Software development engineers in test (SDETs) have historically relied on coded test automation as the go-to approach for quality assurance. However, coded test automation calls for extensive coding that’s resource-intensive and challenging to maintain. Although it’s based on free, open-source frameworks, coded test automation requires skilled labor that’s scarce and costly — constraints that hamstring overburdened tech teams. 

Fortunately, not all testing requires coded automation. New advancements in test automation are emerging, and codeless platforms present a key opportunity to streamline software testing.

Coded automation not the only option 

Coded test automation still plays an important role in scenarios like unit testing and component-level testing. But the development arena has changed in the last 20 years, underscoring the fact that coded test automation isn’t an optimal approach to quality assurance for certain use cases — like functional testing.

Coded test automation requires skilled SDETs or software developers to not only write hundreds of lines of code, but also maintain them. That’s increasingly difficult to accomplish with engineers stretched thin and employers facing ongoing talent shortages. As a result, many development teams lack the resources to maintain copious amounts of code once an application is deployed. Supporting code for coded test automation is also expensive, especially if the test framework requires regular updates or modifications.

It’s clear that new testing approaches are needed to maintain software quality and keep pace with technological advancements. And codeless test automation is gaining momentum — fast. 

Revolutionize testing with codeless automation

Codeless automated testing platforms are now available in the commercial marketplace, eliminating the need to write code for automated tests. With these tools, quality assurance (QA) professionals who lack coding skills can develop automated tests alongside SDETs and developers.

Some developers may hesitate to lean on codeless automation. After all, many developers have spent the lion’s share of their careers writing lines of code. But coded test automation isn’t going away — it’s just becoming one of several approaches developers can turn to. In fact, coded automation remains critical in many testing scenarios. 

However, for functional testing, end-to-end testing, data validation, and regression testing, codeless platforms offer a streamlined approach for both user interface (UI) and application programming interface (API) testing that can cut costs and reduce time-to-market.

Consider the benefits that codeless automation can provide:

• Reduced reliance on technical expertise: Codeless testing platforms enable developers to shift testing responsibilities to QA teams, who can focus solely on testing rather than coding and debugging. Codeless platforms also help free up developers’ time and empower them to focus on new technologies and complex software development.
• Accelerated development cycles: Codeless platforms enable QA teams to use pre-built and visual components to develop automated tests, which is a much faster process than writing net-new code. This enables testers to create more test cases in a fraction of the time, which increases test coverage and results in higher quality software. An added bonus? Shorter development cycles also reduce costs.
• Easier maintenance: Codeless testing eliminates the need for programming skills that are typically required to maintain and update coded test suites. This makes maintenance faster and easier when an application changes. Some codeless automation platforms even have self-healing capabilities that enable the testing tool to automatically fix test scripts or test cases when a test fails or the software changes.

There’s always a learning curve when adopting a new approach. But the barrier to entry is low and the rewards are high when it comes to deploying codeless test automation tools. In the current no- and low-code era, the swift pace of innovation demands agile and efficient workflows.

Consider all the factors when determining whether codeless automated testing is right for a specific use case, from resource availability to the category of testing required. But when you discover codeless is the right fit for a use case, your entire team can test faster with greater efficiency and coverage — ultimately reducing time-to-market for new products while maintaining product quality.

The post In the low-code era, codeless testing tools deliver the efficiency and profitability coded test automation can’t appeared first on SD Times.

Low-code and no-code tools enable development teams to speed up their time to market by reducing the amount of code that needs to be written, enabling reusable code blocks, and automating things like testing and security.

Though we at SD Times primarily cover the software development industry, low-code cannot be confined to just one department. In fact, Gartner predicts that by 2026, 80% of the user base for low-code tools will be non-IT users. These days, you can find low-code tooling in the hands of accountants, HR professionals, business analysts, and more. 

Clearly, low-code has proven its worth. That’s why, for the third year in a row, we’re hosting Low-Code/No-Code Developer Day, a free virtual event taking place on 4/12 where you will learn all about how you can apply these tools in your own organization.

The event will kick off with a keynote from Jason English, analyst at Intellyx, who will first attempt to break through all the marketing buzz and get down to what functionality you should be looking for in tooling. 

Other sessions will focus on: 

• The specifics of low-code for developers, with Joyce Lin at Postman
• How to correctly set up your low-code environment so that you don’t have to redo things later on, with Kevin Lewis from Directus
• How low-code can be used to abstract away the complexity of cloud native, with Jonas Bonér of Lightbend
• A real world example from the IT director of a manufacturing company which has built 28 apps using low-code tools to automate manual processes, resulting in app maintenance time being reduced from 50% to 10% of time, 4-10x faster development, and $350k/year in savings.  

And you won’t just leave the conference with abstract thoughts to ponder on. We’ve also got two hands-on sessions planned. You’ll have the opportunity to learn how to better master your data with Microsoft Power BI and how to use the open-source low-code programming language Ballerina. 

Join us on April 12 for this free event by registering here. 

The post How to level up your low-code game appeared first on SD Times.

What is no-code?

Simply put, no-code and no-code platforms allow non-developers to participate in the application development process through visual drag-and-drop tools. Users can visually compose the forms, workflows, and data needed to build an application without understanding a programming language or having formal software development training. 

This has the potential to vastly expand the supply of talent by enabling millions of non-developers with the ability to address application backlogs. Though no-code approach requires knowledge of the business process or domain, it does not require formal training in software development.

No-code development framework

While no-code shares some learnings with traditional software development, such as Agile or DevOps practices, it would be a mistake to simply treat no-code the same as other ways of development. With no-code, it’s important to tailor the development practices in a way that builds on the unique strengths of no-code platforms, which automatically take care of many technical details and spare you many common troubles associated with traditional development. 

Furthermore, the fact that no-code brings non-developers more directly into the app-building process also means that you should expect a different set of skill sets and backgrounds to be part of a no-code team.

Therefore, Creatio has developed a step-by-step methodology – described in Creatio’s No-Code Playbook – to organize the no-code development process by business-led and fusion teams. The No-code Playbook helps organizations embrace an efficient, lean, and iterative development process by empowering non-technical professionals to deploy business applications without deep technical and coding skills.

The 3 phases and 12 stages of the no-code development lifecycle

The no-code development lifecycle consists of 3 phases, which in turn include 4 stages each. Phases represent logically distinct domains of a no-code project and happen in a sequential manner, while stages within a phase are more interconnected and can even happen in parallel in certain circumstances.

The 3 phases are the following:

1. Design phase: covers defining the business requirements and success criteria of your app, envisioning its broad design, and scoping the MVP.
2. Go-Live phase: addresses building and releasing your initial app.
3. Everyday Delivery phase: covers the process of measuring the performance, delivering ongoing enhancements, and managing the evolution of your no-code app.

The 12 stages, which are described below, can therefore be easier understood as 3 logical blocks: stages 1-4, stages 5-8, and stages 9-12.

Stage 1: Business Use Case

The Business Use Case stage can be the most important part of the entire lifecycle because it helps identify your target and how you will measure success. Resist the temptation to skip or rush through this process. Instead, thoughtfully identify as clear of a definition as possible — this will act as the “true North” that will keep the team on track throughout the project and the evolution of the app. 

At its most simplistic level, the business use case should define the following: no-code stakeholder, business process, process use case(s), process consistency, and success criteria.

As you start turning the business use case into a high-level architecture for your application, you’ll need to start making some key choices. How do you pick the right components? These are tackled at the stage 2.

Stage 2: Options Analysis

In the traditional software development, options analysis is, typically, a choice between “buy” and “build.” In most enterprises, there is a mix of both as each option helps optimize for slightly different outcomes. Packaged applications (“buy”) help you accelerate your time to market but may constrain you to fit within a defined process or UX provided by the application vendor. Custom development (“build”) will help you meet even the most demanding customer requirements, but the process will take you longer as it comes with the inherent risks of building from scratch.

When you use no-code development for building software, you can have the best of both worlds in many cases. On one side, you can accelerate your time to market by using configuration tools, prebuilt components, and templates. On the other side, you can also meet and exceed even demanding enterprise-grade requirements by leveraging the extensibility of the platform.

Therefore, in the no-code development, the basic idea is to strive for “composability” — using as many available no-code building blocks as possible and further customize them for perfect fit. Usually, prebuilt components – as well as connectors to third-party solutions – are provided by the no-code vendor or its community via a marketplace. 

Now that you’ve selected the right approach to your solution components, you’re ready to start actively designing. What no-code design best practices should be followed and how “deep” do you go? This is the purpose of the stage 3.

Stage 3: Design and Prototyping

Instead of putting the functional requirements into an intermediate document and then translating it into code at a later stage, the functional requirements and design process in no-code development are much more efficient and streamlined. A no-code architect should define an application with all the needed parameters using the no-code tools (e.g., fields, dashboards, UX/UI, and workflows) and make changes on the fly when presenting and evolving a prototype. Unlike traditional prototyping, with no-code, you’re building the software itself. It’s not a simple low-fidelity wireframe or some type of “throw-away” clickable prototype — you’re building a working iteration of the final application.

The Design and Prototyping stage should be performed using the no-code platform visual tools themselves. This allows for rapid ideation cycles where the design effort more directly and immediately can be tested with end users.

If used correctly, this powerful approach to no-code design will help you prepare for the “unknown future” by allowing you to experiment, collect feedback, and iterate rapidly to ensure alignment with the business vision. As soon as you’ve validated this vision, you can change gears in the stage 4 and begin to define the successful steps that will get you to your destination.

Stage 4: Project Assignment

The Project Assignment stage defines the target scope of your no-code app that you will be building in the next 4 stages. At a high level, it includes the following activities:

• Decomposing the business use case into smaller use cases.
• Selecting and confirming which of these use cases will be included in the initial Go-Live scope.
• Ensuring that the scope aligns with any timeline constraints established by the business function.
• Defining the necessary roles and participants in the project.
• Preparation for enablement of the release (including identification of power users, scheduling of governance checks, planning enablement, selecting the right set of environments, etc.).

When you focus on perfection and completeness, you risk trying to “boil the ocean” by including too much in the first release. It’s key to mitigate this risk by staying “on target” and focusing on an MVP that delivers “just enough” features to test value early and adopt an incremental approach to adding functionality over time. Yet, you can’t build incomplete feature sets — each step of the journey must still be incrementally valuable, usable, and delightful. That is the art of defining the MVP release, which is the goal of the stage 5.

Stage 5: Prototype to MVP

The Prototype to MVP stage starts by focusing on the rapid delivery of the initial Go-Live release, which was defined by the prior Project Assignment stage.

Unlike traditional software development, we aren’t starting from scratch. First, no-code platforms provide a significant amount of the underlying infrastructure. This allows you to focus on the business functionality that you want to build, rather than worrying about building technical and application frameworks. You also accelerate the process by “inheriting” the working prototype that was built during the earlier Design and Prototyping stage. We start by extending the available prototype, which allows us to save a lot of time and minimize the risks of misalignment.

The most important thing to take away is to stay focused on releasing the MVP as quickly as possible. It doesn’t have to be perfect — it shouldn’t be because the quest to find perfection will distract you from the core mission. Instead, it would help if you embraced the power and speed of no-code platforms — take advantage of them by adopting an efficient, lean, and iterative approach that fully uses its unique strengths in accelerating development. Now, concurrent with the MVP development, you should also be collecting feedback.

Stage 6: Feedback Loop

Rather than delaying feedback to the end, no-code allows you to take advantage of a more continuous feedback model. Instead of feedback only happening at one point in time, we collect constant interactions and approvals by the stakeholder to ensure alignment throughout the development process. This may happen as often as a few times a day! So, this stage actually runs concurrently with the prior “Prototype-to- MVP” stage.

In no-code development, gathering feedback should be an ongoing and continual process. This allows you to respond to feedback more readily and ensures alignment with stakeholder needs. You won’t know for certain what the user wants unless you ask — and the sooner (and more often) you ask, the more successful you will be! 

You’ve finished development and revised it with a continuous feedback loop — you’re almost ready to release. However, before you deploy, it’s important to ensure the app has met the required governance and compliance reviews.

Stage 7: Governance checks

This is a critical step of the review process to ensure your app has successfully passed the applicable checklists and is ready for production release. This typically includes reviewing the following:

1. External compliance checklists to assess compliance with external laws, guidelines, or regulations imposed by government institutions, industries, and organizations. 
2. Internal compliance checklists imposed by internal audit teams or committees to enforce adherence to rules, regulations, and practices as defined by internal policies and access controls.
3. Security checklists to protect your corporate information resources from external or internal attacks.
4. Data governance checks to assess how sensitive corporate data is managed and secured.

Stage 8: First release

This stage is where the application is released to production to end users. The release process is typically straightforward in modern no-code platforms — they adopt the “continuous deployment” philosophy and use automation to deploy features quickly and seamlessly across environments in an on-demand fashion. However, there will be variations in the number and type of environments as well as in the specific steps of the continuous deployment workflow. The scale and complexity of the release will be driven by the Application Matrix – a tool for application complexity assessment used throughout the no-code development lifecycle – which helps define the appropriate level of sophistication needed. Finally, there are associated operational/support readiness activities and end user onboarding/enablement activities that will be needed for the first release of the application.

The previous stages of the No-code Lifecycle have ensured the application has met all of the stakeholder, user, and governance requirements. However, there are still some final steps to prepare the business function to use the application, including the following:

• Documentation and application guides
• Deployment
• Validating environments
• Final user acceptance
• Support and monitoring
• User onboarding and enablement

As end users are onboarded, there is also usually some associated enablement activity required to support effective adoption. Besides traditional training and enablement techniques, it is recommended to adopt a model of continuously retraining the users based on the “Everyday Delivery” approach. Also, it is suggested to use certifications and testing to confirm their ability to fully utilize the system specifically for complex enterprise-grade apps.

Stage 9: Feedback collection

Feedback is an important stage as this is the first time when the no-code app will likely start having daily usage by real end users who are fully vested in the app working because it enables them to perform their job function. They will let you know when the app isn’t working right! View all types of feedback — even if it is critical — as a good thing because it will help you continue to improve and enhance the app.

Feedback collection is essential to evolving your no-code app, but it’s important that you’re gathering the right feedback — through a combination of stakeholder, user, and system feedback — while taking a varied approach to input collection.

Stage 10: Incremental improvements

It’s tempting to focus on achieving perfection all at once — but that is an unachievable goal. Instead of trying to address all requirements, expectations, and suggestions, it’s better to strive to continuously improve daily based on real-world feedback. This allows you to make progress toward your goal while also continuously learning and adapting along the way. 

In this stage of the lifecycle, you should focus on the following simple steps:

1. Analyze and decompose use cases.
2. Prioritize and approve micro use cases.
3. Review design considerations.
4. Build/test enhancements.
5. Review governance checks.

Stage 11: Everyday Delivery

One of the key principles behind Agile is the notion of continuous delivery of value. Yet, too often in traditional software development, we get stuck in having to conform to defined release sprints or iterations. A key differentiation of the no-code approach is accelerated time-to-market. The modern platform capabilities empower no-code teams to deliver sufficient outcomes daily to end users. 

The spirit of the Everyday Delivery stage is striving to provide rapid updates to the end user and maintaining a high velocity and ongoing improvement cycle. The deployment can be based on a specific feature or set of features without a need to connect it to a specific sprint deadline or other formal milestones. To establish this mode of continuous delivery, it’s critical to appropriately decompose and scope your work items so that you can rely on the higher degree of deployment automation provided by no-code platforms. This allows for quick, small updates to be pushed to production frequently (perhaps daily) while maintaining higher levels of quality than traditional “big bang” software releases.

Stage 12: Application Audit

Initially, the Application Audit is likely performed by the no-code team and is reported to the no-code stakeholder. However, as the number of no-code apps increases and as you develop more business-critical apps, the audit function generally will become part of the responsibilities of the Center of Excellence, which is an internal team whose mission is to maximize efficiency through consistent adoption of best practices for no-code development across the organization. This will help look across the organization to measure and improve overall levels of efficiency, effectiveness, and business impact. It will also help identify reusability opportunities (a key concept we’ll address shortly). However, regardless of who performs the audit, it’s important not to miss any key steps:

• Auditing app performance
• Auditing feature obsolescence
• Auditing organizational changes
• Auditing governance changes 
• Auditing component reusability

These final measurement steps are key to any continuous improvement cycle, and the Application Audit stage ensures that the app stays relevant to the business.

Final touches

Many organizations are looking for the best ways to define and operationalize their digital transformation strategy. Don’t think of no-code as a separate or distinct agenda, instead, connect it directly to digital transformation. No-code can operationalize and scale the building of digital applications across your enterprise. While it’s possible to pursue digital transformation with traditional custom development techniques, you will find that no-code can dramatically accelerate your ability to bring new ideas for digital innovation to the market. Explicitly advocating no-code as part of the digital transformation toolkit will help you achieve quick wins. It can also help build momentum and add additional resources to support the adoption of your no-code platform and tools.

The post The phases and stages of the no-code development life cycle appeared first on SD Times.

The latest version includes a new composable architecture, which provides users with a library of ready-to-use components. All of the components are pluggable, replaceable, and reusable, which significantly reduces the amount of time spent configuring and customizing them. 

In addition to the ready-to-use components offered by Creatio, users can also turn their developed code into a composable element that they can reuse down the line. 

Another update in the version is an updated UI for both desktop and mobile. The new Freedom UI will help streamline the application design process. It includes a comprehensive library of views, widgets, and templates for building applications.

The final update in this release is the new AI-driven development capabilities. This new functionality will provide users with guidance and recommendations for building in a way that will maximize business value. 

It combines historical data with industry best practices to provide recommendations, the company explained. 

The post Creatio’s latest updates speed up building of no-code apps appeared first on SD Times.

It’s not that low code is more risky than traditional code, but the same risks are there, Jeff Williams, co-founder and CTO of Contrast Security explained. These include things like authentication, authorization, injection, encryption, logging, etc. 

Even developers who spend their whole days writing code have very little security training, for the most part, and often they don’t even have much communication with the security team. One main difference between the two groups is that citizen developers might be more likely to accidentally introduce a security risk, explained Williams. 

RELATED PODCAST: Low-code and the relationship between citizen developers and security

“I would expect citizen developers will make a lot of the basic mistakes such as hard-coded and exposed credentials, missing authentication and authorization checks, disclosure of PII, and exposure of implementation details,” said Williams.

According to Mark Nunnikhoven, distinguished cloud strategist at Lacework, access to data is also a big issue to consider, especially when you’re giving citizen developers access to data in systems they hadn’t previously encountered. It’s important to both restrict access to only what is needed and teach citizen developers the appropriate use of the data connections they have access to. “We don’t teach you like, ‘hey, you’ve got access to all of our Salesforce information and here’s what appropriate use looks like.’ We just say, ‘oh, you’re in sales or in marketing, and you should have access to that, so here you go.’” 

Nunnikhoven explained that this is a huge problem in low-code development because suddenly low-code developers have the ability to access and manipulate data and connect to other systems, and if they don’t understand the appropriate use of that, they won’t understand the inappropriate use of it either. 

“I think that’s the real challenge with these platforms,” said Nunnikhoven. “It’s exposing a gap in our information management or our information security programs that we don’t often talk about, because we’re so focused on the cybersecurity and the nuts and bolts of how we secure digital systems, not the information in those systems.”

Jayesh Shah, SVP of customer success at Workato, also advises customers to develop a certification program specific to the low-code platform that will be in use so that the people who will be working with it understand the capabilities and can more easily stay within the policies and guardrails laid out by the company. 

Process of security doesn’t change much

Even though the way of building the application is different when you’re talking about low code versus traditionally coded apps, the process of security should be the same. 

“Fundamentally the challenge for companies of all sizes is to define their specific level of security, test against that definition, and fix problems,” said Williams. 

He recommends that companies set guidelines for exactly how they will use the platform. For example, how should users be authenticated? How is input validated? How are credentials stored?

After setting these guidelines, it’s important to test to ensure that developers are implementing them. These tests can be automated using instrumental application security testing (IAST), which analyzes the entire application as it is assembled. Methods like static application security testing (SAST) and dynamic application security testing (DAST) might miss real issues and report false positives, Williams explained. 

In addition to having good policies within your company, the low-code platform itself can also minimize security risks. For example, according to Shah, the platform can incorporate its own security controls, such as requiring citizen developers to work in sandbox environments or limiting their options.

According to Shah, one area in which low code may have the edge over traditional code is that when a new vulnerability is discovered by the security community, custom software isn’t likely to be updated in a timely manner, while a low-code platform could be updated by the vendor to minimize or remove that vulnerability, Shah explained. 

“The low-code platform can ensure that the platform components it provides do not have security vulnerabilities and are patched and updated as necessary to benefit all users globally,” he said. 

Shah added that while traditional development might offer greater flexibility in terms of what can be created, that freedom also brings a broader level of responsibility. Custom software often incorporates third-party or open-source components, which are notorious for being weak points for vulnerabilities, he noted. 

OWASP Top 10 expands to low-code

The OWASP Top 10 is a list of the ten most common security vulnerabilities in code. Recently, work began on an OWASP Top 10 list specifically for low code, with the same idea as the original guide but focused specifically on low-code risks. 

“You as an organization that is adopting low code/no code should be able to look at the OWASP Top 10 and say, ‘Here are the main security concerns, as agreed by the experts in the community, how am I going to address these within my environment?’” said Nunnikhoven. 

Here are the top 10 risks specified by the guide at the time of this writing: 

1. Account impersonation
2. Authorization misuse 
3. Data leakage and unexpected consequences 
4. Authentication and secure communication failures
5. Security misconfiguration 
6. Injection handling failures
7. Vulnerable and untrusted components
8. Data and secret handling failures
9. Asset management failures
10. Security logging and monitoring failures

In theory the OWASP list would give companies a set of items to focus on in their security strategies, but Williams, who created the original guide back in 2003, said that’s not really the case, unfortunately. He said that’s what he thought would happen when he wrote the guide, but that he’s “still waiting” for that. 

He added: “I think OWASP helps to raise awareness and understanding around risks, but it doesn’t seem to translate into a significant decrease in vulnerabilities. I think it only really works if platform vendors take the advice and build better guardrails into their own specific environments.”

The post Low code doesn’t necessarily mean low security risks appeared first on SD Times.

Recently, a critical vulnerability in Apache Log4j, a popular Java library for logging in applications, was discovered by industry experts. To be specific, it was a new Remote Code Execution (RCE) vulnerability (designated as CVE-2021-44228) in the Log4j. Upon further investigation, more vulnerabilities were uncovered, including CVE-2021-45046 and CVE-2021-45105. 

By exploiting these vulnerabilities, hackers could gain remote access to a company’s devices or specific applications, potentially enabling them to steal sensitive data or deploy ransomware on servers or devices. This led to security teams working around the clock to identify and patch the Log4j vulnerabilities as fast as they could. 

While the Log4j vulnerability was a gleaming example of how instant and severe security issues can come about in software development, it’s certainly not the first or last vulnerability that security teams will need to prepare for. And, it is critical they solve these issues within minutes or hours, not days or weeks. Every second that software is left vulnerable is money, time and resources lost. 

While it may be nearly impossible to keep all software completely secure from all future vulnerabilities, there is a way to ensure that any compromised software is restored safely and quickly. Organizations should adopt a “security by design” approach and implement the security best practices to catch the issues early on and provide the necessary tooling and training to developers, DevOps and security team to fix them before they go to the production environment. In addition, enterprises have to look to no-code DevOps orchestration as a way to uncover, automate and reduce the impact of product vulnerabilities.  

The armor for software delivery

With the growing complexity of software delivery ecosystems, organizations need an effective way to automate the end-to-end CI/CD release process across all technology platforms to accelerate velocity without compromising security.  

No-code DevOps orchestration allows development organizations to connect all of their software teams, tools, and information to help them accelerate software delivery and address security concerns quickly and efficiently. No-code DevOps orchestration helps to resolve software security issues through the following core functions: 

Automation

Automation is critical when it comes to being able to solve security issues efficiently and properly. Manual code inspection and upgrades is too time-consuming and error-prone. With no-code DevOps orchestration, automated CI/CD pipelines take care of building the code, scanning for vulnerabilities, unit testing and deployment to development, QA and production. The latest vulnerabilities are updated automatically as soon as they are released so that they can be caught and addressed as proactively as possible. 

Insights

It’s one thing to be able to efficiently solve security issues through automation, but unified insights are also required to fully understand the impact of the vulnerability, how and if the team was able to resolve it, and where processes can be improved. No-code DevOps orchestration enables real-time insights to be gathered instantly so that fixes across end-to-end deployment can happen as quickly as possible. 

Visibility 

Software vulnerabilities do not only impact security or development teams, but can have downstream impacts across multiple teams within IT and engineering organizations. When a vulnerability hits, it’s important that everyone across an organization has access and visibility into the details of the vulnerability, the status of its resolvement and how others in the company or customers may be affected. No-code DevOps orchestration integrates all of the tools within the software development ecosystem so that every step of the process is visible in a single-pane-of-glass. 

By utilizing automated security alerts, real-time insights and granular visibility across DevOps environments, organizations can immediately identify if any of their components have been compromised due to a vulnerability like Log4j. While no-code DevOps orchestration won’t stop vulnerabilities from happening in the future, it makes solving for them easier so teams can focus on innovating without delay. 

The post Log4j is just the beginning – Secure your software with no-code DevOps orchestration appeared first on SD Times.

The combination of the companies is intended to enable enterprises to increase scale, speed-to-market, and customer satisfaction as they advance along their transformation journey.

“We are confident that our partnership with Opsera will give our customers an even greater competitive edge in times of rapid change and transformation,” said Radhakrishnan Rajagopalan, global head of technology services at Mindtree. “No-code DevOps orchestration is a revolutionary approach to software delivery that ensures the strictest speed, quality and security standards until they are met. We look forward to bringing this solution to our customers and also providing Opsera’s customers with our own unique approach and capabilities around digital transformation at scale.”

According to the companies, in order to get the most out of the cloud and digital solutions, organizations need to successfully adopt DevOps practices and tools to maintain velocity, security, and quality of software development.

With this collaboration, Mindtree users gain access to Opsera’s no-code DevOps orchestration platform that provisions engineering teams’ choice of CI/CD tools from a common architectural framework and builds declarative pipelines for several different use cases. 

Additionally, users of Opsera are able to take advantage of Mindtree’s engineering capabilities.

“Partnering with Mindtree helps strengthen our collective approach to help engineering and IT organizations turn DevOps practices into improved business performance,” said Chandra Ranganathan, co-founder and CEO of Opsera. “Mindtree offers some of the most cutting-edge digital transformation capabilities that large organizations need to stay competitive. Its expertise combined with our no-code DevOps orchestration platform will help Mindtree’s customers accelerate their DevOps initiatives. We also look forward to utilizing Mindtree’s digital transformation capabilities to help our customers excel.”

To learn more about this partnership, visit the website.

The post Opsera and Mindtree announce partnership to help customers further their digital transformations appeared first on SD Times.

Unqork’s no-code platform is based on the idea of Codeless Architecture, which is “an open-standards approach to software development that allows organizations to build and run applications without ever thinking about the underlying code,” according to the company.

The benefits of Codeless Architecture includes having a single source of truth for IP, an integrated ecosystem of vendors, automation of complex workflows, and the ability to provide a branded experience at scale.

The Spring 2022 release includes an improved Grid System for accessing, visualizing, and interacting with data. The Grid System allows customers to build a number of grid types, including Dynamic, Uniform, and Freeform, which provides options for analyzing data and optimizing style and design flexibility. Use cases for Grid System include business logic and validation, simple or complex data entry, dashboards, and data exploration. 

“Our customers drove the feature requirements of this grid system,” said Gary Hoberman, CEO and founder of Unqork. “Some of those customers are like ‘I’ve got hundreds of thousands of rows that I want to be able to page through and scan through and update it. And if you ever opened a spreadsheet, an Excel spreadsheet, and it had hundreds of thousands of rows, you would know how slow it is to open it, update, and save. And so to us, we had to provide it at scale, have it be performant and secure in ways that it hasn’t. And that’s really what the Grid System is, allowing you to decide how you want to represent your data, view your data, update your data, all without writing a single line of code.”

Another new update is an updated Enterprise View that provides an overview of a customer’s Unqork environment.  This enables customers to see the health of their environment and the efficiencty of their development process.

“Those are features which as a CIO, I would have killed for,” said Hoberman. “I used to spend each Friday morning reviewing the outages for the week and talking about them the next week. And there was always a disconnect between application development and infrastructure support.”

This release also includes updates to Unqork’s no-code marketplace. New additions include a Google Translate integration, a Webhook API snippet, and a “for loop” snipper. 

The post Unqork Spring 2022 release gives no-code developers greater control appeared first on SD Times.

According to a recent tweet, Frank Zamani, CEO of Caspio, was once a refugee himself, fleeing from Iran 36 years ago to escape religious persecution. Today, Zamani finds himself in the position to help Ukrainian refugees who are leaving the country and heading for Poland. 

Caspio is a no-code software company with offices in California, Poland, Ukraine, and the Philippines; currently, the company has 70 employees living and working in Dnipro, Ukraine. Zamani arrived in Poland on Friday, March 4th and has been traveling between Krakow and Przemysl in order to help Ukrainian Caspio employees and their families find adequate housing, food, and supplies after fleeing their home country. 

At this time, approximately 30 Caspio employees have made it safely out of Ukraine and into Poland with Zamani and other members of the Caspio team waiting and ready to provide help in any way possible. 

According to the company, Caspio employees that are based in Poland are the ones driving down to the border to bring their Ukrainian colleagues to safety. Additionally, team members in Poland have opened up their homes to offer shelter and food to those who have come across the border. 

The company is also offering its no-code platform free of charge for anybody that wants to build apps with the goal of helping Ukrainian citizens. The platform can help build applications quickly to support first responders during this time of crisis.  

Helpful applications that can easily be made with the no-code platform include missing persons directories that offer communication between parties, matching housing and other necessary items or services with those who can provide them, lost and found databases that offer the capability to upload photos and videos, and more. 

If interested, click here to request a free trial. 

“Caspio began operating in Ukraine 18 years ago. Dnipro hosted our first-ever Software Development Center outside of the United States,” reads the statement released on Caspio’s website. “Our Ukraine office houses more than 70 Caspians from engineering, development, sales and support teams. But Ukraine is more than just an international office — it’s home to our dear friends, colleagues and family.  To everyone in Ukraine, you inspire us with your courage and resolve amid this adversity. To everyone else, we encourage you to act and express your support for the people of Ukraine in this time of great humanitarian need. We decry the attacks launched by the Russian government and stand in solidarity with Ukraine.”

For more information on Caspio’s efforts to help the people of Ukraine, see here. 

The post Once a refugee himself, Caspio CEO now helping Ukrainians appeared first on SD Times.

“I think when you get to the level we’re operating at, its very much based on a challenge, a business opportunity, and also part of how people are thinking innovatively about becoming digital first,” Manby said. He went on to explain that, particularly during the COVID-19 pandemic, major organizations are utilizing low-code and no-code tooling to solve the problem of maintaining the business when people have no interest in going into a physical store anymore. 

According to Manby, regardless of the industry, the use cases for no-code and low-code tooling comes down to a fairly specific problem that needs solving. “We have a ferry company in Germany that we’re working with right now, and they wanted to replace their booking app, but once you start getting into what the business problem they are trying to solve is, you find that it’s not about just buying that ticket, they want to build it into more an engaging experience,” he explained. These particular use cases are being successfully taken on by IT teams and professional developers utilizing low code or no code in order to save time and increase productivity. 

RELATED CONTENT:
How these platforms support low-code/no-code initiatives
A guide to low-code/no-code platforms

Paulo Rosado, CEO of OutSystems, explained that the level of sophistication provided by low-code or no-code is mainly determined by the platform or tool itself. He said, “Fundamentally, you can go from a small portal or workflow to building a claims processing system or the brand’s mobile native application at the other end of the spectrum.” 

He went on to explain that today, no-code and low-code tools have become extremely advanced, going beyond just delivering functionality. According to Rosado, these types of tools bring the capability to support non-functional requirements as well, such as high scalability, high security, reliability, and several other key factors that used to require more advanced coding to accomplish. 

“One thing limiting the reach of low-code is that you have to analyze, in advance, whether a low-code platform can meet your current and future requirements,” said Charles Kendrick, CTO of Reify. Kendrick explained that doing this analysis delays the project start, and if the analysis is done wrongly, you may outgrow your low-code platform in the future.

“To extend the reach of low-code, we designed Reify so that it can contribute screens to a larger application, or even to a legacy application.” continued Kendrick. “So, with Reify, the question is no longer ‘Can I build this with a low-code or no-code tool?’ but rather ‘How much of this can I build in Reify?’

“We’ve found that even for large, complex business applications — where a low-code platform would not normally be a feasible choice — as much as 70-80% of the application can be built and maintained in Reify,” he said. “This means you can get the benefits of the low-code approach in every single project, not just the simpler ones.”

Frank Zamani, president and CEO of Caspio, highlighted different aspects of no-code and low-code tools. According to Zamani, when this type of technology was first introduced, many professional developers felt somewhat intimidated by its potential and the ease of use that it offered. On the other side of this, there were developers who vastly underestimated these tools and did not believe that it was truly possible for them to create in-depth applications the right way.

“I would say now, after educating the user base… I think two things have happened, on one hand they are taking these platforms more seriously and seeing that these are good for certain types of use case scenarios, and the other thing is that they’re realizing that these platforms are mostly doing the work that a good developer does not even want to do,” Zamani explained. 

He compared the concept of having highly skilled developers doing the work that can be done with no-code or low-code tools to having a neurosurgeon water plants in a hospital just because they work there. All this to say that there are more pressing and demanding issues that these professional developers should be spending the majority of their time and resources on while no-code and low-code tools can take care of the mundane. 

Chandra Ranganathan, co-founder and CEO of Opsera, pointed out that low-code or no-code technology also makes it easier for organizations to roll out applications in a more holistic way, due to the increased ease of use and decrease in the time commitment. “No-code development platforms can be extended beyond just creation of simple workflows to also accomplish the end-to-end needs of software delivery,” he said. 

According to Ranganathan, these needs include provisioning infrastructure, integrating toolchains, developing workflows and pipelines to build, test, secure, and deploy software, and also get unified and predictive insights. “Architecting and implementing no-code approaches holistically will ensure maximum value in terms of agility, security, and efficiency.”

He went on to discuss the increasing complexity of digital transformation, multi-cloud, and SaaS first ecosystems, and the way that taking a no-code approach could be helpful in adapting because of this all encompassing method that can be easily achieved. 

“The right platform and a properly designed no-code development and orchestration approach can help address multiple use cases across organizations,” he said. “Product delivery across multi-cloud, mobile application deployments, or release automation for SaaS applications, and also provide flexibility for ‘low-code’ extensions or customizations for application specific needs.”

Rosado also spoke about the role that low code plays in mobile development as well as edge computing. He said, “A lot of the applications that we deliver are mobile applications and we also have web applications that need to be operated at the edge that are delivered by low-code… one of our international customers, for instance, is the navy for a particular country and they run the platform in each one of the boats that they operate, and so that’s a case of edge computing.” 

Manby echoed Rosado, saying that there are people using mobile applications created with low-code technology to conduct processes as critical and complicated as inspections of oil rigs. Using an app built with low code, someone can complete the inspection while the person operating the rig can receive live incident recordings from them all in one centralized application. “This kind of inspection and reporting and field services is one of those pervasive things [that can be accomplished with low-code],” he said. 

Ranganathan explained that with low-code or no-code technologies, the process remains the same no matter where you deploy the application to. The no-code approach used for mobile applications should be the same as what the process used for deployment to data centers or cloud based applications looks like. Organizations should be looking to extend their capabilities, standards, architecture, and modules to enable them to deploy low-code applications in multiple different ways.

“To implement an effective no-code approach, organizations have to consider how the solution fits into their existing or planned technology stack, (re)engineer processes to ensure seamless integration and collaboration across the SDLC functions and ensure buy-in and change management with the ultimate users,” Ranganathan said. 

Zamani emphasized that as long as the ultimate goal falls under the umbrella of what a low-code or no-code tool is good at, the deployment method shouldn’t have much of an impact. “If the use case scenario falls into one of these areas that Caspio is good at, then yes, but edge computing itself is a huge universe… It’s also a balance, in terms of how much makes sense to do in a no-code way, and what percentage of it should be done through coding,” he said. 

Manby explained that with the current state of no-code and low-code, there is virtually no limit to what it can do. Applications that used to require multiple development teams and extremely advanced coding can now be completed with much fewer resources while achieving the same quality in the end product. Manby pointed out that particular use cases for low-code vary drastically depending on the industry. “It’s just immense, and it really comes back to solving that specific business problem,” he said. 

However, when organizations are working with smaller tools, it becomes much more difficult to access the full breadth of what is possible. According to Rosado, a key issue with smaller scale no-code or low-code tooling is the aspect of completing change requests. “It’s a challenge that we’ve seen in a lot of situations in the past 30 years with technologies like development productivity tools,” he said. He went on to explain that this is because of the aspect of the buildup of technical debt and the growth of software as it evolves with change requests.

Despite this issue though, investing in no-code or low-code capabilities still proves to be an increasingly smart move. Manby said, “I think that the majority of the larger organizations have started to embrace low code… in a survey that we did with Forrester we found that over 80% of organizations surveyed had low-code as one of their top IT priorities. So I think if they don’t already have something in house which they’re piloting right now, then this certainly is a consideration for the next 18 months or three years to bring in house.”

Rosado also discussed the ways that no code and low code can be especially helpful during the shortage of skilled developers that is currently being seen. “The talent shortage is so huge and the backlogs of things to do doesn’t stop,” he said. 

He went on to explain that no-code and low-code tools help fuel developer productivity, and ensure that more work can be done using less professional developers, which is extremely helpful when there’s not many highly skilled developers to begin with. “It just makes pro developers more scalable and allows them to help more and deliver more with higher impact.”

Zamani also discussed the role of no-code and low-code tools in the midst of this developer shortage. He said that these types of tools can be incredibly helpful, but it all comes down to the extent that customers are willing to adopt them. “This problem is not going away, this shortage of developers, if anything it’s only going to get worse… The need is growing and the supply is not as much so it will be a bigger issue as time goes on.” 

Tools continue to rise in popularity 

John Bratincevic, an analyst at Forrester, said, “[No-code and low-code] are becoming first class options for software development in virtually every enterprise it seems, and in our last developer survey, 30% of professional developers say that they’re using one of those tools themselves.” 

He also discussed the market leaders for no-code and low-code tools, in terms of adoption. He said that the giants right now are most of the larger well known companies that have a good reputation in other areas and come with a good amount of notoriety. “The big companies where low-code is one part of the puzzle… they have a bunch of go-to-market paths and a bunch of entry points… which is kind of a big starting point for enterprises,” he said.

According to Bratincevic, the adoption of no-code and low-code technology spans across nearly every industry, from finance to retail. “There’s definitely a move towards verticalization for some platforms, especially smaller ones as they kind of find their niche. So, a lot of people are starting to focus on under digitized industries… but it’s pretty broad, the tools themselves are broadly applicable,” he explained. 

When actually adopting no-code and low-code tools into an organization, Bratincevic said that the most common issue professional developers struggle with is finding a way to implement it into their toolchains and pipelines without causing any disruption. He said that this becomes highly ambiguous because there are several different avenues to tackle this problem. “How do they manage that? Should it have its own pipeline? Should it use the one they already have? Answering that question and understanding what the best answer is… the market doesn’t know exactly how to deal with it yet,” he said.

Another challenge that developers have to overcome is governance. According to Bratincevic, no-code and low-code tools bring in more developers, whether professional or citizen, and more developers means more people have to be on the same page. This becomes especially challenging when several developers come from differing IT backgrounds. 

He also said that as these problems become more prominent, there is an ecosystem forming around them and their solutions. “The governance, and the culture change, and the framework, and how to integrate… the multifaceted question of how to do this at scale is just beginning to form,” said Bratincevic.

Heightened productivity with built-in security 

Andrew Manby, head of product management at HCL digital solutions, highlighted the aspect of security in low-code tools. He said, “We have a manufacturer in the CPG (consumer packaged goods) space… and in order for them to try and manage their production, they have to figure out where the areas of exposure are and building these new applications using low-code enables them to be more productive and efficient and be safer for that matter.” 

Safety and security are becoming increasingly important factors to consider. However, just because no-code and low-code tools bring a heightened level of ease, doesn’t mean they come with any increased risk of security vulnerabilities.

According to Paulo Rosado, CEO of OutSystems, “If the low-code vendor puts the investment in the underlying platform, then these platforms can be more secure than traditional coding, and the reason for this is that in a lot of use cases, security practices are done at the level of the platform infrastructure.”

He explained that the way for organizations to build security into low-code tools is to take a transpiler and compiler approach and translate it to cloud-native applications. Rosado said, “What we translate usually is fundamentally packed with high security-grade constructs, both in the code and in the infrastructure.” This prevents the developer from having to go back and check that all of the security requirements needed have been fulfilled. 

Chandra Ranganathan, co-founder and CEO of Opsera, also discussed the simplicity of integrating security into a no-code or low-code tool. He explained that the developer can insert security checks into their tooling wherever they think it is necessary, saving time in the long run by accounting for security in the development process. “Seamlessly integrating it into a workflow ensures security and ensures compliance while also improving collaboration and productivity,” he said. 

Manby reinforced this, saying that, if done right, applications created with low-code tools are just as secure — if not more so —  as applications that were developed with more complicated coding. “We fully integrate with those types of best practices and tools,” he said. “So, taking a full stack developer and teaching them how to use low-code, they feel very much at home, it’s not an alien environment, it’s really about productivity… there’s no need to sacrifice [security].”

Frank Zamani, president and CEO of Caspio, said that he believes that no-code and low-code tools have the power to make applications even more secure because the level of compliance is not determined by a specific developer. 

“An application built the traditional way is as good as the developer who wrote it, but inherently, it doesn’t have any built-in security. It’s as good as how well the developer was trained, how much they thought about security, and also how well they slept the night before,” he explained. 

While he also pointed out that there is no such thing as the perfect tool, no-code and low-code tools usually have full teams dedicated to security and compliance. “This team’s only job is to stay up to date on the security issues that can arise and many other things that a single developer would have to think about, and have to code, and have to implement [themselves],” he said. 

Rosado also discussed the feedback loop that OutSystems has achieved due to the open-source nature of their code, and how it has helped to create even stronger security. He said, “The customer can look into everything that’s generated and use their own tools to scan the code. Sometimes we have customers that are so sophisticated that they come to us and say that they have detected a non-compliance.”

After receiving this feedback, it is simple to go back in and make the necessary changes to the code in order to make it security compliant. With this, organizations who were not even aware of the vulnerabilities in their own companies then become compliant as well. 

The post The benefits of low-code/no-code tools for professional developers appeared first on SD Times.