Last Updated Feb 19, 2018 — DevOps Expert
Integrate Compliance and Quality into Your DevOps Pipeline
Continuous Delivery is about enabling your organization to bring new features to production, one by one, quickly and reliably. To do so effectively while maintaining a high level of quality, you have to embed code analysis in the CD pipeline. Making code analysis an integral part of your Continuous Delivery process strengthens the test automation section of your CD pipeline and ensures that release managers have an accurate view of the risks the code may introduce.
Embedded code analysis is also crucial for meeting the compliance requirements that are important for your organization. Code can be analyzed for security, open source licensing, adherence to coding standards, and various other quality metrics. When code analysis is baked into the software release process, you can be confident that the evidence you need for auditing purposes is collected and recorded automatically.
With XL Release 7.6, you can see risk and quality metrics in the dashboard for every release. In addition, you can add code analysis tasks to the release pipeline through integrations with third-party products and configure the tasks to fail if the code does not meet quality thresholds.
XL Release 7.6 adds the following integrations:
Black Duck is a trusted tool for securing and managing open source software in applications and containers. Integration with Black Duck makes it easy for you to verify as a standard step in your templates and releases that the open source software you use in your applications and containers is secure.
Using XL Release and Black Duck allows you to embed code risk analysis in your Continuous Delivery pipelines. You can automatically check code against various types of risk, such as license, security, and operational risks.
The Black Duck plugin allows you to add Check Compliance tasks to templates and releases and configure them with a threshold for various risks to indicate severity.
You can also add a Black Duck risk profile tile to release dashboards and configure it to show risk metrics for a given project in a graphical way, so you can assess code risk in real-time at a glance.
Fortify Software Security Center (SSC)
Fortify Software Security Center provides centralized management of application security testing. Security teams use SSC to review and manage security testing activities, prioritize remediation efforts based on risk potential, measure improvements, and generate cross-portfolio management reports.XL Release
and Fortify SSC can evaluate code against the security metrics that are most important for your organization.
The Fortify SSC plugin allows you to add Check Compliance tasks to templates and releases and configure them with the minimum rating required for the release, according to the Fortify Five Star Assessment Rating.
You can also add a Fortify SSC Summary tile to release dashboards and configure it to show security metrics for a given project.
SonarQube is an open source platform for continuous inspection of code quality. Teams use it to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities in application source code.
Using XL Release
and SonarQube to integrate code analysis into your Continuous Delivery pipelines strengthens test automation and ensures that code adheres to your organization’s coding standards.
The SonarQube plugin allows you to add Check Compliance tasks to templates and releases and configure them with SonarQube quality gates.
You can also add a SonarQube summary tile to release dashboards and configure it to show code quality metrics for a given project.
The Result: Better Software for All
Integrating compliance and quality into your DevOps pipeline is crucial for any organization to deliver quality software consistently, and XL Release can help you achieve just that with ease.