployments and releases across all your environments.

Microsoft: Microsoft’s Azure DevOps Services solution features Azure Pipelines for CI/CD initiatives; Azure Boards for planning and tracking; Azure Artifacts for creating, hosting and sharing packages; Azure Repos for collaboration; and Azure Test Plans for testing and shipping.  

Puppet Enterprise offers full life-cycle infrastructure management, including configuration management.  Puppet Enterprise creates end-to-end infrastructure automation from the build process through continuous operations (with ongoing patching and policy enforcement) to end-of-life while removing manual/repetitive steps throughout the operational process.

VMware: With VMware Tanzu, you can automate the delivery of containerized workloads, and proactively manage apps in production. It’s all about freeing developers to do their thing: build great apps. Enterprises that use Tanzu Advanced benefit from developer velocity, security from code to customer, and operator efficiency.

The post A guide to release automation tools appeared first on SD Times.

]]>
How these solution providers support release automation https://sdtimes.com/ai/how-these-solution-providers-support-release-automation/ Mon, 03 Oct 2022 14:08:54 +0000 https://sdtimes.com/?p=49071 We asked these tool providers to share more information on how their solutions help companies with automated testing. Their responses are below. HCL Software Ryley Robinson, product marketing manager at HCL Software HCL Accelerate with HCL Launch is an enterprise grade continuous release orchestration solution within the powerful HCL DevSecOps tool chain. HCL Accelerate is … continue reading

The post How these solution providers support release automation appeared first on SD Times.

]]>
We asked these tool providers to share more information on how their solutions help companies with automated testing. Their responses are below.

HCL Software

Ryley Robinson, product marketing manager at HCL Software

HCL Accelerate with HCL Launch is an enterprise grade continuous release orchestration solution within the powerful HCL DevSecOps tool chain. HCL Accelerate is the Value Stream Management product with broad release management capabilities. With HCL Accelerate’s plugins that can integrate to any deployment solution through native plugins or through API-driven-pipeline, enterprises can easily orchestrate their complex releases through HCL Accelerate.

As enterprises break their monolithic applications into cloud-native microservices, it becomes even more important to have the releases orchestrated through an enterprise grade release management product like HCL Accelerate that can understand the dependencies, complexities, and all-or-nothing deployment strategies. 

HCL Accelerate provides the automated governance for the release orchestration with data-driven insights. Accelerate as a Value Stream Management tool and as a release orchestrator has deep insights into DevOps processes and can help enterprises to identify the bottlenecks even before individual teams realize the pain. HCL Accelerate provides visibility of the entire pipeline and provides a bird’s eye view of where and when the changes that would hugely impact the business are in the delivery pipeline. Accelerate also provides full visibility for developers on the impact of the changes that they are working on. 

HCL Accelerate working with HCL Launch provides the best-in-class release management / deployment automation solution out there. With HCL Launch’s “deploy from anywhere to anywhere” capabilities, enterprise DevOps teams are delighted to find they can automate deployments to a broad mix of environments such as mainframes, microservices, on-prem, public, private, and hybrid cloud. HCL Launch works everywhere with a massive plugin site that includes over 300 integrations and easily connects source configuration repositories, change management systems, or middleware. 

Octopus Deploy 

Colin Bowern, senior vice president of product at Octopus Deploy

Octopus Deploy is the universal deployment automation company. We help software teams deploy software in a continuous and stress-free way. 

Octopus simplifies complex deployment processes allowing software solutions to be delivered faster and in a unified way to various deployment environments. Octopus Deploy addresses the needs of enterprise organizations which no longer need to choose between the speed and the quality of their software deployments. It also provides robust permission and auditing capabilities to ensure internal and external compliance. Octopus Deploy integrates out-of-the-box with leading CI/CD solutions to streamline deployment pipelines and to provide additional value to organizations’ existing systems, such as ITSM services such as Jira and ServiceNow.

Based on its work with more than 350,000 IT professionals, Octopus Deploy has seen firsthand how the success of DevOps aligns with great deployment automation practices. It helps enterprise DevOps teams deploy software more effectively by eliminating error-prone manual processes associated with software change management and provides insights into DevOps performance based on the four DORA metrics.

Octopus Deploy is offered as both a self-hosted and SaaS offering. As part of the growing trend toward moving to SaaS in the DevOps tooling space, the company is committed to making Octopus trustworthy, secure and scalable.   

The post How these solution providers support release automation appeared first on SD Times.

]]>
Release automation: Key to winning the time-to-market race https://sdtimes.com/ai/release-automation-key-to-winning-the-time-to-market-race/ Mon, 03 Oct 2022 14:01:23 +0000 https://sdtimes.com/?p=49064 As the number of components that organizations have to manage throughout their application delivery process grows, companies are looking to get more from their application release automation (ARA) platforms. These platforms can help organizations automate the process of releasing software applications and may include tools for managing code changes, deployments, testing, and other aspects of … continue reading

The post Release automation: Key to winning the time-to-market race appeared first on SD Times.

]]>
As the number of components that organizations have to manage throughout their application delivery process grows, companies are looking to get more from their application release automation (ARA) platforms. These platforms can help organizations automate the process of releasing software applications and may include tools for managing code changes, deployments, testing, and other aspects of the release process.

Today, nearly all (90.5%) organizations are releasing features with a lead time of a month or less, which increased by 26 percentage points from 2020. In addition, organizations that are delivering features in 1-2 weeks doubled between 2020 and 2021, according to IDC’s U.S. Accelerated Application Delivery Survey from January 2022. 

Pushing applications through to production has led to many difficulties for organizations, from consuming a lot of time to resulting in a lot of errors, especially when there are a lot of applications to release.

“Enterprises are now looking to automate the deployment of applications that have a hybrid tech stack, as well as multiple microservices with heavy version dependencies,” said Ryley Robinson, product marketing manager at HCL Software. “For example, this can be a single application with some on-prem deployments, legacy deployments on mainframes, IBM iSeries, and some cloud deployments across different hyper scales.”

On top of that, enterprises want to do all-or-none, canary, blue-green, rolling, and/or A/B deployments – all from a single ARA solution. 

“Organizations have automated most of their deployment processes, but they still need to understand that organizations always go through modernization initiatives on their business-critical applications to remove the technical debt and to get the benefit of the latest innovations in the technology world,” Robinson said. “So, release automation is not something that is ‘done once and forget it.’ It is an ongoing process that evolves every week, every month. It is still automated, but there is still a lot to do.”

Three areas to start ARA

Despite its name that suggests its position at the end of a pipeline, release automation can excel in three different areas, according to Colin Bowern, senior vice president of product at Octopus Deploy.

The first is the whole non-production flow, which is where a lot of people get started with release automation. Errors here will have a minimal impact if one gets it wrong.

“This is stuff that you do on a very regular basis, and if you’re coming from a world of manual steps, or fragile scripts, it’s like, boy, it would be a whole lot easier if every time I commit a change to source control, it gets deployed out to a test environment,” Bowern said. “So for a lot of folks, this is the safest way that you can get started.” 

Production, on the other hand, tends to be the second stage, but it’s also where the greatest ROI on release automation comes from, according to Bowern. 

Before release automation, all of an application’s stakeholders had to be on deck for the release in case something went wrong.

The goal of ARA is to make application releases as orderly and stress-free as possible. After all, the process used to deploy to production is the same as the one used to deploy to non-production environments,, Bowern added. 

ARA can automate all of the things that happen on an ad-hoc or scheduled basis around an environment, such as running the troubleshooting, resetting databases, or running scripts. 

While adoption of ARA still has a long way to go, many organizations that decide to leave their manual ways behind first have a bad deployment and realize that they’re down in the pit with an hours-long, human-error-prone process and think there has to be a better way, Bowern said. 

Others decide that they can just use their CI workflow automation tool because it does the builds and the tests. “While it’s a great place to get started when things are very simple, CI tools don’t understand environments. They don’t understand how to do rollbacks. To work around this, teams will kind of get some consistency by creating reusable workflows, but all of that custom logic and variables and stuff like that creeps in, and it becomes really hard to reuse across projects and is hard to maintain,” Bowern added. 

The third scenario is that people come from stack-specific CD tools such as Kubernetes or Argo, or any tools that were purpose-built for an environment and do it really well. 

“These are great quickstarts to help you do the right thing early inside your stack, but they were designed for that stack and that stack alone, and if you want to deploy your wider enterprise portfolio of apps, you won’t do that on Argo, or if you do, you’ll have to hack around it to make it happen,” Bowern said. 

Many organizations have to juggle multiple tech stacks, data centers, and multiple cloud providers, so ARA helps to work around some of those stack-specific tools and ensure compliance on deployment type, whether it’s .NET, Java, node, VMs, containers, or serverless, Bowern explained. 

“You can find out whether you need to improve flow just by going and talking to the engineers on the team. The question I love to ask is if I needed you to deploy something to production today, a small change that was blocking the business, is that a big deal?,” Bowern said. “If the answer is yes, which you’d be surprised to find can be ‘I have to go sign off on this form’ or ‘I have to schedule this window,’ that’s the thing you need to first get rid of so you don’t have that friction and can go on your improvement journey.”

Moving forward, ARA vendors are looking to incorporate or expand on existing AI/ML to handle tasks ranging from automatic code generation with tools like GitHub’s Copilot to testing and deployment  to help address increased software velocity and the complexity of multi-modal deployment platforms, according to Melinda-Carol Ballou, research director of Agile ALM, Quality, and Portfolio Strategies at IDC. 

How microservices affect ARA

ARA has turned out to be particularly useful alongside the growth of microservices, Octopus Deploy’ss Bowern explained. 

“We’ve certainly observed and we hear this because teams started asking us for dependency management, ‘How do I make sure project A doesn’t go out the door before project B?’ And so we see people struggling as they adopt microservices to get that true independence model, and they end up trying to orchestrate different components shipping at different times,” Bowern said. 

Some companies decide that the added complexity that comes with microservices is not worth it, and they instead embrace the monolith where all dependencies are synchronized because it’s all shipped as one big box, according to Bowern. 

Microservices need the concept of snapshots where different versions of different microservices are grouped and tested. A good ARA solution should be able to guarantee that a snapshot containing dependent versions of microservices gets deployed properly and should also be able to assure that what is tested together is deployed together, according to HCL’s Robinson. 

ARA is a process within continuous deployment

The process of ARA is a vital part of continuous deployment, which should be treated as a set of philosophies and principles, Octopus Deploy’s Bowern said. 

Continuous delivery is all about not letting changes sit idly so that they build up into big batches. It says that you’re reducing risk by releasing regularly into the various environments along the way and getting changes moving. 

“And so if you take that as a philosophy, release automation is a really critical tool in that, because you can’t get that speed and do it manually,” Bowern said. “We continually hear from customers that it takes them hours to deploy because it’s not just copying a binary to a server. 

It’s all the steps you need to do to migrate to the database, or bring a load balancer down, and these are all the same things you did last week, or yesterday, or last month. And so automation is truly a part of living that philosophy of continuous delivery, not whether you deploy to production every day.” 

Effective ARA relies on visibility into what’s happening in requirements, development and testing, according to HCL’s Robinson. On top of that, teams need data from quality assurance products like functional, performance, and application security. 

A strong set of plugins can help release managers make the go/no-go decisions. Instead of having multiple manual checklists in spreadsheets, if the release management solution can provide automatic gating based on quality criteria by pulling data from multiple sources, it makes it easy to release software with confidence, Robinson added. 

ARA is also a vital component of value stream management (VSM) where there are huge benefits to having one orchestrator across different middleware, Robinson stated. This can make it easy for the development and operations teams to get going on day one using pre-built templates instead of spending time automating release management for each application. 

ARA tools come with some challenges

However, release automation tools don’t come without some challenges. 

There is a lack of standardization in the field and no one-size-fits-all release automation tool. Each organization has different needs, and no one tool can meet all of them.

Companies that have stalled in the middle of their DevOps journey have failed to address or understand the cultural, organizational, and process changes required to adopt a new way of working with technology. 

These companies invested in automation, with 67% of mid-evolution respondents to Puppet’s 2021 State of DevOps report saying their team has automated most repetitive tasks. But, as an organization, they haven’t addressed the silos and misaligned incentives around deploying software to production that gave rise to the DevOps movement, since 58% of companies reported that multiple handoffs between teams are required for deployment of products and services.

However, the biggest barriers are often cultural and organizational, because effective release automation demands a transition to continuous, agile approaches to development and release management, according to IDC’s Ballou.

“That transition involves a significant shift in how people do what they do, and human beings are way more wired for consistency than we are for change,” Ballou said. “The coordination between business stakeholders and those creating the software enabled by effective agile approaches brings greater relevance to what is deployed.” 

DevOps engineers have to get the balance right 

Whereas developers are usually at the forefront of adopting ARA on the non-production side, when things get more complicated with the service management system, that’s when DevOps engineers typically come onto the scene. 

“They’re a little bit developer and a little bit SRE and their job is to come in and be those experts that help teams go faster on this because teams aren’t used to automating, they’re just used to cutting code,” Octopus Deploy’s Bowern said. “So the DevOps engineers have the kinds of skills that say that my job now is not to understand how to architect applications, but how to get things moving faster.”

Many organizations have a centralized DevOps Center of Excellence (CoE) that maintains the templates for different ARA strategies and the individual application teams benefit from these templates with enough space to do their customization when needed. There is also a huge benefit in sharing the learning across teams in an enterprise and CoEs help with that.

The post Release automation: Key to winning the time-to-market race appeared first on SD Times.

]]>
A guide to API management tools https://sdtimes.com/api/a-guide-to-api-management-tools-2/ Thu, 01 Sep 2022 18:04:12 +0000 https://sdtimes.com/?p=48759 The following is a listing of API management tool providers, along with a brief description of their offerings.  Apigee is an API management platform for modernizing IT infrastructure, building microservices and managing applications. The platform was acquired by Google in 2016 and added to the Google Cloud. It includes gateway, security, analytics, developer portal, and … continue reading

The post A guide to API management tools appeared first on SD Times.

]]>
The following is a listing of API management tool providers, along with a brief description of their offerings. 

Apigee is an API management platform for modernizing IT infrastructure, building microservices and managing applications. The platform was acquired by Google in 2016 and added to the Google Cloud. It includes gateway, security, analytics, developer portal, and operations capabilities.

Akana by Perforce provides an end-to-end API management solution for designing, implementing, securing, managing, monitoring, and publishing APIs. The Akana API Platform helps you create and publish secure, reliable APIs that are elegant, easy to consume, built the right way, and running as they should be to improve the customer experience and drive growth in your business.

Boomi’s API management solution provides a unified and scalable, cloud-based platform to centrally manage and enrich API interactions through their entire life cycle. With Boomi, users can rapidly configure any endpoint as an API, publish APIs on-premises or in the cloud, manage APIs with traffic control and usage dashboards.

CA Technologies, a Broadcom company, helps customers create an agile business by modernizing application architectures with APIs and microservices. Layer7 API Management provides the most trusted and complete capabilities across the API life cycle for development, orchestration, security, management, monitoring, deployment, discovery and consumption.”

CData: Connect, Integrate, and Automate your enterprise data.  At CData, we simplify connectivity between all of the applications and data sources that power business operations, making it easier to unlock the strategic value of your data.   By focusing on established standards for data access, our solutions plug into all of the business applications that you use today (like BI, Reporting, ETL, & Integration) and connect them with live data from just about anywhere. 

RELATED CONTENT: Security and integration are key concerns for API management 

Cloud Elements delivers an API integration platform on three pillars: “Elements” unify APIs with enhanced capabilities for authentication, discovery, search, error handling and API maintenance. “Formulas” combine those Elements to automate business processes across applications. “Virtual Data Hubs” provide a normalized view of data objects.

IBM API Connect on IBM Cloud is an API life cycle management offering that allows any organization to secure, manage and share APIs across cloud environments — including multi-cloud and hybrid environments. 

Kong delivers a next-generation API and service life cycle management platform designed for modern architectures, including microservices, containers, cloud and serverless. Kong is building the future of service control platforms to intelligently broker information across services.

Microsoft’s Azure API Management solution enables users to publish, manage, secure and analyze APIs in minutes. It features the ability to create an API gateway and developer portal quickly, ability to manage all APIs in one place, provides insights into APIs, and connects to back-end services. 

MuleSoft’s Anypoint API Manager is designed to help users manage, monitor, analyze and secure APIs in a few simple steps. The manager enables users to proxy existing services or secure APIs with an API management gateway; add or remove pre-built or custom policies; deliver access management; provision access; and set alerts so users can respond proactively.

Nevatech Sentinet is an enterprise class API management platform written in .NET that is available for on-premises, cloud and hybrid environments. Sentinet supports industry SOAP and REST standards as well as Microsoft-specific technologies and includes an API Repository for API Governance, API versioning, auto-discovery, description, publishing and Lifecycle Management.

Oracle‘s API Platform Cloud Service provides an end-to-end service for designing, prototyping, documenting, testing and managing the proliferation of critical APIs.

Postman is a collaboration platform for API development, used by more than 7 million developers and 300,000+ companies worldwide. Postman allows users to design, mock, debug, test, document, monitor, and publish APIs – all from one place. 

The Progress DataDirect Autonomous REST Connector offers intelligent data connectivity to API sourced data from SQL based applications such as BI, Analytics, and ETL tools

With Autonomous REST Connector organizations can expect:

  • Reduced time/effort to adopt APIs and services 
  • Continued value from existing analytic and reporting tools when moving to APIs and services
  • Reduced risk of vendor lock-in and poor data quality
  • The ability to simplify and accelerate the adoption of your own APIs.

Red Hat 3scale API Management gives control, visibility and flexibility to organizations seeking to create and deploy an API program. It features comprehensive security, monetization, rate limiting, and community features that businesses seek backed by Red Hat’s solid scalability and performance.

SmartBear Software empowers users to thrive in the API economy with tools to accelerate every phase of the API life cycle. SmartBear is behind some of the biggest names in the API market, including Swagger, SoapUI and ReadyAPI With Swagger’s easy-to-use API development tools, SoapUI’s automated testing proficiency, AlertSite’s API-monitoring and ReadyAPI’s mocking and virtualization capabilities, users can build, test, share and manage the best performing APIs.

SnapLogic Lifecycle API Management is an end-to-end solution designed for managing, scaling and controlling API consumption quickly, seamlessly and securely. Features include request/response transformations, API traffic control and productization, OAuth2 authentication support, advanced API analytics, threat detection, and the developer portal.

TIBCO Cloud Mashery is a cloud-native API management platform that can be deployed anywhere, either as a SaaS service or containerized in cloud-native and on-premise environments. Mashery delivers market-leading full life cycle API management capabilities for enterprises adopting cloud-native development, and its capabilities includes API

 

The post A guide to API management tools appeared first on SD Times.

]]>
Security and integration are key concerns for API management https://sdtimes.com/api/security-and-integration-are-key-concerns-for-api-management/ Thu, 01 Sep 2022 17:57:26 +0000 https://sdtimes.com/?p=48756 The use of APIs has skyrocketed over the years and with organizations using so many different types of APIs on a normal basis, API management has become essential for managing the API attack surface.  Fifty-one percent of respondents said that more than half of their organizations’ development effort is spent on APIs—compared with 40% of … continue reading

The post Security and integration are key concerns for API management appeared first on SD Times.

]]>
The use of APIs has skyrocketed over the years and with organizations using so many different types of APIs on a normal basis, API management has become essential for managing the API attack surface. 

Fifty-one percent of respondents said that more than half of their organizations’ development effort is spent on APIs—compared with 40% of respondents in 2020 and 49% last year, according to the 2022 State of the API Report that surveyed 37,332 developers and API professionals and included aggregated data from the Postman API Platform over approximately four weeks in June and July 2022. 

“This year, we found not only are most organizations’ development efforts focused on APIs, but firms that go even further and establish an API-first approach tend to outperform and have a more optimistic business outlook. As organizations navigate an uncertain economy, API-first strategies are becoming the backbone that allows organizations to respond rapidly and seamlessly,” said Abhinav Asthana, co-founder and CEO of Postman. 

Despite two-thirds of C-level executives in the study thinking that the economy is turning sour, the vast majority say that API investment is par for the course and will even grow in the next year. 

This vast expansion has led companies to be more API consumers than producers, which has amped up the need for API management to handle many of the tasks surrounding APIs more than ever before. 

If Plato had to decide what the ultimate Form of API management is, it would probably be something along the lines of a process that oversees all APIs in a secure, scalable environment with tools and services that enable developers to build, deploy, secure and manage APIs. However in practice, this has proven to be very difficult. 

So much so that Gartner research estimates that by 2025, less than half of enterprise APIs will be managed, as explosive growth in APIs surpasses the capabilities of API management tools and “security controls try to apply old paradigms to new problems.”

RELATED CONTENT: A guide to API management tools

Security is a major concern for API management

While on the one hand, API management problems stem from the sprawl of APIs, the other problem is that the platforms that these companies are using were built around the concept of a single gateway, according to Mark O’Neill, a VP analyst and chief of research for software engineering at Gartner. 

“[With a single gateway], you put an API gateway in your architecture, and you try to funnel your API traffic through that gateway and the problem with that architecture is, when organizations have lots of different teams and applications that are producing and consuming APIs, there’s no one place to put the gateway,” O’Neill said. “And of course, if you’re using multiple cloud platforms, it’s even worse. On the one hand, the sprawl, on the other hand, you have many API management products that are outdated in their architecture.”

In its recent Magic Quadrant, Gartner included API management tools that weren’t tied to a particular gateway – to the surprise of some people. 

“The reason for that is because we now see this multi-gateway world being a reality. We hear people talk about what we would call the ‘Bring Your Own Gateway’ model, where you already have a gateway, but you need the API lifecycle management that goes with that,” O’Neill added.

At the same time, some of the traditional API management vendors start to add at least verbal support for other gateways.

All in all, the two things that are essential to managing API security are strong inventory and real-time discovery to gain visibility into APIs. Although there are some specialized security controls, their API discovery features are limited and don’t have the application logic awareness to create relevant security policies, according to Gartner’s research. 

“For APIs, this means that application security teams will deploy perimeter controls with threat inspection capabilities, but will be limited to generic policies and detection signatures,” the research stated.

The API management tools that are so focused on a single gateway actually leave many APIs exposed. 

In a lot of scenarios in a typical modern web application stack where one has their front end using React, Angular, or another frontend framework and a lot of APIs in the backend, there usually isn’t a gateway in between, O’Neill explained. Although it would not make sense to put a heavyweight gateway there, those API’s often are falling victim to attack because people reverse engineer the front end, and they directly access the APIs. In many cases of breaches, affected APIs were not even going through an application firewall.

API management encompasses a wide variety of APIs

There’s a wide range of APIs that companies use to carry out business tasks on a daily basis: internal APIs to represent coarse- and fine-grained service interfaces, data elements, and private and public APIs. Most organizations are also net consumers of APIs, notably third-party APIs – while convenient, these can pose security and dependency issues. 

By 2025, Gartner predicts that the percentage of third-party APIs used in applications will average 30%, up from less than 10% in 2021, complicating dependency management. 

“The first thing you should do is get visibility of your APIs and understand the attack surface by discovering all your APIs,” O’Neill said. 

Then there are really two choices, O’Neill explained. One is to put API gateways everywhere and the API management vendors are adapting to this by adding the functionality where they can have distributed API management. The other approach is to tell developers that they’re free to use the API gateway that comes with the platform that they’re building the APIs on, whether that’s the Amazon API Gateway, Azure API Gateway, etc. 

“The developers are happy to use the API management that comes with the platform. But of course, the problem then is, you need to have a way to do the overall management of the APIs and to have a consistent way that you’re doing security and consistent design for those APIs,” O’Neill explained. 

Another challenge with API management is that getting higher-ups on board to invest in API security can be a hard sell for software engineering leaders. Many organizations continue to believe that general-purpose API management tools sufficiently address API security. By the time the security team gets funding and builds an RFP for a product, hundreds of APIs might already be in production, Gartner’s research continued.

The lackadaisical security surrounding APIs are also ironically the strength of APIs that led them to be so popular in the first place according to O’Neill. 

“So it’s like a Greek or Roman tragedy in that APIs are designed to enable quick and easy access to data or access to application functionality. But from a security point of view, of course, those are concerns. If you’re making it easy to access your data and application functionality, then the worry is you’re making it easy for malicious entities to access your data and your applications,” O’Neill said. 

Not just a developers’ game

The 2022 State of the API Report found that there was an almost even split with developer and non-developer roles as to who worked with APIs in an organization.

Full stack developers were the largest single group at 25% of respondents, down slightly from last year’s 27%. Backend developers showed a bit stronger representation at 19%, compared with 17% in 2021. Meanwhile, the non-developers included CEOs, business analysts, customer success staff, and more. 

“Historically, it has been development teams – either the developers themselves would make the choices regarding API management, or the organization has had an API Center of Excellence, an overall API platform team, or sometimes that would be part of it a digital team that managed the APIs,” O’Neill said.  

More recently, security teams have realized that APIs are a major point of weakness and  vulnerability.

“They are telling us that they want to take control of API security. They don’t trust that either the developers or the API teams, such as API Centers of Excellence, are strong enough on security, to protect APIs,” O’Neill said. “So we’ll see this trend where security teams want to educate themselves about API security and take control of that in the same way that they’re protecting web, mobile and other types of applications.”

Integration is key 

The biggest factor in companies deciding whether to consume or produce APIs, according to the 2022 State of the API report, is how well they integrate with internal apps and systems.  This corresponds to the report’s finding that the number of integrated APIs across enterprise teams has jumped twentyfold. 

“As more companies recognize APIs as the building blocks of modern software, API tools and services are evolving to meet their needs. These offerings span the API lifecycle, including design, testing, and security. They also include repositories for source code, API gateways, application performance monitoring, and CI/CD—all of which must integrate with API platforms to achieve optimal results,” the report stated. 

Integrating APIs can be tricky as users must first define inputs and outputs, and may also have to configure the authentication settings. It can also be a barrier to entry for non-technical users. 

Demands for API integration in highly regulated industries have had a big impact in driving the usage of APIs, according to O’Neill. 

“The most famous instance is around open banking. So it started in the UK and Europe and then in many other parts of the world there have been open banking regulations. Number one, that required banks to have APIs and then of course being banks they’re naturally concerned about security,” O’Neill said. “But then also, many of the regulations have quite complex requirements for how the access to the APIs is managed. Open banking is all about putting the customer in charge of how their banking information is accessed. That brings in the standards like OAuth and OpenID Connect, so it drives the usage of API management products that support those.” 

In the healthcare industry, the United States requires healthcare payers and providers to have API-based integrations as well. This is another field where there is a big focus around security, particularly related to privacy where APIs are being used to access customer information.

“Open banking and healthcare regulations continue to move around the world and become more mature. And that’s been a big driver of API management,” O’Neill said. 

The post Security and integration are key concerns for API management appeared first on SD Times.

]]>
A guide to Agile tools https://sdtimes.com/softwaredev/a-guide-to-agile-tools-2/ Mon, 01 Aug 2022 14:11:21 +0000 https://sdtimes.com/?p=48431 The following is a listing of Agile tool providers, along with a brief description of their offerings.  ValueOps by Broadcom Software delivers on the promise of value stream management (VSM) as the first to combine business and investment-oriented product management with advanced, operationally-focused agile planning and management capabilities. The integration of Broadcom’s proven Clarity and … continue reading

The post A guide to Agile tools appeared first on SD Times.

]]>
The following is a listing of Agile tool providers, along with a brief description of their offerings. 


ValueOps by Broadcom Software delivers on the promise of value stream management (VSM) as the first to combine business and investment-oriented product management with advanced, operationally-focused agile planning and management capabilities. The integration of Broadcom’s proven Clarity and Rally Software Agile management products enables every role within an enterprise to fund, manage, track and analyze unified value streams with a consistent value orientation and methodology. Combining these leading-edge products as one comprehensive VSM solution delivers crucial insights tailored to meet the needs and requirements of each discipline. It aligns teams across the enterprise, increasing alignment, reducing inefficiencies, and improving time to value.

Atlassian offers Jira Software, a software development tool used by agile teams. As an agile project management tool, it helps teams plan, track and move work forward. Atlassian’s Jira Align extends the power of teams working in Jira by connecting business strategy to technical execution while providing real-time visibility at enterprise scale. It allows enterprises to aggregate team-level data and makes all work visible across the organization in real-time.

Azure DevOps is Microsoft’s suite of DevOps tools designed to help teams collaborate to deliver high-quality solutions faster. Agile teams can utilize the solution to plan, track and discuss work as well as use Scrum-ready and Kanban-capable boards. Other features include Azure Pipelines for CI/CD initiatives; Azure Boards for planning and tracking; Azure Artifacts for creating, hosting and sharing packages; Azure Repos for collaboration; and Azure Test Plans for testing and shipping.

RELATED CONTENT: Agile is the perfect antidote to Great Resignation, Recession

ConnectALL: ConnectALL is a value stream management company dedicated to helping customers achieve higher levels of agility, traceability, predictability and velocity. ConnectALL’s services and solutions help organizations to connect people, processes and technology across the software development and delivery value stream, enabling companies to align digital initiatives to business outcomes and improve the speed at which they deliver software. ConnectALL’s value stream management platform allows companies to see, measure and automate their software delivery value streams. 

Digital.ai is a leading platform provider for Value Stream Management, Agile planning, DevOps and source code management. Its offerings provide global enterprise and government industry leaders a cohesive solution that enables them to ideate, create and orchestrate the flow of value through continuous delivery pipelines with measurable business outcomes. 

GitLab is a single application built from the ground up for all stages of the DevOps lifecycle for Product, Development, QA, Security, and Operations teams to work concurrently on the same project. Agile teams can use GitLab to plan and manage projects with features like issue tracking and boards, task lists, epics, roadmaps, labels, and burndown charts. GitLab supports SAFe, Spotify, Disciplined Agile Delivery and more. 

Micro Focus ALM Octane is an enterprise DevOps Agile management solution designed to ensure high-quality app delivery. It includes Agile tools for team collaboration, the ability to scale to enterprise Agile tools, and DevOps management.

The Perforce Helix ALM suite provides end-to-end traceability across the life cycle. It includes modules dedicated to requirements management, test case management and issue management. In addition, it works with popular Agile methodologies like Scrum, Kanban and XP and supports traditional methodologies such as waterfall. 

Planview’s Enterprise Agile Planning solution enables organizations to adopt and embrace Lean-Agile practices, scale Agile beyond teams, practice Agile Program Management, and better connect strategy to Agile team delivery while continuously improving the flow of work and helping them work smarter and deliver faster. With Planview, choose how you want to scale and when. We’ll help you transform and scale Agile on your terms and timeline.

Plutora: Plutora ensures alignment between software development and business strategy and provides visibility, analytics and insights into the entire value stream. Plutora ensures governance and management across the entire portfolio by orchestrating release pipelines, managing hybrid test environments, and orchestrating complex application deployments.

The Scaled Agile Framework (SAFe) is the leading framework for scaling Agile across the enterprise. It is designed to help businesses deliver value on a regular and predictable schedule. It includes a knowledge base of proven principles and practices for supporting enterprise agility. 

Targetprocess: To connect portfolio, products and teams, Targetprocess offers a visual platform to help you adopt and scale Agile across your enterprise. Use SAFe, LeSS or implement your own framework to achieve business agility and see the value flow through the entire organization.

The post A guide to Agile tools appeared first on SD Times.

]]>
Agile is the perfect antidote to Great Resignation, Recession https://sdtimes.com/softwaredev/agile-is-the-perfect-antidote-to-great-resignation-recession/ Mon, 01 Aug 2022 14:07:12 +0000 https://sdtimes.com/?p=48428 Many companies have been grappling with a labor shortage at some point over the last year, whether short or long term, due to the Great Resignation. This phenomenon continues, with many workers hopping jobs to find better offers elsewhere.  On top of that, all signs seem to be pointing to a recession in the US … continue reading

The post Agile is the perfect antidote to Great Resignation, Recession appeared first on SD Times.

]]>
Many companies have been grappling with a labor shortage at some point over the last year, whether short or long term, due to the Great Resignation. This phenomenon continues, with many workers hopping jobs to find better offers elsewhere. 

On top of that, all signs seem to be pointing to a recession in the US economy, which could lead to slashed budgets, layoffs, and a lot of uncertainty. A number of tech firms have already begun laying off workers, including those from their development and IT teams. 

Companies will be relying on the processes they have in place to make it through these times, and an important one to practice will be Agile. Agile enables development teams to do more with less because they focus on the work that matters and are able to eliminate unnecessary work that doesn’t help their customer or add value to the business. 

RELATED CONTENT: A guide to Agile tools

“This is the only way to avoid building stuff that is not necessary,” said Diego Lo Giudice, VP principal analyst for research firm Forrester. “And therefore the concept of minimum viable product, minimizing the product features and focusing on the ones that you really want is the best optimal way to deal with lower budgets … That minimum viable product concept helps with focusing and spending the money in the right way, for those that understand it.”

Laureen Knudsen, chief transformation officer at Broadcom, explained that the idea of ‘doing more with less’ maxed out about 10 or 15 years ago. Companies cannot place more work on fewer developers and expect good results. 

“There is no more space in our people’s schedules in which to do more. The focus needs to be on eliminating the waste to free up space so we can focus on creating more value. We need to stop looking at how to be more efficient and look at how we can be more effective,” said Knudsen. 

Though Agile is rather widely practiced at this point in time, there are still those who have yet to successfully implement it. But as 2020 showed us, people make a lot of changes when they are under pressure to do so. Think of all the changes companies had to quickly figure out in 2020: remote work, online ordering of things that didn’t have that type system in place before, and more. 

“What I saw during the pandemic is that companies that were not adopting it, they started adopting Agile because it was the only way for their distributed teams to do something,” said Lo Giudice. 

Another recession is an example of a pressure that could inspire companies to either rethink their Agile practice or adopt new parts of it they weren’t really practicing before. 

Lo Guidice also added that at Forrester their number one inquiry for the last year for the application development and delivery team has been on scaling agile. Scaling agile is something that interests companies more than other hot topics like citizen development or cloud. 

Value stream management ties multiple Agile units together

Knudsen also explained that Agile is no longer just practiced by development teams. Over the past two decades it has been spreading into other areas of business.

She said that newer companies who were born in this fully digital era don’t have any areas of the business that aren’t lean. But more established companies tend to have trouble keeping up, and she said they won’t keep pace unless they get over the idea that agility and lean principles are only for development teams.

She added that value stream management comes into play here as it allows companies to incorporate different parts of the organization and focus them around customer value. 

Lo Giudice explained that value stream management is important even if Agile has not made its way out of development. For example, for companies that have broken their development teams up into much smaller units, it can be difficult to have an idea of the investments that are being made and what impact they are having once they’re in production. 

He explained that measuring value was much easier when 200 people were all working on the same siloed app together. 

“What we need to do now is bring that simplicity back,” said Lo Giudice. “That doesn’t mean going back to siloed apps, but it means having practices, tools and technologies to help have that vision again, of where the investments that are made are generating value, and where there are impediments, and that’s what I think value stream management is going to do.”

Challenges still exist

Despite the age and prevalence of Agile as a methodology, there are still challenges that organizations run into.

One big challenge that Knudsen sees is companies not seeing their business as a system. 

“You cannot change part of the system and expect that change to have a great impact,” said Knudsen. “We still see companies pitting departments against each other using management by objectives (MBOs) of leaders, with a mistaken belief that internal competition is a good thing. It can be, but not if part of your system loses in the process. Today, those that can pivot and change to take advantage of opportunities that arise are the ones that will have success in the future.  And to do that, work, data, and funding needs to flow through your entire organization, not just your development teams.”

Another challenge is related to the process of scaling agile. According to Knudsen, companies that have a lack of understanding of agility in the first place will struggle to scale it. 

Of the companies she has seen struggle the most to scale, one common factor is that they didn’t implement agility well in the first place.

She believes in addition to having disciplined agile practices, solid automation, and infrastructure, it’s important to have an aligned understanding of how work will be planned, performed, tracked, and measured. 

“Most leaders can’t even tell me their definition of done or their release criteria,” said Knudsen. “The most successful companies scale agility through the entire organization using value streams.”

The three biggest challenges Lo Giudice sees in his research include:

  1. A lack of product ownership
  2. A lack of strong change management
  3. A lack of commitment of product owners from the business

“When I hear these inquiries around projects going from project to product, of course they’re trying to overcome some of these challenges,” said Lo Giudice. 

AgileThought releases new Agile guides

AgileThought recently announced the release of eight technology guilds that are aimed at enabling businesses to accelerate their digital transformations through Agile. 

The guilds are groups that have domain experience that work cross-functionally in teams called Agile Squads. The eight guilds include:

  1. Data and AI
  2. Enterprise Solutions
  3. Front-end Engineering
  4. Cloud Platforms and Back-end Engineering
  5. Quality
  6. Design and Product
  7. Cloud Operations and Cybersecurity
  8. Agility

According to AgileThought, for companies to successfully keep up in times of rapid change, they need to have both expertise and an agile culture that can quickly adopt new technologies. 

“The rapidly changing digital market has provided a need for companies to react more quickly to transform their business while continuing to provide increasing value for their customers. Through our Guilds, we are bringing our business and technology experts, proven agile methodology, and customer-first approach to deliver at a rapid pace to our clients every day. This framework will also provide high-growth career paths for our employees and help deliver on the latest digital trends and innovations for our clients,” said Alejandro Manzocchi, chief delivery officer and chief technology officer at AgileThought. 

How does Broadcom help companies practice Agile?

Laureen Knudsen, chief transformation officer at Broadcom

“Broadcom leverages its enterprise-class Agile Management SaaS platform to help organizations scale Agile across the enterprise. Our ValueOps platform includes the proven Rally Software® which enables organizations to plan, prioritize, manage, track, and continuously improve work so they can deliver the value that their customers need with speed, quality, and efficiency. It also provides visibility into progress, roadblocks, and dependencies across multiple teams, projects, and programs. This allows organizations to align strategic goals to the work and create better business results—and do it all in a single system of record. It also supports hybrid methodologies and is flexible enough to allow teams to work the way they want to work. We also have a variety of services and transformation assistance to help organizations on their Agile and/or Value Stream Management journey.”

The post Agile is the perfect antidote to Great Resignation, Recession appeared first on SD Times.

]]>