Our great sponsors
-
cats
CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance. (by Endava)
focus on negative and boundary testing, not only on happy scenarios; CATS is a good option for API testing
-
consider adding some security testing inside the pipeline
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
do not store secrets (passwords, api keys, ssh keys, private keys, etc) in source files or in version control; use proper Secrets Vault systems
-
some good tools for security code analysis: Veracode, Checkmarx, Sonarqube
-
use an abstraction over the actual logging implementation; for example in Java: slf4j with logback as implementation
-
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
-
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Automate everything. Automation makes it predictable and consistent. The CI/CD pipeline should be the place where you automate all checks that will assess your (micro)service from a quality perspective. Tools like Semgrep can bring automation with less effort for standards not obviously suited for automation.
-
Sonar
Write Clean Java Code. Always.. Sonar helps you commit clean code every time. With over 600 unique rules to find Java bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
-
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
-
use an abstraction over the actual logging implementation; for example in Java: slf4j with logback as implementation
Related posts
- Java Checkstyle reports formatting as a warning, not an error despite my explicit severity
- Checkstyle - development tool to help programmers write Java code that adheres to a coding standard.
- Code smell plugin
- What are some useful static analyzers for Java?
- How can I help my partner write better code?