BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News InfoQ Live July 20th: Software Supply Chain for DevOps & Reducing Feature Flag Debt

InfoQ Live July 20th: Software Supply Chain for DevOps & Reducing Feature Flag Debt

This item in japanese

How can modern DevOps practices accelerate your software delivery without the quality issues? Learn how automation, continuous testing, and supply management techniques can improve software quality and speed of delivery. Get valuable insights from world-class domain experts at InfoQ Live on July 20th.

Register to watch live and also get exclusive access to all talks on-demand after the event so that you can revisit any of the sessions or watch any of the talks you missed.

Turn advice from world-class software professionals into immediate action items that you and your team can implement. Attend InfoQ Live July sessions:

Piranha: Reducing Feature Flag Debt @Uber by Murali Krishna Ramanathan, Staff Software Engineer @Uber

Feature flags are commonly used in the software development process as they provide flexibility with regard to gradual rollout of features, enabling A/B testing and providing the ability to toggle features on production instances. An often overlooked part of this development model is the introduction of tech debt due to stale feature flags.

The presence of code due to stale flags can adversely affect application reliability and increase software development costs. At Uber, reducing this debt without imposing significant additional overheads on the developers necessitated the design of novel tools and automated workflows.

In this talk, I will describe my experiences with building and deploying Piranha, an automated code refactoring tool to delete code corresponding to stale feature flags. The Piranha workflow has been used continuously at Uber since early 2018 to help delete more than 4K stale flags (> 200KLoC) across Java, ObjectiveC, and Swift code. It has also inspired open source contributions in the form of extensions to JavaScript and Go.

Murali Krishna Ramanathan, Staff Software Engineer @Uber


Software Supply Chains for DevOps by Aysylu Greenberg, Tech Lead of GCP Container Analysis @Google

Several recent high-profile security incidents were due to compromised software supply chains. Software Supply Chain is a collective term used to describe the stages of software lifecycle from source to deployment through CI/CD pipelines, and all the static and dynamic analyses in between. In the world of microservices and cloud computing, trust in your company’s supply chain is critical, as most of the tooling and dependencies are from open source and third-party vendor projects.  

When the code hits production, it’s essential to have enough observability to detect and investigate the problem and get to the root cause and mitigation as quickly as possible. With software supply chain attacks, not only is the newly deployed code under suspicion, but also all the tooling used to produce it becomes a potential attack vector, so an efficient and effective way to verify the integrity of the supply chain is paramount.  

This talk will discuss what information needs to be collected to allow DevOps to inspect and verify the integrity of the supply chain, the challenges of having the right level of detail to reduce mean-time-to-detection and mean-time-to-understanding, some of the existing solutions and open problems in this space.

Aysylu Greenberg, Tech Lead of GCP Container Analysis @Google

InfoQ Live tickets are only $19.95*. Book your spot now.

*We are donating 100% of net revenue tickets (minus taxes, credit card fees, and processing fees) for this event to organizations working towards diversity, equity, and inclusion in the technology industry.

 

Rate this Article

Adoption
Style

BT