Published Aug 29, 2019
WRITTEN BY THE KIUWAN TEAM
Experienced developers, cyber-security experts, ALM consultants, DevOps gurus and some other dangerous species.
What is continuous integration?
Imagine that your organization is working on a major software project. Naturally, the workload is divided among several team members, each developing a different module or function. After many months of effort, the team must integrate the various pieces into a functioning whole. Unfortunately, problems emerge in the assembly stage. Due to the complexity of the project, it’s difficult to isolate and resolve the issues. Weeks or even months might pass before defects are fixed and the individual modules work together. All the while, deadlines for user acceptance testing and deployment are approaching fast.
Continuous integration (or CI ) offers a solution to this type of situation. Instead of waiting until the end of a project to integrate the code from individual members of the development team, CI requires that new code be integrated early and often. In a nutshell, continuous integration is an agile software development technique whereby developers insert finished code snippets in the application regularly — maybe once or several times a day — instead of waiting until the end of the project to integrate the code.
The concept of continuous integration dates back to 1991 with Grady Booch. However, Booch did not suggest that continuous integration become part of the build process for an application. Also, he did not advocate for integrating code several times a day. It was the Extreme Programming (XP) framework which adapted the concept of continuous integration to include integrating more than once per day.
With advances in technology and the growing complexity of software code, it has become essential to automate the application build process. And continuous integration is critical for resolving integration problems (merge conflicts) in the build.
Advantages and Disadvantages
Advantages of continuous integration
- Eliminates the long and tedious integration phase at the end of a project.
- Makes early troubleshooting possible.
- Ensures faster bug fixes because the development team can identify and fix bugs quickly.
- Reduces the anxiety of integrating many code modules at once that increase the likelihood of many issues arising.
- Small and frequent integration ensures that a developer has a close eye on the code and quickly resolves any problems that arise.
- Allows accurate recording of changes.
- Increases efficiency and productivity. You spend more time building software and less time on lengthy code commits and bug fixing.
- Fewer bugs and faster bug resolution leads to faster application delivery to customers. This has a positive effect on your bottom line.
Disadvantages of continuous integration
- When multiple developers want to submit their code at around the same time, waiting times occur because they have to wait for others to finish first.
- You must develop suitable test procedures.
- Well-rehearsed teams may experience difficulties switching to continuous integration.
Best Practices for Continuous Integration
1. Planning is key
It is a best practice to plan for continuous integration adequately. The process may have its pain points, but thorough planning ensures that you can overcome the challenges the process presents. Additionally, make sure that continuous integration has a return on investment for both your team and company.
2. Gain buy-in from all parties
If you choose to use continuous integration, ensure that everyone involved has the necessary level of commitment. When your developers are not onboard, you will have a hard time making continuous integration work even with a perfect plan. Just a few developers deviating from the established standards may cause chaos.
It is also a best practice to have a planning meeting with all involved parties. Thoroughly discuss the challenges and benefits of continuous integration for your organization. Also, explain to the team what changes must be made and why. Make sure you answer any questions the team may have and make the process a collaborative effort.
3. Build a roadmap
You can’t install a few continuous integration tools, get buy-in from your team, and then make a shift in one day. You must develop a strategic roadmap for the transition from your legacy system to continuous integration. Start with a low-impact project to minimize risk. Then scale slowly and strategically. Create organization-wide standards and share them with your team.
4. Offer training
Training your team is important to help them understand continuous integration and handle issues as they arise. Your team requires guidance on how things work, especially if they are used to less frequent code commits.
Training increases your team’s confidence in the new system and increases the system’s credibility. It is a best practice to designate one or two gurus to help your team when they get stuck.
5. Create one source for your code
It may sound obvious to use the same source while working on the code, but it is among the most important factors in CI. Apart from the source, additional elements such as databases should be bundled together in one place so that developers can access them easily.
6. Choose appropriate tools
You must choose the appropriate tools to help you build and deploy applications. Collaborate with your team to develop a list of potential tools. Distributed version control systems (DVCS) like Git are a good place to start because they are designed for easy merging. Git is available for running on your own server, or you can take advantage of GitHub‘s hosted solution. You will also need a continuous integration tool such as Travis CI. In addition, you should evaluate whether your team would benefit from a test automation tool such as Ranorex and a static application security analysis tool like Kiuwan Code Security.
Conduct an in-house proof of concept to ensure the tools will work well in your environment and meet your needs.
7. Make all work visible
All team members should see the changes that developers make to their code. This visibility allows team members to understand how the changes of others affect their own work and tackle potential code conflicts.
Modern software development projects move fast and demand more from developers than ever before. Developers have to write secure code quickly and deliver it to users free of defects. In the past, developers would first write code for the entire application and integrate the code only near the end of the development lifecycle. But this approach has inherent flaws because integrating a large codebase is time-consuming and error-prone.
CI requires that developers integrate code regularly, which makes it possible to quickly identify and resolve bugs. CI has positive outcomes for increasing efficiency and productivity, allowing early troubleshooting and eliminating the long and tedious integration phase at the end of the project. Tools like GitHub, Travis CI, and Ranorex help developers release code quickly and with confidence.
Eliminate vulnerabilities right from the start of the system development lifecycle.