Our great sponsors
-
cats
CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance. (by Endava)
focus on negative and boundary testing, not only on happy scenarios; CATS is a good option for API testing
-
consider adding some security testing inside the pipeline
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
do not store secrets (passwords, api keys, ssh keys, private keys, etc) in source files or in version control; use proper Secrets Vault systems
-
some good tools for security code analysis: Veracode, Checkmarx, Sonarqube
-
use an abstraction over the actual logging implementation; for example in Java: slf4j with logback as implementation
-
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
-
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Automate everything. Automation makes it predictable and consistent. The CI/CD pipeline should be the place where you automate all checks that will assess your (micro)service from a quality perspective. Tools like Semgrep can bring automation with less effort for standards not obviously suited for automation.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
-
use an abstraction over the actual logging implementation; for example in Java: slf4j with logback as implementation
Related posts
- Java Checkstyle reports formatting as a warning, not an error despite my explicit severity
- Checkstyle - development tool to help programmers write Java code that adheres to a coding standard.
- Code smell plugin
- What are some useful static analyzers for Java?
- How can I help my partner write better code?