Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
We have a smaller Dev team of around 20 developers working on 2 specific business towers. We also have a Sec and Ops team managing ticket based work. The idea is to combine Dev Sec and Ops. Wanted to ask what agile methodology suits this kind of transformation?
I would recommend to move to Scrum for your development team. For the Operations I would recommend Kanban. Once the team have reached a maturity level when they are comfortable with their respective way of working, go for ScrumBan when you transform your teams together moving towards DevOps. I would also recommend using JIRA.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I know how to build a site. But I don't know how to save it from a hacker.
You can spend ages on this, but assuming you're starting from scratch, I'd go with the following:
Read your framework/language security guide. For example if you're writing the web app in PHP/Symfony, read https://symfony.com/doc/current/book/security.html and https://secure.php.net/manual/en/security.php (this should be short and easy application of best practices / tweaking known settings)
Read anything relevant on OWASP. It may be hard to do all of it, but some sections to point out are: Top 10 web issues, Development guide, Cheat sheets.
Keep applying what you learned and read more :)
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
I see that sonarQube can be used for measuring code quality and for finding security vulnerabilities. I am having hard time deciding whether to replace the custom-build BDD security testing scenarios with sonarQube testing for my backend services. BDD testing usually takes longer than the sonarQube analysis. I would appreciate your suggestions on this.
Thanks
These two things are complementary. I wouldn't stop either in favor of the other.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
[Thank you for answers. I am adding more information to my original question]
We have a Python App that is deployed across several customer locations. It is not feasible to set up a VPN between our servers and the client machines.As we add new features, we want to push it to our existing customers. We are looking for something similar to how on the air updates are handled. I understand this is not a new problem and was hoping to seek some ideas on how it has been handled so far..
A scalable to solution to this would be to embrace server orchestration. This will allow you to decouple the process of pushing updates to your app, from the infrastructure in which it sits.
Ansible is my favourite solution in this department. Other popular solutions are Chef of Puppet.
A common and sensible component of server orchestration is Push to Deploy. Your master branch always contains production code.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I want to know about "Analyst" in software development team. What is his role in development team, responsibilities, etc.
The analyst is the person responsible for accurately documenting the business requirements and turning those requirements over to the technical staff responsible for implementing them. It's an important role because it frees the developers from having to interview the business users, so they have more time to flex their core skill (which is development).
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I have taken over a large project at work that requires a lot of TLC to get it into a manageable state. The whys and hows of this situation don't really matter at this point.
I was thinking I could use some of the concepts of IT Service Management to rein in this project. It has no coding standards, no change management, no issue tracking, and no build process to speak of. Everything is done by hand in Explorer with issues added to a Word document as the help desk receives them.
What kind of formal process would you use to address this situation?
Have you considered ITIL? It has a formalized structure for some of the areas that you’re dealing with, such as application management, change management, and incident management. It’s a formal process with supporting documentation and certifications.