Real best practices for modern application development

A collaboration video series with NGINX and JFrog on building a modular, production-ready system from tool consideration to security and observability.

NGINX and JFrog video series

As software architects and developers, we’re always looking for best practices and lessons learned to enhance application development. Is there a best practice application reference architecture? What are the challenges other developers are also facing in application development?

To give the developer community answers to these kinds of questions, we’ve joined forces to create a series of videos that guide you through topics and steps to consider throughout the application development journey. We’ll get real, sharing examples that demonstrate pitfalls, as well as opportunities for creating repeatable development processes.

Who we are

We’re Melissa McKay, Developer Advocate at JFrog and Damian Curry, Technical Director Community and Alliances at NGINX. And together, we are on a mission to solve real world development problems by addressing real life concerns.

Melissa is passionate about Java, DevOps, and Continuous Delivery and loves sharing her knowledge and experience with the developer community. She’s been recognized as a Java Champion and Docker Captain, is an international speaker at numerous events including KubeCon and DockerCon, and is a co-author of the O’Reilly title, “DevOps Tools for Java Developers.” Melissa also serves on the Continuous Delivery Foundation TOC and is a Co-Chair of the Interoperability SIG.

Damian heads up all things technical for Community and Alliances at NGINX. Prior to joining the team several years ago, he managed infrastructure for many companies. Even in these past lives, Damian has been a long-time NGINX user, as the tool has played a key role in almost every environment he’s managed.

We’re excited to spend the next few weeks digging into our favorite topics with you!

Software development topics we’ll cover

We kick off our series with a level-setting discussion about the limits of the information that’s available online. Developers frequently search for guidance on how to implement specific steps in their development process, but what you find isn’t guaranteed to be a secure approach or production-ready. Throughout our series, we’ll talk through the possibilities of building applications in a reliable, secure, and repeatable way, pausing to talk in detail about the most common questions asked.

Planning and tool selection

In the series, we talk about the planning process and tool selection, which is the foundation to ensuring quality application development. We love this topic and want you to feel confident in this part of the process by following a few key steps. Start with establishing clearly defined requirements for the system’s purpose, functionality, and performance expectations. This will set your development team up for success by choosing productivity tools that work for instead of against your team. In your last development project, did you assess your collaboration approach (such as working asynchronously and providing visibility across teams) upfront? This decision can greatly influence your planning tool selection. In our series , we also talk through other tool selections such as source control, IDE, and database.

Setting up the development environment

We also talk about setting up the development environment. You’ll want to establish guidelines around setting up code. For instance, do you want all services in a single repository? There are several aspects to consider in your repository selection, which will be unique based on your needs. As an example, JFrog Artifactory enables you to manage your artifacts in a single universal artifact repository manager that delivers scale, reliability, and stability of automation while eliminating bottlenecks. There are also other open source repository options to consider. How you’ll manage versioning is critical. How will you manage consistency and versioning of images? We’ll discuss it in our video series.

Software supply chain security

The increasing sophistication of software supply chain threats makes it critical for organizations to build vulnerability management into their software development processes. In our video series, we’ll discuss topics such as open source risks and government regulations, and the importance of having a maintenance plan as well as an emergency response and mitigation plan for zero-day vulnerabilities.

Every team member plays an important role in software security, from prevention, to detection and response. Developers, IT operations, IT security, and management all have distinct areas of expertise, yet share responsibility for ensuring an organization’s software security. Improvements are made continuously to security tools, and some now include features such as development environment integration, remediation recommendations, and impact analysis. In our series, we’ll help you navigate all of these nuances so you can accurately prioritize your options for building security into your software development processes from initial development to production.


Introduction: Get The Real Story: The Application Development Journey

Episode 1

Episode 1: The One Where We Planned

In this video, Melissa and Damian discuss the importance of the planning process and how to set your development team up for success by choosing productivity tools that work for (instead of against) your team.

Episode 2

Episode 2 : The One Where We Set Up

In this episode, Melissa and Damian begin setting up environments for source control, planning, and artifact management. They also discuss version control, versioning, and choosing a build server.

Episode 3

Episode 3: The One Where We Considered Security

In this episode, Melissa and Damian dig into various aspects of how, when, and why to infuse security into your software development, and will demonstrate how they’ll do so within their project.

Episode 4

Episode 4: The One Where We Deployed

In this episode, Melissa and Damian talk all about deployment methods and the benefits of modern continuous deployment. They discuss the details of deploying as a developer, as QA or staging, and finally into a production environment.

Episode 5

Episode 5: The One Where We Updated

In this episode, Melissa and Damian discuss concepts relating to updates, continuous deployments, security fixes, code improvements, and more. They also interview two specialists, one related to the difference in deployment vs. delivery and the other about database changes.

Episode 6

Episode 6: The One Where We Observed

In our final episode, Melissa and Damian discuss the importance of observing and monitoring your application in production. Topics will include what to observe with your application and how to determine if it is optimized.

Join us for more in our video series

These are just a few of the many topics we’ll cover in our video series. Additional topics will include:

  • Deployment and cloud services
  • MARA, the NGINX modern apps reference architecture
  • Managing updates and the very important topic of observability

Stay tuned as we continue to post videos leading up to swampUP, JFrog’s highly anticipated DevOps and DevSecOps user conference taking place September 12th in San Jose. NGINX will be there, too! We hope you’ll check out our video series and share your lessons learned in your application development journey in the comments of our YouTube videos.