DevSecOps Contd….
Static Code Analysis
- Peer Code Review
- Since a person is doing the review, mistakes can happen.
- Static Code Analysis tools take over certain responsibilites from Bharat
- Coding Standards
- Best Practices
- Securiy Issues
- Design Issues
- Test Case Quality
- If we can run this static code analysis with every change in the pipeline and
- Phase-1 : Show the report generated
- Phase-2: Fail the build if the agreed criteria is not met (Quality Gate)
Testing By DevTeams
- Unit Tests: Developers are expected to write tests to check the code developed by team
- When developers perform unit testing, there should be a way to measure the quality of unit tests.
- Line Coverage
- Branch Coverage
- Note: As a devops Engineer, we are expected to create Quality Gates around
- Test Coverage
- Static Code Analysis issues
Softwares To Be Installed
Windows Users
- Install chocolatey
- Windows Terminal
- Visual Studio Code (choco install vscode -y)
- Git For Windows (choco install git -y)
MAC
- Homebrew: Refer Here
- Visual Studio Code (brew install –cask visual-studio-code)
- git (brew install git)
