Requirements engineering and continuous deployment

This article summarizes the RE in the Age of Continuous Deployment panel at the 25th IEEE International Requirements Engineering Conference. It highlights two synergistic points (user stories and linguistic tooling) and one challenge (nonfunctional requirements) in fast-paced, agile-like projects, and recommends how to carry on the dialogue.Peer ReviewedPostprint (author's final draft

Continuous Deployment Transitions at Scale

Predictable, rapid, and data-driven feature rollout; lightning-fast; and automated fix deployment are some of the benefits most large software organizations worldwide are striving for. In the process, they are transitioning toward the use of continuous deployment practices. Continuous deployment enables companies to make hundreds or thousands of software changes to live computing infrastructure every day while maintaining service to millions of customers. Such ultra-fast changes create a new reality in software development. Over the past four years, the Continuous Deployment Summit, hosted at Facebook, Netflix, Google, and Twitter has been held. Representatives from companies like Cisco, Facebook, Google, IBM, Microsoft, Netflix, and Twitter have shared the triumphs and struggles of their transition to continuous deployment practices—each year the companies press on, getting ever faster. In this chapter, the authors share the common strategies and practices used by continuous deployment pioneers and adopted by newcomers as they transition and use continuous deployment practices at scale

Security Support in Continuous Deployment Pipeline

Continuous Deployment (CD) has emerged as a new practice in the software industry to continuously and automatically deploy software changes into production. Continuous Deployment Pipeline (CDP) supports CD practice by transferring the changes from the repository to production. Since most of the CDP components run in an environment that has several interfaces to the Internet, these components are vulnerable to various kinds of malicious attacks. This paper reports our work aimed at designing secure CDP by utilizing security tactics. We have demonstrated the effectiveness of five security tactics in designing a secure pipeline by conducting an experiment on two CDPs - one incorporates security tactics while the other does not. Both CDPs have been analyzed qualitatively and quantitatively. We used assurance cases with goal-structured notations for qualitative analysis. For quantitative analysis, we used penetration tools. Our findings indicate that the applied tactics improve the security of the major components (i.e., repository, continuous integration server, main server) of a CDP by controlling access to the components and establishing secure connections

Ways to improve Continuous Deployment processes

Modern software development forces companies to release high quality software faster to respond to market needs. These requirements force software companies to invest on processes which make them able to make development faster without losing quality. Continuous deployment is becoming popular practice to answer the market needs, but using it efficiently can be hard. In this thesis we investigate the benefits, problems and best practices relating to continuous deployment using a literature review and a case study. The objective of this research is to identify the benefits of continuous deployment, and to discover which problems and best practices occur in our case organization, and how often. We investigate a case organization by using interviews and a survey for software professionals. Our main finding is that continuous deployment is the preferred way to do software development and it has numerous benefits. Our case study identified a number of problems which harm the development work. Lack of automated tests and schedule pressures were the most often happening problems. We identified numerous best practices but none of them was used often. These practices included for example techniques which improved test automation practices and organizational support methods for the development team. Future research could focus on why the problems occur often, and why best practices are not widely used

Model-based Continuous Deployment of SIS

This chapter is organized as follows. Section 4.2 provides an overview of the current state of the art and of the practice for the automatic deployment of SIS. Section 4.3 introduces our solutions for the automatic deployment of SIS, first describing how they can be integrated in order to form a coherent deployment bundle and then detailing each our two enablers: GENESIS and DivENACT. Section 4.4 focus on the support offered by our solutions to ensure the trustworthiness deployment of SIS. Finally, Section 4.5 draws some conclusions.publishedVersio

DevOps : Continuous integration and continuous deployment applied

DevOps is a trending concept in the SW industry introduced and popularized during the last decade, this thesis goes deep into the concept, the culture and fields related to it which are present in almost each project and company nowadays. The research model followed in the thesis basically consists in getting in contact with the DevOps culture by designing, developing and implementing a Python tool with some Continuous Integration and Continuous Deployment features. Basically this tool consists on a back-end REST API capable of creating and automating builds on any connected slave node to the tool, similar to traditional DevOps tools logic such as Jenkins or TeamCity, but in a lightweight, portable and OS independent solution, also a frontend is developed in order to make the tool easier and simpler to use. In order to demonstrate the power and the capabilities of the tool we will containerize a build environment with Docker and automate its build process with the tool as well as deploying the binaries resulting from the build process.DevOps es un concepto de tendencia en la industria del SW introducido y popularizado durante la última década, esta tesis profundiza en el concepto, la cultura y los campos relacionados que están presentes en casi cada proyecto y empresa en la actualidad. El modelo de investigación seguido en la tesis consiste básicamente en ponerse en contacto con la cultura DevOps mediante el diseño, desarrollo e implementación de una herramienta Python con algunas características de integración continua y despliegue continuo. Básicamente, esta herramienta consiste en una API REST de back-end capaz de crear y automatizar compilaciones en cualquier nodo esclavo conectado a la herramienta, similar a la lógica de herramientas DevOps tradicionales como Jenkins o TeamCity, pero en una solución ligera, portátil e independiente del sistema operativo, también un front-end se ha desarrollado para hacer que la herramienta sea más fácil y simple de usar. Para demostrar el poder y las capacidades de la herramienta, contenerizaremos un entorno de compilación con Docker y automatizaremos su proceso de compilación con la herramienta, así como desplegaremos los binarios resultantes del proceso de compilación.DevOps es un concepte tendència a la indústria del SW, introduït i popularitzat durant la darrera decada, aquesta tesis aprofundeix en el concepte, la cultura i aspectes relacionats, que son present a la majoria de projectes i empreses avui en dia. El model d'investigació a seguir durant la tesis es basa en entrar en contecte directe amb la cultura de DevOps dissenyant, desenvolupant i implementant una eina en Python amb característiques tant de Integració Continua com de Desplegament Continuu. En resum, la eina consisteix en un backend REST API que permet la creació i automatització de construccions de projectes en qualsevol node esclau conectat a la eina, de manera semblant a eines tradicional de DevOps com son Jenkins o Teamcity pero d'una manera lleugera, portable i independent del sistema operatiu. Tambe s'ha desenvolupat un frontend per facilitar l'us de l'eina. Finalment, per a demostrar el funcionament i la capacitat de l'eina crearem un entorn de construcció amb docker del qual automatitzarem el procés de construcció amb l'eina a més de desplegar els binaris resultants del procés

Continuous Deployment of Trustworthy Smart IoT Systems.

While the next generation of IoT systems need to perform distributed processing and coordinated behaviour across IoT, Edge and Cloud infrastructures, their development and operation are still challenging. A major challenge is the high heterogeneity of their infrastructure, which broadens the surface for security attacks and increases the complexity of maintaining and evolving such complex systems. In this paper, we present our approach for Generation and Deployment of Smart IoT Systems (GeneSIS) to tame this complexity. GeneSIS leverages model-driven engineering to support the DevSecOps of Smart IoT Systems (SIS). More precisely, GeneSIS includes: (i) a domain specific modelling language to specify the deployment of SIS over IoT, Edge and Cloud infrastructure with the necessary concepts for security and privacy; and (ii) a [email protected] engine to enact the orchestration, deployment, and adaptation of these SIS. The results from our smart building case study have shown that GeneSIS can support security by design from the development (via deployment) to the operation of IoT systems and back again in a DevSecOps loop. In other words, GeneSIS enables IoT systems to keep up security and adapt to evolving conditions and threats while maintaining their trustworthiness.The research leading to these results has received funding from the European Commission’s H2020 Programme under grant agreement numbers 780351 (ENACT)

The JDownloader Immune System for Continuous Deployment

Continuous deployment can reduce the time from a source code change to a newly deployed application significantly. Increased innovation speed can make all the difference in a competitive market situation. However, deploying at high frequency requires high speeds of discovering bugs in the deployed software. Using the JDownloader file download manager as our example, we present a fitness model to evaluate a continuously deployed software during operation for expected behavior, present the design and implementation of a monitoring component, and evaluate the model and its implementation using data from JDownloader’s multi-million member strong user base. Our evaluation finds that there had been thousands of undetected bugs, and that newly created bugs can be detected and reported 16 times faster than before

Revisiting Continuous Deployment Maturity : A Two-Year Perspective

Background: Achieving a steady stream of small releases and employing practices such as continuous deployment requires maturity in company processes. Maturity models provide one approach for companies to pinpoint areas of improvement by providing a position and hints to reflect on. Incorporating maturity models with agile software development and continuous deployment has its challenges, though. Aims: The focus of the study is in understanding the evolution of software processes towards continuous deployment in an industry organization over time when a maturity model is used as a yardstick in evaluation. Method: An embedded case study by design, the study utilizes and replicates a survey on the state of software projects in a large Finnish software company, Solita. The survey was initially conducted in 2015 with responses from 35 projects and now replicated in 2017 with responses from 43 projects. Both quantitative and qualitative approaches for survey responses are used in the analysis. Results: Maturity of software processes in the case company show improvement in deployment and in monitoring, albeit short of statistical significance. Technological advances in the application of cloud computing have likely spurred development in these areas. Capability in processes related to test automation and quality has not changed much in two years. Conclusions: Maintaining maturity in software processes requires constant attention as impressions on process quality can gradually diminish. Projects which are built on a compatible technology stack have a greater chance in achieving continuous deployment and thus being more mature. Customer preferences also make a difference in the ability to reach certain maturity levels.Peer reviewe

A Review of Interference Reduction in Wireless Networks Using Graph Coloring Methods

The interference imposes a significant negative impact on the performance of wireless networks. With the continuous deployment of larger and more sophisticated wireless networks, reducing interference in such networks is quickly being focused upon as a problem in today's world. In this paper we analyze the interference reduction problem from a graph theoretical viewpoint. A graph coloring methods are exploited to model the interference reduction problem. However, additional constraints to graph coloring scenarios that account for various networking conditions result in additional complexity to standard graph coloring. This paper reviews a variety of algorithmic solutions for specific network topologies.Comment: 10 pages, 5 figure