Towards Visual Analytics Dashboards for Provenance-driven Static Application Security Testing

The use of static code analysis tools for security audits can be time consuming, as the many existing tools focus on different aspects and therefore development teams often use several of these tools to keep code quality high and prevent security issues. Displaying the results of multiple tools, such as code smells and security warnings, in a unified interface can help developers get a better overview and prioritize upcoming work. We present visualizations and a dashboard that interactively display results from static code analysis for “interesting” commits during development. With this, we aim to provide an effective visual analytics tool for code security analysis results

Towards using focus groups to identify software developer's interests regarding their development process

The assurance of quality, reliability, and trustworthiness of software systems is a basic requirement in software development. Therefore, it is necessary to have a comprehension and detailed understanding of a software project. To make the understanding of a complex software system more accessible, a set of tools that analyze and visualize complex software systems could be introduced. Such a software analysis and visualization tool has to meet challenging requirements to be suited for the specific needs of users. To fulfill these requirements and to provide an intuitive way to understand the software projects with visual analysis, we use the human-oriented method of focus groups. We developed a design for focus groups to identify topics of interest regarding the analysis of software development processes. To test and improve our focus group design we conducted a pilot study with research software developers

GitLab2PROV-Provenance of Software Projects hosted on GitLab

Assertions about quality, reliability, or trustworthiness of software systems are important for many software applications. In addition to typical quality assurance measures, we extract the provenance of software artifacts from source code repository's-especially git-based repository's. Software repository's contain information about source code changes, the software development processes, and team interactions. We focus on the web-based DevOps life-cycle tool GITLAB, which provides a git-repository manager and other development tools. We propose a provenance model defined using W3C PROV data model and an implementation: GITLAB2PROV

An Interactive Dashboard for Visualizing the Provenance of Software Development Processes

Software development is a complex process involving many people and development tools and their interactions; during development, a lot of data such as source code, documents, or software artifacts and information such as issues, discussions, or code analyses are generated or modified. In addition to the analysis and visualization of software systems, it is useful to analyze the software development process to obtain better information about the quality, reliability, and trustworthiness of the software. To gain insights and knowledge about software development processes, we extract the provenance of development processes, especially from version control systems for Git-based software projects, and visualize the provenance information using graph visualization, metrics representation, and development timelines; including an integration of these methods into a web-based dashboard. With the help of visual provenance representations, project managers can gain an overview and insights into development progress, effects of process changes, and interactions among developers and with external contributors, which we exemplify with a case study of a software with high social relevance

Scientific Software Engineering: Mining Repositories to gain insights into BACARDI

For Space Situational Awareness, the German Aerospace Center (DLR) develops the software system "Backbone Catalogue of Relational Debris Information" (BACARDI), which allows for keeping track of resident space objects. BACARDI's key features are automated processing services which produce orbit information and products like collision warnings. We present how we applied new methods of software analytics to the BACARDI project. BACARDI is an example of a complex software system with large development effort carried out by a team of various specialists. Our goal is to design and implement an efficient software development process, balancing the explorative character of a research project and operational requirements (i.e. tailored from official standards in the aerospace domain). Therefore, we established a software development process for the project where we focus on software quality. We applied methods to structure, communicate, and utilize the diverse skills, knowledge, and experience in the team concisely and precisely. After one year of practical utilization, we analyzed the process based on the repository data. By analyzing these data, we assess and prove the effects of the introduced process on the development of a software, which is used in the aerospace domain

Visualisierung der Evolution von Softwarearchitektur

Softwarearchitektur wird klassischerweise mithilfe von UML-Diagrammen zum Beginn eines Projektes dokumentiert. Doch aufgrund neu formulierter Anforderungen durchläuft die Software während des gesamten Lebenszyklus eine Evolution, in der auch kontinuierlich eine Anpassung der Architektur erfolgt. Es besteht also keine Übereinstimmung mehr zwischen der anfänglich dokumentierten Softwarearchitektur und der implementierten. Somit sind die anfänglich erstellten UML-Diagramme besonders bei langjährigen und komponentenreichen Softwaresystemen schnell überholt und stellen keine ideale Lösung zur Kommunikation dar. In dieser Arbeit wird ein Konzept vorgestellt, mit dem die gesamte Evolution komplexer Softwarearchitekturen verständlich dargestellt werden kann. Unter anderem wird die Frage beantwortet, wie Softwarevisualisierungen während des Entwicklungsprozesses helfen können und welche Vorteile sich daraus für Softwarearchitekten und Entwickler ergeben. Es wird gezeigt wie alle relevanten Daten für die Visualisierung durch Repository Mining auf dem gesamten Quellbaum und Data Mining auf Quellcodeebene aufbereitet werden. Durch die Implementierung der Softwarevisualisierung wird verdeutlicht wie die zeitliche Veränderung der Architektur greifbar gemacht und als Kommunikationsmittel eingesetzt werden kann, um technische Probleme zu identifizieren oder Qualitätsmerkmale zu beurteilen. Denn es ist von großer Wichtigkeit die gesamte Evolution zu betrachten und nicht nur einen Schnappschuss, um in der Lage zu sein, komplexe Systeme zu verstehen

Software Development at the German Aerospace Center: Role and Status in Practice

Software is an important innovation factor and an integral part of modern research. However, researchers are often faced with challenges in developing software because they do not have the necessary education and skills. The German Aerospace Center (DLR) established its software engineering initiative in 2005 to enable researchers to better meet these challenges. Continuous adaption and improvement of the supportive measures of the initiative require a good understanding of the current role and practice of software development at DLR. Therefore, we conducted a DLR-wide survey on research software development at DLR at the end of 2018.In this paper, we present the results of this survey and identify possible improvements of the software engineering initiative activities. 773 DLR employees completed our survey and provided information about their academic background, programming experience, and software development practices. The results show that software development is a very relevant topic among the researchers at DLR but also a lack of applying software development best practices. Based on these results we conclude to further enhance the practical focus of our support activities as well as to raise the awareness for these practices to bring them into the daily work of DLR researchers

Development of Research Software at DLR - Role and Status in Practice

Software is an important innovation factor and an integral part of modern research. As a consequence the development of software becomes more and more the norm in research alongside the mere use of software . In an effort to obtain an overview of the current practice of research software development at DLR and to optimize our existing support activities for software developers at DLR, we conducted a DLR-wide survey on research software at the end of 2018. The answers of the approximately 770 participants provide a comprehensive picture of the current state of practice. In this presentation we want to give an insight into the heterogeneous landscape of the research software development of a large distritibuted research facility