As software architects and developers, we’re always looking for best practices and lessons learned to enhance application development. Is there a best practice application reference architecture? What are the challenges other developers are also facing in application development?
To give the developer community answers to these kinds of questions, we’ve joined forces to create a series of videos that guide you through topics and steps to consider throughout the application development journey. We’ll get real, sharing examples that demonstrate pitfalls, as well as opportunities for creating repeatable development processes.
Who we are
We’re Melissa McKay, Developer Advocate at JFrog and Damian Curry, Technical Director Community and Alliances at NGINX. And together, we are on a mission to solve real world development problems by addressing real life concerns.
Melissa is passionate about Java, DevOps, and Continuous Delivery and loves sharing her knowledge and experience with the developer community. She’s been recognized as a Java Champion and Docker Captain, is an international speaker at numerous events including KubeCon and DockerCon, and is a co-author of the O’Reilly title, “DevOps Tools for Java Developers.” Melissa also serves on the Continuous Delivery Foundation TOC and is a Co-Chair of the Interoperability SIG.
Damian heads up all things technical for Community and Alliances at NGINX. Prior to joining the team several years ago, he managed infrastructure for many companies. Even in these past lives, Damian has been a long-time NGINX user, as the tool has played a key role in almost every environment he’s managed.
We’re excited to spend the next few weeks digging into our favorite topics with you!
Software development topics we’ll cover
We kick off our series with a level-setting discussion about the limits of the information that’s available online. Developers frequently search for guidance on how to implement specific steps in their development process, but what you find isn’t guaranteed to be a secure approach or production-ready. Throughout our series, we’ll talk through the possibilities of building applications in a reliable, secure, and repeatable way, pausing to talk in detail about the most common questions asked.
Planning and tool selection
In the series, we talk about the planning process and tool selection, which is the foundation to ensuring quality application development. We love this topic and want you to feel confident in this part of the process by following a few key steps. Start with establishing clearly defined requirements for the system’s purpose, functionality, and performance expectations. This will set your development team up for success by choosing productivity tools that work for instead of against your team. In your last development project, did you assess your collaboration approach (such as working asynchronously and providing visibility across teams) upfront? This decision can greatly influence your planning tool selection. In our series , we also talk through other tool selections such as source control, IDE, and database.
Setting up the development environment
We also talk about setting up the development environment. You’ll want to establish guidelines around setting up code. For instance, do you want all services in a single repository? There are several aspects to consider in your repository selection, which will be unique based on your needs. As an example, JFrog Artifactory enables you to manage your artifacts in a single universal artifact repository manager that delivers scale, reliability, and stability of automation while eliminating bottlenecks. There are also other open source repository options to consider. How you’ll manage versioning is critical. How will you manage consistency and versioning of images? We’ll discuss it in our video series.
Software supply chain security
The increasing sophistication of software supply chain threats makes it critical for organizations to build vulnerability management into their software development processes. In our video series, we’ll discuss topics such as open source risks and government regulations, and the importance of having a maintenance plan as well as an emergency response and mitigation plan for zero-day vulnerabilities.
Every team member plays an important role in software security, from prevention, to detection and response. Developers, IT operations, IT security, and management all have distinct areas of expertise, yet share responsibility for ensuring an organization’s software security. Improvements are made continuously to security tools, and some now include features such as development environment integration, remediation recommendations, and impact analysis. In our series, we’ll help you navigate all of these nuances so you can accurately prioritize your options for building security into your software development processes from initial development to production.
In this video, Melissa and Damian discuss the importance of the planning process and how to set your development team up for success by choosing productivity tools that work for (instead of against) your team.
In this episode, Melissa and Damian begin setting up environments for source control, planning, and artifact management. They also discuss version control, versioning, and choosing a build server.
In this episode, Melissa and Damian dig into various aspects of how, when, and why to infuse security into your software development, and will demonstrate how they’ll do so within their project.
In this episode, Melissa and Damian talk all about deployment methods and the benefits of modern continuous deployment. They discuss the details of deploying as a developer, as QA or staging, and finally into a production environment.
In this episode, Melissa and Damian discuss concepts relating to updates, continuous deployments, security fixes, code improvements, and more. They also interview two specialists, one related to the difference in deployment vs. delivery and the other about database changes.
In our final episode, Melissa and Damian discuss the importance of observing and monitoring your application in production. Topics will include what to observe with your application and how to determine if it is optimized.
Join us for more in our video series
These are just a few of the many topics we’ll cover in our video series. Additional topics will include:
- Deployment and cloud services
- MARA, the NGINX modern apps reference architecture
- Managing updates and the very important topic of observability
Stay tuned as we continue to post videos leading up to swampUP, JFrog’s highly anticipated DevOps and DevSecOps user conference taking place September 12th in San Jose. NGINX will be there, too! We hope you’ll check out our video series and share your lessons learned in your application development journey in the comments of our YouTube videos.