Call for Papers

From Requirements to Code: Automating Continuous Compliance ( Vortrag )

Building DevOps Pipelines to Automate Gated Checkins

Referent: Neil Langmead, Siemens
Vortragsreihe: Safety I
Zeit: 06.12.18 11:45-12:25
Co-Referenten: Keine




Test & Qualitätssicherung, Software Engineering Management, Echtzeit/RTOS






In this presentation, Neil will present Siemens experiences in building DevOps and DevSecOps pipelines for functional safety projects in the Medical (FDA/62304) and Automotive (ISO26262, MISRA) spaces. Automated pipelines will be shown that aid projects compliance, testing, quality and security initiatives. Through a process known as "Isolate, Verify, Merge", developers are shown an optimized process to eliminate software defects at Time Zero (inside their own IDE Developer Environments), Time One (at integration stage) and TIme Two (System Level Testing, automated fuzz tests). Further, we show a system that can baseline developer's normal behavior and use Machine Learning (ML) techniques to find anomalies and departures from the team's baseline. Using ML techniques, we train our testing and quality models to help improve code quality, finding some interesting and unusual software defects. An extensible platform of software defects and checkers is presented as a research result.


- Introduction to DevOps Pipelines
- DevSecOps
- Automated Architecture Compliance using DSMs in a Pipeline
- Architecture Dependency Analysis to Improve SW Build TImes
- Dependency Management
- Static Code Analysis : 14 levels within DevOps
- Unit and Integration Tests
- Changed Based Testing
- Code Coverage
- Open Source Clearing, Operational Risk and Security Risk in using OSS
- Improving Quality through coded Machine Learning
- Dashboard and Analytics
- From Technical Debt to Technical Wealth

Nutzen und Besonderheiten

The CodeClinic DevOps Platform can be used by Software Practitioners to achieve higher levels of automated checks, testing and quality analysis. With every change, there is the ability to run the pipeline, thus answering the question "has this software change resulted in a regression of code quality, or an improvement?" Developers can cut Merge time, integration failures, and build failures in the mainline by deploying the pipeline in Isolate Verify Merge sequences. Reductions of build errors by 40% are achievable by deploying this unique pipeline. Other questions can also be answered, for example, the cost of a NULL release: if I change one line of code, how long will it take to issue a new, validated version of my software? Optimizing the NULL release problem is then a key focus of improving and refining the pipeline. Transitive closure of architectural changes can also be computed, leading to better estimates in test planning, and the minimization of technical debt for the team.

Über den Referenten

Neil Langmead is the founder of the Siemens CodeClinic, a research and development group designed to help Siemens projects develop and release software faster. The Clinic integrates tools, methods and processes to accelerate testing and software compliance activities through automation, and building sophisticated DevOps pipelines for functional safety projects. Neil is an expert in software testing, quality, architecture analytics and security.