By: Sunil Agrawal, Associate VP, Global Head of Enterprise Architecture Group, LTIMindtree

Technology Landscape

In today’s world, software code captures the distinct business requirements and technological expertise that distinguish each Global Capability Center (GCC)/Global In-House Center (GIC). The legacy and modern custom-built applications have grown exponentially but have become more complicated and unstable with the cross-border teams working from various locations.

According to research conducted by Singapore Management University, nearly 60% of a developer’s time is spent understanding the existing code, while they spend only 5% of their time writing a new code and 20% of it on modifying a legacy code [1]. Our experience across multiple engagements shows that while “Lift and Shift” continue to be a dominant approach for migration, its success rate is less than 40%. As per the report published by Veracode on Software Security, more than 70% of applications use open-source components. Despite this, less than 50% of organizations have a security policy for OSS development or usage [2].

These issues have been prevailing in the software industry for quite some time. Recently, I got an amazing opportunity to share thoughts with a few industry leaders at an event hosted by CAST on ‘Managing Software Complexity to Modernize, Secure and Transform GCCs’. We discussed and debated how we deal with seamless knowledge transactions, application discovery, and retaining custom-built software knowledge, faster and secure modernization, cloud migrations, importance of portfolio rationalization, and decision-making over which applications to sunset, importance of automation, and much more. I have tried to capture these ideas and thoughts in this blog to help in our constant endeavors to reduce and manage software complexity.

Automation in Quality Delivery of Complex Software – Traditional Vs Modern Approach

Automation plays a vital role in the delivery and tech tools are constantly helping to achieve better quality and productivity. The traditional approaches followed include:

1. peer review of code for basic hygiene checks
2. review by tools (such as SonarQube) to serve as manual gate check before trunk merging
3. pair programming
4. formal code review
5. DAST
6. SAST
7. integration of test cases into DevOps lifecycle

However, the traditional approach also comes with inevitable setbacks. Not all code review and SAST tools can be integrated with DevOps because they do not handle the whole spectrum of technology stacks used. As a result, a lot of manual validation is involved in the process. These tools only give a unit-level view of security vulnerabilities. They lack a consolidated matrix that should include architectural compliance, risk probability, and overall health assessment at application or project level. Tracing failures to causes is a cumbersome and time-consuming activity unless AI is involved. The E2E automation of quality gate operations even today is a tricky challenge.

CAST’s Application Intelligence Platform (AIP) analysis integrated into the DevOps Cycle helps create best programming practices in areas such as stability, security, performance, maintainability, green IT, usage of patterns, architectural constructs, etc. The integration of CAST Highlight with DevOps provides insights on outdated and vulnerable third-party licenses as well as blockers introduced for cloud-deployed applications. The inclusion of AIP and Highlight can help create an end-to-end automation process in quality of software delivery.

Canvas – A tool for enhanced impact assessment

Canvas Insights, when integrated with the runtime engine, generates a complete stack of all components consumed when test cases are executed. This stack provides a view of the exact sequence of components that are consumed for each test case, also capable of generating a visual bubble tree. These features make it easy to identify points of failure – leading to quick opinions on resolution and performing an impact assessment on dependent components for changes to be done on a given component. Its ability to conduct an enhanced impact assessment would also help identify regression test cases on which the dependencies exist. When integrated with CAST blueprinting capabilities, it helps assess the impact on components not covered by test cases.

Cast Imaging

CAST Imaging helps to improve team collaboration and that any modification does not have a domino effect on the whole application. Its blueprinting feature helps unearth complete application architectures even for legacy and multi-tech stacks. It provides views at tier, framework and tech, and component level, view of dependent components, and provides end-to-end flows for transactions. Its features of tagging and adding documents, comments, and notes enable all stakeholders from varying roles to interpret the blueprints efficiently and contribute more effectively. It helps improve productivity anywhere between 20% and 50%, depending on the phase of the engagement, the extent of adoption of the product, and the defined target improvement areas.

CAST Highlight

The increased use of open-source components has an impact, especially during acquisitions and mergers. Tools are needed that will identify these components, their licensing risks, technical debt, etc. to make an all-inclusive decision rather than just the financial evaluations. CAST highlight helps to identify both license risks and security vulnerabilities around third-party components.

Closing Note

These platforms give out reports and application visual maps, but the need of business SMEs and architects cannot be ruled out to recommend further courses of action. The platforms most importantly expedite the decision-making process during SDLC. Also, reducing technical debt is a continuous process, and it is important to plan it in every sprint to reduce it over time.

I hope you all agree that confident, pointed, and accurate changes result in a better, healthier, and sturdier codebase. This, in turn, will give us a productive team, a sticky customer, adequate recognition and appreciation, a happy and proud team and less attrition and more organized knowledge base. Please share your thoughts.