Wonder how AI can actually help you write a unit test? Have you heard of neural fuzzing? Do you know that on average an application touches more than 50 external dependencies? How do you test these scenarios? Discover the top nine automation tests and practices you should be avoiding and Do you have a security threat in your darkened containers? How do you know?
Find the answers to these and other automation, security, performance testing, site reliability, DevOps related news on this episode of the TestGuild news show for the week of August 29.
So grab your favorite cup of coffee or tea and let's do this.
All right first thing that caught my attention was this article on how AI is the software testing that makes DevOps work and it talks about how they actually use DevOps principles to move from COBOL on a mainframe to Java in the cloud. I guess it really caught my attention. Here was in the article that talked about talked about AI unit testing. So that's what started me down this path. But then I noticed it said something about an AI-powered automation tool that helps you write unit tests, which I never heard of before. So when I went to click on or did a Google search on DefBlue, I discovered a new tool called Def Blue. So looks like DiffBlue helps you actually shift your unit testing left – it catches regressions early in the pipeline with Java unit tests that are automatically created by Def Blue using their AI-based technology. And they actually have a free community edition as well and looks like community edition is a new plug-in for Intellij IDE that reads Java unit test for code. It's free forever for open-source of commercial projects that allow anyone to benefit from DefBlues AI-powered test writing. Most of the technology I'm focusing on is AI technology to help you with your automation testing. But this is actually unit testing that helps your developers write more efficient unit testing. Check it out. Let me know what you think.
If you use Cypress for automation. I found a great resource for you recently that was posted on Twitter by Gleb. And so Gleb mentions he actually made a repo with lots of component testing recipes public for you. So so covers all different types of setup examples. And so this really allows you to get your hands dirty using Cypress component testing, using the examples by cloning this repo. So this is really a cool collection of examples covering common component testing user cases. That if you're using Cypress you definitely should check out. And it's a great way to get your hands dirty to actually learn some of these principles so you can put into place your current company or a project.
And, you know, on average an application such as more than 50 external dependencies. And that's why I was really excited by the recent interview I did on test containers. Making sense of the software landscape with Sergei and Sergei shares a lot of cool tips on TestContainers, which is a really cool way to create throwaway instances of common databases, Selenium web browsers or anything else that you need to run in a Selenium container and this really helps you test everything from databases to APIs to other microservices in ways that might not have been possible, at least not quickly. Thank you Sergei for that. Another cool piece of Technology I didn't know about until this interview. So definitely check out TestContainers as well.
Next up in Performance and SiteReliability News Grafana is back again on the new show. This is crazy. I don't know where they get all their cash, but Grafana just announced they raised an additional two hundred and twenty dollars million in serious C funding, which is going to be used to accelerate the development of its open-source observability platform. As I've been mentioning over the past few new shows, Observability is really a hot topic and you're not doing anything with Observability. If you want to find a way to actually start incorporating into your teams, you need to check it out because it is a trend I'm seeing going higher and higher as we go into the New Year. And Grafana is going all-in with all these investments that they're currently making. So definitely check it out.
And for performance testers, just as I saw a cool post on LinkedIn from Naveen Kumar announcing he created a blog post on cURL tips for performance, engineers in the blog post has a nice video that goes over some tips for performance engineers. Naveen Kumar has been posting a lot of cool stuff on performance testing-type topics. So definitely give him a follow.
And for performance engineers, that really want to take a deep dove or for people that really want to get more into performance testing. How about going back to school, actually I found another resource on LinkedIn on school for performance testing. And so Stefaan announced that they recently launched a program dedicated to all those who'd like to get to know more about performance testing called school for performance testing. And it goes over what you're going to learn. What you need to know can apply. Seems like a cool resource. And once again, I haven't tried this myself, but it looks like something that I see a lack in, and that's education around performance testing, performance engineering-type topics, which I think are becoming even more important as we try to shift more and more things into our software development life cycles earlier and earlier in the software development process. So definitely give that a look.
So another trend, I've been seeing a lot of is obviously containers using Docker containerization organizations really are trying to modernizing their infrastructure taking advantage of the cloud, multi-cloud and serverless environments. And those decisions are rooted in the adoption of Kubernetes most of the time. So I was really excited to see the inaugural Kubernetes Adoption Trends Report for 2021. So this dives into a lot of different trends, like how obviously a lot of organizations are using Kubernetes now but how they all use them in drastically different ways. The number one priority around architecture and running Kubernetes deployment of data-intensive transactional workloads and companies are almost universally managing their cloud infrastructure with their own in-house DevOps SRE teams. And the future is Serverless. And the future is now are just a few insights taken from this adoption trends report. So definitely check it out in the links down below.
And speaking of Kubernetes I found another software I never heard of before is Devtron AI. DevTron is an open-source software delivery workflow for Kubernetes that's written in go. You can see is has over a thousand stars. Seems like it's pretty active in, as we spoke about earlier in the report that we saw on Kubernetes that a lot of the DevOps SRE teams are all in-house. So this was actually designed as a self-service platform for organizational and maintenance applications on Kubernetes in a developer-friendly way and it's open source. So nothing to lose by seeing if that can help your organization as well.
Next up is security news.
So a lot of trends I've been seeing is the growth in the gap of qualified folks that actually can help fill in the gap for security testing needs that many companies and as you know, I'm all about automation. I'm always talking about different tools that can help you do automation, especially with different types of testing techniques like security testing. But another article I found was Why Automated Pen Testing won't fix the cybersecurity skills gap? And it just goes into detail why the security testing gap is not getting any smaller and people are coming up with some outlandish ideas for closing it. A lot of times we like to focus on automation. Automation can only do so much. I believe you do need automation, but you also need folks that have skills. They know how to use the tools and get the most out of them and to think outside the box when a tool can't help them with a certain need. And I think security is a growing area that if you're a tester and you want to really grow, your toolbox of skills are going to be highly in demand. They're going to make you very employable. Security is definitely one of them. And so that's just an article they should definitely check out to see why you should be learning more about security testing as well.
And besides automated Pen Testing. Another technique that's becoming more popular is fuzzing and a lot of different fuzzing techniques you can use. A new one that I just saw is neural fuzzing. And so this article talks about how neural fuzzing is a fast way to test software security and how oftentimes software vulnerabilities that are a great threat to your software, often go undetected for years until it's too late. And fuzzing is a technique used to discover the presence of bugs in software or computerized systems. And there are many different methods to go over the different types of fuzzer's. What is fuzzing and what is neural fuzzing, which is a new approach to testing software security that doesn't rely on black-box techniques and instead relies on machine learning and neural networks. So as we've seen with automation tests we've seen with a lot of the SRE & performance testing tools AI is becoming more and more prominent or actually machine learning, which is really just in this case, advanced statistics. The same thing is happening now with security as well and neural fuzzing seems to be another approach. That's leveraging machine learning and AI to make that better as well. So it's a new technique. So you want to get ahead of the curve? Definitely. Check out neural fuzzing also.
In this last bit of security, news comes your way via Scott Moore's LinkedIn channel, where he posted this article by Donald Lutz on security alert. The threat is coming inside of your Docker containers. So we talked a lot about Kubernetes. We talked a lot about test containerization, a lot about Docker. And one thing people need to be aware of is a lot of times there could be certain vulnerabilities. You're also introducing to your environment when using these technologies as well. So this article talks about how a lot of the Docker container images actually contain vulnerabilities. They said five malicious, Docker container images were recently detected on Docker Hub, which totals more than 120,000 pulls. This just highlights how a lot of malicious Docker containers are hiding on legitimate sites like Docker Hub and something to be definitely aware of any time you try to incorporate third-party libraries into your application.
All right. So that's it for the subset of the Test Guild news show. I'm, Joe, my mission is to help you succeed with creating e2e full-stack automation and end-to-end pipeline automation awesomeness, as always, test everything and keep the good cheers.