Our great sponsors
-
cats
CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance. (by Endava)
focus on negative and boundary testing, not only on happy scenarios; CATS is a good option for API testing
-
consider adding some security testing inside the pipeline
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
do not store secrets (passwords, api keys, ssh keys, private keys, etc) in source files or in version control; use proper Secrets Vault systems
-
some good tools for security code analysis: Veracode, Checkmarx, Sonarqube
-
use an abstraction over the actual logging implementation; for example in Java: slf4j with logback as implementation
-
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
-
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Automate everything. Automation makes it predictable and consistent. The CI/CD pipeline should be the place where you automate all checks that will assess your (micro)service from a quality perspective. Tools like Semgrep can bring automation with less effort for standards not obviously suited for automation.
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
-
use an abstraction over the actual logging implementation; for example in Java: slf4j with logback as implementation