-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
snyk
Discontinued Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
Ideally, software can quickly go from development to production. Continuous deployment and delivery are some processes that make this possible. Continuous deployment means establishing an automated pipeline from development to production while continuous delivery means maintaining the main branch in a deployable state so that a deployment can be requested at any time. Predecos uses these tools. When a commit goes into master, the code is pushed directly to the public environment. Deployment also occurs when a push is made to a development branch enabling local/e2e testing before push to master. In this manner the master branch can be kept clean and ready for deployment most of the time. Problems that surface resulting from changes are visible before reaching master. Additional automated tools are used. Docker images are built for each microservice on commit to a development or master branch, a static code analysis is performed by SonarCloud revealing quality and security problems, Snyk provides vulnerability analysis and CodeClimate provides feedback on code quality while Coveralls provides test coverage. Finally, a CircleCI build is done. Each of these components use badges which give a heads-up display of the health of the system being developed. Incorporating each of these tools into the development process will keep the code on a trajectory of stability. For example, eliminating code smells, security vulnerabilities, and broken tests before merging a pull-request (PR) into master. Using Husky on development machines to ensure that code is well linted and locally tested before it is allowed to be pushed to source-control management (SCM). Applying additional processes such as writing tests around bugs meaning reintroduction of a given bug would cause a test to fail. The automated tools would then require that test to be fixed before push to SCM meaning fewer bugs will be reintroduced. Proper development processes and automation have a strong synergy.
-
-
-
There is also something to be said about heavily vetted dependencies. The Predecos back-end relies upon Kubernetes and Apache Kafka. Both are widely trusted. Kubernetes originates from a system created by Google to manage containers at scale called Borg. With that background comes valuable experience. Borg was used for years at scale before Kubernetes was introduced. Kubernetes is now a trusted technology by many cloud providers and it provides a layer of abstraction between the cloud implementation and the cloud technology used (i.e, GCP, AWS, DigitalOcean, Azure, etc). There are other factors that tie you to the provider such as storage, but the dependence is reduced by use of Kubernetes which translates operations to those required by a specific cloud using what’s called the cloud-controller-manager. Kafka is similarly battle-tested making it very reliable. It’s used in Predecos as an event streaming system. It enables very valuable subscriptions, providing real-time data capabilities as well as efficient communication between microservices.
-
There is also something to be said about heavily vetted dependencies. The Predecos back-end relies upon Kubernetes and Apache Kafka. Both are widely trusted. Kubernetes originates from a system created by Google to manage containers at scale called Borg. With that background comes valuable experience. Borg was used for years at scale before Kubernetes was introduced. Kubernetes is now a trusted technology by many cloud providers and it provides a layer of abstraction between the cloud implementation and the cloud technology used (i.e, GCP, AWS, DigitalOcean, Azure, etc). There are other factors that tie you to the provider such as storage, but the dependence is reduced by use of Kubernetes which translates operations to those required by a specific cloud using what’s called the cloud-controller-manager. Kafka is similarly battle-tested making it very reliable. It’s used in Predecos as an event streaming system. It enables very valuable subscriptions, providing real-time data capabilities as well as efficient communication between microservices.
-
-
Ideally, software can quickly go from development to production. Continuous deployment and delivery are some processes that make this possible. Continuous deployment means establishing an automated pipeline from development to production while continuous delivery means maintaining the main branch in a deployable state so that a deployment can be requested at any time. Predecos uses these tools. When a commit goes into master, the code is pushed directly to the public environment. Deployment also occurs when a push is made to a development branch enabling local/e2e testing before push to master. In this manner the master branch can be kept clean and ready for deployment most of the time. Problems that surface resulting from changes are visible before reaching master. Additional automated tools are used. Docker images are built for each microservice on commit to a development or master branch, a static code analysis is performed by SonarCloud revealing quality and security problems, Snyk provides vulnerability analysis and CodeClimate provides feedback on code quality while Coveralls provides test coverage. Finally, a CircleCI build is done. Each of these components use badges which give a heads-up display of the health of the system being developed. Incorporating each of these tools into the development process will keep the code on a trajectory of stability. For example, eliminating code smells, security vulnerabilities, and broken tests before merging a pull-request (PR) into master. Using Husky on development machines to ensure that code is well linted and locally tested before it is allowed to be pushed to source-control management (SCM). Applying additional processes such as writing tests around bugs meaning reintroduction of a given bug would cause a test to fail. The automated tools would then require that test to be fixed before push to SCM meaning fewer bugs will be reintroduced. Proper development processes and automation have a strong synergy.
-
CodeClimate
Discontinued Multi-language code linter, auto-formatter, and security scanner [Moved to: https://github.com/qltysh/qlty]
Ideally, software can quickly go from development to production. Continuous deployment and delivery are some processes that make this possible. Continuous deployment means establishing an automated pipeline from development to production while continuous delivery means maintaining the main branch in a deployable state so that a deployment can be requested at any time. Predecos uses these tools. When a commit goes into master, the code is pushed directly to the public environment. Deployment also occurs when a push is made to a development branch enabling local/e2e testing before push to master. In this manner the master branch can be kept clean and ready for deployment most of the time. Problems that surface resulting from changes are visible before reaching master. Additional automated tools are used. Docker images are built for each microservice on commit to a development or master branch, a static code analysis is performed by SonarCloud revealing quality and security problems, Snyk provides vulnerability analysis and CodeClimate provides feedback on code quality while Coveralls provides test coverage. Finally, a CircleCI build is done. Each of these components use badges which give a heads-up display of the health of the system being developed. Incorporating each of these tools into the development process will keep the code on a trajectory of stability. For example, eliminating code smells, security vulnerabilities, and broken tests before merging a pull-request (PR) into master. Using Husky on development machines to ensure that code is well linted and locally tested before it is allowed to be pushed to source-control management (SCM). Applying additional processes such as writing tests around bugs meaning reintroduction of a given bug would cause a test to fail. The automated tools would then require that test to be fixed before push to SCM meaning fewer bugs will be reintroduced. Proper development processes and automation have a strong synergy.
-
Security is always an important part of development.With a lack of security expertise, my goal was to use a quality third-party product that works well. In balancing cost with features available I decided to use Auth0 providing many features for a cheap, consistent price.
