| Introduction | | | | often throughout the release cycle, ensuring that the |
| To keep pace with ever-increasing customer | | | | software being developed meets the true needs of |
| demands on software functionality and | | | | both the end-user and the business. Change to the |
| time-to-market expectations, software developers | | | | requirements and to the overall feature set is |
| have had to evolve the way they develop code to | | | | expected to occur as outside opportunities or threats |
| be both faster and higher quality. As part of this | | | | arise. |
| trend, the Waterfall method of software | | | | In short, Agile fully embraces change and Agile teams |
| development began to give way in the late 1990s to | | | | are structured in such a way that they can receive |
| a more lightweight method of software development: | | | | and act on constant feedback provided by the build |
| Agile. | | | | process, by other developers, from QA, and from |
| The use of Agile has grown in the last decade and is | | | | business stakeholders. |
| still maturing. Software organizations are constantly | | | | Conclusion |
| looking for ways to improve their Agile environments, | | | | The ubiquitous nature of software today, coupled |
| and minimizing software bugs is one area of focus. | | | | with the pressure to rapidly develop market-ready |
| This paper will demonstrate that several of the core | | | | features and products in just weeks, has led to two |
| principles of Agile cannot be fully realized without | | | | related phenomena: |
| implementing a repeatable process for ensuring code | | | | - The widespread adoption of Agile software |
| that is as bug-free as possible. The approach | | | | development principles; and, |
| recommended in this paper is the use of automated | | | | - The adoption of various tools by Agile teams |
| source code analysis (SCA) technology to locate and | | | | designed to help streamline and de-risk development |
| describe areas of weakness in software source | | | | projects. |
| code, such as security vulnerabilities, logic errors, | | | | One of the most important types of tools that an |
| code vulnerability analysis, implementation defects, | | | | Agile team can deploy is one that aids in writing |
| concurrency violations, rare boundary conditions, or | | | | better-quality code. Source code analysis tools |
| any number of other types of problem-causing code. | | | | provide an automated method to detect a significant |
| After providing brief overviews of Agile and SCA, | | | | number of software bugs or security vulnerabilities |
| and discussing the importance of bug-free code in | | | | right at the developer’s desktop – before |
| enabling Agile development, this paper demonstrates | | | | any code is delivered to the integration build or |
| how key elements of SCA enhance the Agile | | | | testing team. This minimizes project drag caused by |
| development processes and empower Agile teams. | | | | rework and enables Agile to run more efficiently: |
| You will learn the relationship between bug-free code | | | | developers spend their time writing innovative code, |
| and Agile development, as well as how to deploy | | | | while testing teams spend their time testing how the |
| SCA tools seamlessly into your Agile development | | | | features of the project work rather than uncovering |
| process to ensure that it runs at peak optimization. | | | | mundane code issues and retesting these again and |
| Agile Development – A Brief Overview | | | | again. |
| Simply put, Agile software development is an | | | | SCA may be right for your Agile team, particularly if |
| approach that provides flexibility to accommodate | | | | you are finding large numbers of quality issues or |
| continuous change throughout the software | | | | security vulnerabilities and have to undertake a |
| development cycle. It stresses rapid delivery of | | | | significant amount of rework as a result. |
| working software, empowerment of developers, and | | | | About Klocwork |
| emphasises collaboration between developers and the | | | | Klocwork is an enterprise software company |
| rest of the team, including business people. | | | | providing automated source code analysis software |
| Agile contrasts with the still-popular Waterfall | | | | products that automate security vulnerability and |
| development approach, which is front-end loaded | | | | quality risk assessment, remediation, measurement |
| with comprehensive scope and requirements | | | | for C, C++ and Java software and java static |
| definitions, and which employs clear, consecutive | | | | analysis. More than 300 organizations have integrated |
| hand-offs from requirements definition to design to | | | | Klocwork's automated source code analysis tools into |
| coding and then to quality assurance. In contrast, | | | | their software development process in order to |
| Agile incorporates a continuous stream of | | | | ensure their code is free of mission-critical flaws while |
| requirements gathering that continues throughout | | | | freeing their developers to focus on what they do |
| development. Business people are involved early and | | | | best – innovate. |