Shift-Left Testing is Critical for Business Success

Mar 29, 2019 by Lev Lesokhin

It’s time for application leaders to apply shift-left practices to their software development strategies. By doing so, they can stop poorly written and difficult-to-understand code in its tracks, before it becomes a business liability, says a recent Gartner report. In, Master Shift-Left Testing and Increase Feedback to Improve Code Quality, research analysts Joachim Herschmann and Jim Scheibmeir offer smart advice for CIOs ­and technology leaders steering app development in a results-focused business environment.

“Application leaders often struggle to develop successful application modernization business cases, especially across multiple platforms,” says the report. “Those who succeed are taking a business-focused approach.” The analysts suggest that tools offering” a broad overview of your application estate” can fast-track signoffs on modernization programs.

CACEIS Banks on Deeper Analysis

If CIOs are to deliver modernization and development programs that support C-suite business goals, they must conduct static analysis and other code-quality assurances early on in a project’s evolution. CACEIS, the French asset servicing bank and a CAST Highlight user, has been doing just that for three years. Six months after its tech leaders adopted shift-left, static analysis best practices, the firm was better equipped to:   

 

  • Intercept code issues early on, so its developers can focus on innovation.
  • Compile the necessary metrics to negotiate outcome-based contracts with outsourcers.
  • Address software issues to increase customer satisfaction.


Because of these successes, static analysis enabled by Software Intelligence is now used in over 70% of the firm’s software development.

What’s Holding You Back?

How can you lead your team to achieve similar harmony with your firm’s business goals? The Gartner analysts call out these DevOps-specific obstacles to overall business success:

 

  • Tech teams must support frequently changing portfolios, often within an enterprise of complex application interdependencies. Business realities like mergers and acquisitions underscore the need to stay on track with make application portfolio updates – and to weed out redundancies.
  • Application leaders are under extreme pressure to accelerate software delivery, with low-quality code being unfortunate consequence.
  • Bad code is crushing digital businesses, disrupting the customer experience, and compromising revenue.


Blast through Obstacles, When and Where it Matters Most

The Gartner report advises application leaders in charge of developing digital business solutions to leave many manual code reviews behind, in favor of:

 

  • Shift-left testing practices as the core of a proactive quality strategy.
  • Conducting pair programming and code reviews to ensure code resiliency and maintainability.
  • Repair of defects, structural and otherwise, before the development cycle and/or after testing cycles.
  • Using static code-analysis tools (as does CACEIS) as a mandatory part of the continuous integration process. This prevents the release of overly complex and/or vulnerable code.
  • Use automated testing for coding and review processes, “as early and as often as possible,” to reduce feedback times and create a pipeline of applications ready for dynamic testing. 
  • Identify and remove unreachable code.


Standards, such as those detailed in the Consortium for IT Software Quality (CISQ)’s ISO 25010 Quality Model, provide code-QA guidance. Constant monitoring of code Security, Reliability, Maintainability, and Performance Efficiency, among other attributes, can help development teams avoid incidences and to better support their firms’ business needs.

What Does an Optimal Analysis Tool Offer?

The Gartner analysts endorse CISQ-compliant static-code analysis tools. Some of these are developer- or architect-focused, while others offer a portfolio- or application-level view of software quality that caters to the C-level audience. When evaluating a product, they suggest asking:

 

  • What languages, frameworks and technologies does it support?
  • What types or categories of analysis can it provide?  (i.e. security, reliability, efficiency, etc.)
  • Can it integrate into your DevOps tool chain?


Static Analysis in Motion

At CACEIS, putting static analysis to the test by using CAST Highlight has given the tech team “new and very relevant data-driven input into software developers’ ongoing training and improvement plans.” Unlike other organizations which might use this tool to shift reduce headcount, it’s instead identifying potential areas of improvement for coding practices. Developers receive feedback quickly and are “using the information overtime to drive improvement,” says the report.

When your organization continues to adopt and stay current with the kinds of shift-left best practices discussed here, it’s much easier and more productive to work with your business counterparts in achieving success for the organization.

Filed in: DevOps
Tagged: CISQ code quality DevOps IT modernization Shift left Shift-Left Testing Software Intelligence Software Quality Software Standards static analysis
Get the Pulse Newsletter Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the very least libraries, frameworks or databases that get used in mission critical IT systems. In some cases entire systems being build on top of open source foundations. Since we have been benchmarking IT software for years, we thought we would set our sights on some of the most commonly used open source software (OSS) projects. Software Intelligence Report <> Papers
Listen to Infosys & CAST experts on “Smarter and Safer Application Modernization” 21 November  Register for webinar
In our 29-criteria evaluation of the static application security testing (SAST) market, we identified the 10 most significant vendors — CAST, CA Veracode, Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock, SonarSource, and Synopsys — and researched, analyzed, and scored them. This report shows how each measures up and helps security professionals make the right choice. Forrester Wave: Static Application Security Testing, Q4 2017 Analyst Paper
Making sense of cloud transitions for financial and telecoms firms Cloud migration 2.0: shifting priorities for application modernization in 2019 Research Report
Lev Lesokhin
Lev Lesokhin EVP, Strategy and Analytics at CAST
Lev spends his time investigating and communicating ways that software analysis and measurement can improve the lives of apps dev professionals. He is always ready to listen to customer feedback and to hear from IT practitioners about their software development and management challenges. Lev helps set market & product strategy for CAST and occasionally writes about his perspective on business technology in this blog and other media.
More Posts from Lev >>
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|

Get a Demo    •    Contact Us    •     Support    •     The Software Intelligence Pulse    •     Privacy Policy    •     SiteMap    •     Glossary    •     Archive

Copyright 2019 - CAST | All Rights Reserved