Flyer Dimensions CM

Continuous Inspection with Dimensions CM

Achieving high velocity with quality for complex product and application development teams

Why Continuously Inspect The adoption of DevOps pracitces, such as In the race to deliver software faster and adopt ‘Shift-left,’ are driving adoption of a desire to “The visibility and insight that modern development practices, enterprises continuously integrate and inspect the soft- Dimensions CM 14 provides allows must avoid increasing the security, compli- ware changes from development, with code- us to see if we are converging to ance, and performance risks in the software oriented solutions with integration to a DevOps quality or diverging from quality development lifecycle. Managing SDLC risk is tool chain. in real time.” particularly critical in sensitive, highly regulated sectors such as financial services, government, Why is continuous inspection important for complex applications in both enterprise IT and KEN VANE healthcare, and defense. product development? It enables development Navy Federal Credit Union Important concerns for application devel- to rapidly respond to code issues, findings, and opment teams now include adherence to vulnerabilities while improving the quality of coding standards as well as increased ap- their products at a lower cost and speeding plication complexity that might impact code release readiness. quality. Incorporating a continuous inspection toolchain into your development process ad- dresses both these issues by detecting poten- tial code errors and ensuring compliance with coding standards.

A continuous inspection toolchain typically in- cludes build tools, unit test tools, static analysis tools, coding style tools, and security and risk analysis tools.

Figure 1. The need for Continuous Inspection Flyer Continuous Inspection with Dimensions CM

Build Configurations development team collaboration for both collo- findings. Experts are notified when a delivery is When selecting your build tool, it is important cated and geographically distributed partners. made to the stream, and a changeset is created to consider your build configuration options. right away or on a determined schedule. For Within any development team, consideration In addition to reviewing code, the results from example, automated schedule runs nightly, and needs to be given for debug, release, and test. the continuous inspection toolchain are also triggered runs a build on every commit. Teams may use a debug build while develop- made available within the peer code review, ing, a continuous integration or build server providing timely feedback on the status and You can configure experts to run in a sequence, might use test configurations, and release any findings or errors arising from the auto- called an expert chain, and can create multiple builds may be required to ship or deploy to mated build, unit test, static code analysis, and independent expert chains to run on a stream. include source to load integrity. web vulnerability assessment tools. Expert results are inspected in an activity view or on a review page and are also aggregated in Dimensions CM Build supports all three build With peer code review and the continuous a Dashboard of KPI Metrics that visualizes the configurations. And for formal “turnover” builds, inspection toolchain integral to your team’s overall development stream’s quality. it is uniquely able to capture and store all as- Dimensions CM practices and processes, aggregated Dashboard KPI Metrics provide sociated build artifacts, build dependencies, Static Analysis, Code Review, and artifact relationships. With both the source critical insights into the software quality that code and the software bill of materials ver- increases confidence in decision making for and Testing sioned, Dimensions CM uniquely delivers immu- downstream QA and release teams. There is growing recognition of the value in table baselines for release and audit purposes. integrating code-centric tools within an auto- Deployment areas are now auditable, ensuring Ensuring your projects and sprint deliverables mated development process. When automated the integrity of promoting and deploying artifacts have high-quality code results in fewer bugs and in a tool-chain and results made available as through the path to production. Subsequent influences the maintainability, extensibility, and feedback directly to developers, adoption, and change impact analysis is simplified. readability of software applications, which have usage increases. a direct impact on the ROI for your business. Peer Code Review Metrics generated from a continuous inspec- Statistics prove that peer code review is one Expert Tools tion toolchain can illustrate technical debt and of the most effective ways to improve software Experts are tools that perform actions on devel- provide a definition of done, while providing quality by reducing defects upstream. By align- opment streams, such as examining the health aggregated KPI Metrics shows the conver- ing a peer code review within an automated and quality, and report back measurements and gence or divergence from your quality goals. continuous inspection process, code reviews become highly effective, collaborative, and rapid. Strategy Percentage of Defects Found Dimensions CM includes a collaborative Testing 35% to 85% web-based peer code review that facilitates Inspection On average 85% Static Analysis 40% to 85%

2 Supported Experts The Continuous Inspection toolchain is extensible while supporting the following out-of-box experts:

Build Server Experts Dimensions CM Build, Jenkins Code Checking Experts Checkstyle, PMD Static Analysis Experts Kiuwan, SonarQube Security/Risk Analysis Experts OWASP, Fortify Deployment Experts Dimensions CM Deploy, Micro Focus® Deployment Automation

Summary Micro Focus Dimensions CM provides an op- Continuous inspection can dramatically im- timized development experience while inte- prove code quality and development produc- grating a continuous inspection toolchain and tivity while reducing costs of rework. assuring a high-degree release readiness for successful deployments.

www.microfocus.com 3 “A synergistic combination of formal inspections, static analysis, and formal testing can achieve combined defect efficiency levels of 99%.”

CAPERS JONES

www.microfocus.com

Micro Focus UK Headquarters United Kingdom +44 (0) 1635 565200

U.S. Headquarters Rockville, Maryland 301 838 5000 877 772 4450

Additional contact information and office locations: www.microfocus.com

161-000084-001 | S | 02/17 | © 2017 Micro Focus. All rights reserved. Micro Focus and the Micro Focus logo, among others, are trademarks or registered trademarks of Micro Focus or its subsidiaries or affiliated companies in the United Kingdom, United States and other countries. All other marks are the property of their respective owners.