Shift-Left Testing is Critical for Business Success

It’s time for application leaders to apply shift-left practices to their software development strategies. By doing so, they can stop poorly written and difficult-to-understand code in its tracks, before it becomes a business liability, says a recent Gartner report. In, Master Shift-Left Testing and Increase Feedback to Improve Code Quality, research analysts Joachim Herschmann and Jim Scheibmeir offer smart advice for CIOs ­and technology leaders steering app development in a results-focused business environment.

“Application leaders often struggle to develop successful application modernization business cases, especially across multiple platforms,” says the report. “Those who succeed are taking a business-focused approach.” The analysts suggest that tools offering” a broad overview of your application estate” can fast-track signoffs on modernization programs.

CACEIS Banks on Deeper Analysis

If CIOs are to deliver modernization and development programs that support C-suite business goals, they must conduct static analysis and other code-quality assurances early on in a project’s evolution. CACEIS, the French asset servicing bank and a CAST Highlight user, has been doing just that for three years. Six months after its tech leaders adopted shift-left, static analysis best practices, the firm was better equipped to:   

• Intercept code issues early on, so its developers can focus on innovation.
• Compile the necessary metrics to negotiate outcome-based contracts with outsourcers.
• Address software issues to increase customer satisfaction.

Because of these successes, static analysis enabled by Software Intelligence is now used in over 70% of the firm’s software development.

What’s Holding You Back?

How can you lead your team to achieve similar harmony with your firm’s business goals? The Gartner analysts call out these DevOps-specific obstacles to overall business success:

• Tech teams must support frequently changing portfolios, often within an enterprise of complex application interdependencies. Business realities like mergers and acquisitions underscore the need to stay on track with make application portfolio updates – and to weed out redundancies.
• Application leaders are under extreme pressure to accelerate software delivery, with low-quality code being unfortunate consequence.
• Bad code is crushing digital businesses, disrupting the customer experience, and compromising revenue.

Blast through Obstacles, When and Where it Matters Most

The Gartner report advises application leaders in charge of developing digital business solutions to leave many manual code reviews behind, in favor of:

• Shift-left testing practices as the core of a proactive quality strategy.
• Conducting pair programming and code reviews to ensure code resiliency and maintainability.
• Repair of defects, structural and otherwise, before the development cycle and/or after testing cycles.
• Using static code-analysis tools (as does CACEIS) as a mandatory part of the continuous integration process. This prevents the release of overly complex and/or vulnerable code.
• Use automated testing for coding and review processes, “as early and as often as possible,” to reduce feedback times and create a pipeline of applications ready for dynamic testing. 
• Identify and remove unreachable code.

Standards, such as those detailed in the Consortium for IT Software Quality (CISQ)’s ISO 25010 Quality Model, provide code-QA guidance. Constant monitoring of code Security, Reliability, Maintainability, and Performance Efficiency, among other attributes, can help development teams avoid incidences and to better support their firms’ business needs.

What Does an Optimal Analysis Tool Offer?

The Gartner analysts endorse CISQ-compliant static-code analysis tools. Some of these are developer- or architect-focused, while others offer a portfolio- or application-level view of software quality that caters to the C-level audience. When evaluating a product, they suggest asking:

• What languages, frameworks and technologies does it support?
• What types or categories of analysis can it provide?  (i.e. security, reliability, efficiency, etc.)
• Can it integrate into your DevOps tool chain?

Static Analysis in Motion

At CACEIS, putting static analysis to the test by using CAST Highlight has given the tech team “new and very relevant data-driven input into software developers’ ongoing training and improvement plans.” Unlike other organizations which might use this tool to shift reduce headcount, it’s instead identifying potential areas of improvement for coding practices. Developers receive feedback quickly and are “using the information overtime to drive improvement,” says the report.

When your organization continues to adopt and stay current with the kinds of shift-left best practices discussed here, it’s much easier and more productive to work with your business counterparts in achieving success for the organization.