DevOps and the shift-left trend

DevOps and the shift-left trend

Businesses in every sector are undergoing a digital transformation in their quest to deliver services to consumers faster, and at a higher quality than ever before – and for good reason. According to market intelligence firm, IDC, by 2020 there will be over £14 trillion in added annual economic value for companies that invest in digital transformation strategies.

A digital transformation doesn’t happen by itself though.

Most enterprises have recognised the value that DevOps can bring them by applying continuous quality and security throughout every delivery pipeline, accelerating application and service delivery and ensuring better business outcomes. A key enabler of digital transformation is the DevOps practice of moving testing up in the development cycle, a concept known as ‘shift-left’.

Testing must happen earlier

The closer to release that a defect is detected, the more expensive it is to fix. For example, reports indicate that the cost of a defect found in production can be 30 times more expensive than if it were detected – and resolved – during development. Moreover, if the defect remains undetected all the way out into production, the effects can be devastating when it finally comes to light.

The number one objective of software testing and QA today is to ensure end- user satisfaction – a goal that can be hard to achieve when defects arise. And if the defect is security-related, or violates regulations such as GDPR, penalties could include heavy fines on top of a potentially irrevocably damaged reputation. But if we can detect a defect at the moment it is introduced, it can be fixed immediately and the damage will be inconsequential – or even non-existent.

Shift-left is about continuous testing

Today, software is developed in a different way to the waterfall style of the past. Many teams now aim to deliver a ‘minimally viable product’, or MVP, as early as possible. They can then get early feedback on the MVP, and use that feedback to drive further incremental development of the product.

To achieve incremental software delivery at high speed and quality, the software must be tested at the earliest opportunity, and the testing must be repeated every time a change is made. Although there’s much talk about ‘shift-left’, the term is actually somewhat misleading.

It does not mean sacrificing testing that happens towards the end of a feature’s development in favour of testing upfront. Rather, it refers to testing across the entire software development lifecycle – a practice known today as ‘continuous testing’.

Continuous testing is the idea that testing is infused throughout the delivery pipeline, and is the key to effective continuous integration. Right from the design of a user story, the team must consider how that story should be tested. They should think about how it is going to be used, how it integrates with other software components, the environment that it will run in, how many people will be using it, the data it will gather and expose, and more.

This will both guide the team as they write the code, and also determine the tests they need to run.

These tests are run as the code is written, and also when it is committed to the source code control system – something that happens many times each day for a team practicing continuous integration. If a test fails, the developer will be alerted almost immediately, so that it can be fixed right away. Once the code is in the source code control system, a build is automatically performed.

As the build progresses, many tests are run. If any of them fail, the build is halted, and the team is alerted to resolve the issue.

To shorten testing times, and to obtain the best test coverage, the tests must be automated.

Continuous quality and security testing

Tests that run as part of continuous testing typically cover three primary disciplines. The first is functional testing, which assesses whether the software conforms to its specifications. It also involves testing the product as an actual user might use it, to evaluate whether the user experience is good in practice, and not just on paper.

The second is performance testing, which determines how the software behaves under different usage patterns. This is also key to ensuring a satisfactory user experience when under heavy load. Finally, security testing techniques include static code analysis and dynamic security testing to identify potential vulnerabilities in the software and its environment. This means they can be addressed before they are exploited.

Shifting testing left will minimise the chance of delivering a poor user experience, and maximise the likelihood of detecting security issues before they are introduced into production. Given the speed of change today, it is essential to start running those tests as early as possible in the software development process, and run them continuously.

Automated testing is still a challenge

Despite the benefits that continuous testing can bring, levels of test automation today are still woefully low. According to the World Quality Report 2018-19, only 14-18% of test activities are automated. There are a number of reasons for this. Firstly, continuous integration means that the source code is changing all the time, and many automated tests are not robust enough to cope.

Secondly, automated testing requires the ability to deploy test environments reliably and provision test data predictably. Test data, and especially data from production systems, must comply with regulations such as the EU General Data Protection Regulation, so data must be anonymised and personally identifiable information (PII) must be masked.

Finally, many teams lack the necessary skills to implement continuous testing.

Shift-left is worth the effort

Despite the challenges, organisations would be well advised to shift-left and adopt continuous testing. If they are to remain competitive, they must engineer quality and security into everything they do. By introducing and gradually increasing automation into their processes, they will eventually be able to deploy reliable and consistent test environments and test data, and execute automated tests across the entire deployment pipeline.

Shifting testing left means that defects are found faster and are less costly to fix, as well as enabling teams to focus their efforts on business value instead of debugging. All this will go a long way to ensure a successful digital transformation, creating a high-performing, high quality and secure user experience.

Malcolm Isaacs, application delivery management, Micro Focus