Transforming DevSecOps with the shift-left approach 

post-title

iOCO’s senior quality engineer, Alfred Lehabe, reveals why ‘shift-left’ testing is gaining traction in software development, and provides an insider’s view of the testing process.

In this interview, iOCO’s Alfred Lehabe highlights a rising trend in software development 'shift-left' testing. He explains that this approach integrates security measures from the earliest stages of development, fostering continuous security practices and reducing vulnerabilities, and more.

Q: How does shift-left testing fit into the DevSecOps process?

A: Shift-left testing introduces testing early in the software development cycle, thereby identifying and addressing defects in the software sooner. When integrated into the DevSecOps process, this approach ensures that security measures are applied from the initial stages of software development, promoting continuous security practices and reducing vulnerabilities. 

Q: What is the importance of shift-left testing for applications? 

A: Previously, the deployment and testing phases were typically handled later in the development process, often resulting in iterative cycles between QA (quality assessment) and implementation teams. However, adopting shift-left testing has enabled us to start testing as early as the requirement phase. 

In practical terms, this means we address uncertainties through initial meetings where we clarify requirements and establish a solid foundation for development. For example, testing APIs prior to integration with the front end has become standard practice, leading to enhanced software quality. This shift also establishes a continuous feedback loop, facilitating iterative improvements throughout the development life-cycle.

In terms of security, it allows you to reduce vulnerabilities throughout the life-cycle by examining different stages of code in various environments and phases of testing as the code is moved through, ultimately promoting secure code.

Q: One of the significant benefits of shift-left is defining test cases and acceptance criteria early on, facilitating a smoother development process. Please make this plain for the layperson.  

A: Product owners and business analysts compile user stories to define their business requirements and feature expectations. On the other hand, UX designers draft webpage mock-ups to describe the desired user experience. When software testers collaborate at the outset, they identify more undefined behaviours and negative test cases to define how the system should behave during error and failure scenarios, leading to more robust solutions. The testers are also well versed in software engineering practices and easily spot ambiguity in user stories, missing requirements, or unmentioned validations. Being able to collaborate with business and resolve these communication gaps saves development time and produces a higher quality product. 

Q: Which tools are available to support shift-left testing? 

A: User interface testing with Cypress, an open-source JavaScript-based testing framework for web applications and APIs, allows for end-to-end testing and UI automation. It assists in debugging while developing, running tests inside the app, and bringing innovative ideas to the testing process. The Karate framework is an open-source tool allowing automated API testing and API performance testing. It uses Gherkin syntax to make the test cases readable to even non-technical people. 

Q: Are you evaluating and deploying AI testing tools, since they are becoming mandatory elements of the application testing process?

A: GitHub Copilot is a valuable tool. In short, GitHub Copilot helps QA testers automate test scripts faster, generate test data, understand code better, enhance automation frameworks, collaborate with developers, and continuously learn and improve their testing skills.

Q: Is shift-left testing trending in the financial services and other business sectors?

A: Yes, shift-left testing is indeed trending among our clients. This approach validates business requirements early in the development process, ensuring the right product is built from the start. Our teams have adopted this methodology for its time and cost savings. While there was initial resistance, our clients now recognise the substantial value of shift-left testing and have seamlessly integrated it into their workflows, driving greater efficiency and success in their projects.

Related articles

Top