Welcome to the Test Guild News Show For the week of July 4.
A show dedicated to helping you kick off your week right with all the latest in automation testing, performance & SRE testing, security testing, and DevOps-related news and updates that you need to know for this week.
So grab your favorite cup of coffee or test, and let's do this!
Automation Testing News
All right. First on my list. If you haven't already, I'm pretty sure you'll be hearing about this. It's going to be a lot of buzz around it. It's the GitHub copilot. So GitHub just launched a technical preview of GitHub copilot, which is a really cool new AI pair programmer tool that helps you write better code.
So why is this cool? GitHub copilot draws context from the code, you're working on suggesting either whole lines or entire functions, so it helps you quickly discover alternative ways to solving problems exploring new APIs while having gone through other tedious processes of searching on Google to find answers on the Internet and more importantly, it helps you write test.
So as you type, it adapts to the way you write code. It helps you complete your work faster. Really cool stuff. I really see this as being essential for anyone. There's going to be development in the future. I think it's going to get better over time. And I think if you're a tester, you should definitely leverage those to help you write better automation code as well.
There are already a few people that have explored this. In fact, a few days ago, Angie Johns actually posted how one of her coworkers, Colby Fayock, implemented this to actually create a visual validation test, leveraging the GitHub AI along with Applitools eyes API.
Now, this is the AI program writing this automatically. All he had to do was start that function. And then when he did, after this comment, Bam! It just started populating all the essential code needed in order to implement that function.
So how cool is that? I think it's the type of technology we see more and more of as the years go on. I highly recommend checking it out.
And as you know, I love to watch for companies acquiring other companies to see where the market's going, what the trends are. Zebrunner I'm not sure if I'm seeing this crap. I've been hearing more and more about Zebrunner already. And then I see news that they actually acquired Carina. So Zebrunner is a cloud-based reporting provider that helps you automate the analysis of test results.
So if you're familiar with something like report portal it some kind of concept, I think it's an area that has been overlooked a lot and that actually gives you the most results, because as you tell, as you know about writing automation, tests most of your time is spent with maintenance and trying to find out what happened, what went wrong, or are looking at results and reports. Tools like the Zebrunner actually help you do that quicker, faster, more reliably. And they acquired Corina. And also news to me, I never heard of Carina, but apparently, Carian is a Java-based automation framework for mobile applications, web-native and hybrid, as well as Web applications, rest services, and databases.
So why did I share this with you? Well, I think a lot of times people start with Selenium and Selenium great, but Slim is just an API, so you have to create all the infrastructure around it yourself and it takes a lot of time and a lot of effort. But I think it's really great as other tools are using Selenium under the covers. But they're providing you all this other infrastructure around it so you don't have to create yourself. It's something like Test Project has done way back in the day. One of the tools I really loved was serenity and serenity. Like all these other tools, act as a wrapper on top of Selenium & rest assured, it just takes away all the boilerplate code you need to normally write. When I get up and running, it makes things a lot easier to just focus on writing tests rather than writing these automation frameworks that people are spending a lot of time on. Carina's similar to that.
And right before I went live, I actually saw this article appear in my news feed on slow DevOps adoption linked to organizational issues.
It's actually a study by Mabl and they revealed one of the biggest challenges they found in adopting DevOps practices in their latest study was related to organizational issues, not technology issues. And that's something I've seen myself working for, a large enterprise. They always say, let's switch up the technology, let's use a different test tool that'll help us. So the new Selenium. Let's use, I don't know, Gauge. Rather than use Guge let's just use QTP, they kept switching from automation framework to automation framework, thinking it was the automation tool and blaming the automation tool when in fact it was the culture.
The culture did not embrace DevOps. It didn't embrace for team whole team development and software testing, and therefore all their testing efforts are bound to fail. Actually, after I left the company, one of the folks that took over that was offshore, one of my friends said they actually decided to go with another automation tool to try to get better results because they never listen to me and say, look, this is not a technology issue, it's a culture issue. And the reason why I think that's so difficult is that it's a cultural issue. It's hard to fix. You can just throw a new technology, a new technique at something they think it's going to be the silver bullet, which never is. And I think this type of survey just kind of validates my feeling that a lot of issues people face as a team is not due to technology, but rather culture.
So definitely if you're struggling with automation, you're struggling with testing. Look at the culture, see if your whole team is embracing testing or not. If they're not, then if you don't fix if you don't make your code testable if your team's not full-on making their code testable, and more. And higher quality then, no matter what you do, it's never going to work, and I think the study actually shows that with DevOps in general they've been seeing as well. Is that the biggest hindrance to teams accelerating the DevOps journey is actually organizational issues.
Performance & SRE News
So in performance and so reliability news, I say this all the time. Follow the money more and more of. And I think any time you see money behind the technology and if you're an engineer, you probably don't want to learn it. You want to be ahead of the curve.
So one of them is monitoring in production. And so Checkly is an API and e2e monitoring platform for the modern stack. So so I actually interviewed Tim and Hannes on my podcast about their technology a year ago and they just started. But it's very promising. And as I was seeing, trends are going more and more towards monitoring and production. So it's a great way to catch bugs before they hit production. So it's the technique I think everyone should know about, especially as we move towards shift right. Type of activities.
So I was really surprised to see how much they were able to achieve in a year to actually get a 10 million series A. It shows that there is a need for this technology and that there's a lot of backers behind it.
So definitely check out Chackly or any other technology that helps you monitor and production, because I think monitoring and production is a technique that everyone needs to know as well.
Something else I saw recently on a blog post last week was something by Harinder and it was anomaly detection with Cloud Watch. And I really like how Harinder mentions as a performance engineer, it's essential that you work with the DevOps teams to proactively identify any production performance bottlenecks before they negatively impact user experience. So as we move towards performance engineering as a trend as well, we need more tools to help us with this. And one way to do it is using anomaly detection with cloud watch. It basically brings the capabilities of anomaly detection that other tools like Splunk, API dynamics and Sumologic have. So if you're using AWS, I would definitely recommend checking it out as well and definitely check out this blog post to see how Harinder implemented it, to help him do to help him find performance issues before the impact users.
Security News
So on security news, they found an interesting article on how hackers have actually taken over a legitimate, commercially available tool to help them hack into systems or perform attacks. And so they've actually seen this tool being used to target tens of thousands of organizations. So what it does is Cobalt actually sends out beacons to detect network vulnerabilities when users attended. It simulates an attack, but Threat Actors has figured out how to turn it against networks to actually infiltrate data, deliver malware and create fake command and control profiles that look legit and slip past detection.
So kind of scary. Just so you know, if you're using Cobalt Strike, you want to be aware of this or using any other tool. A lot of times the tool itself that was meant to help can actually hurt you. So it's a really good article. It goes in-depth about the brief time line of the strike threat. Just something you need to be aware of,.
So that's all the news I have for this week in the TestGuild news show. If you have any news you'd like to share with me, that you want me to share an upcoming episode, all you need to do is drop me a line at news@testguild.com, and I'll try to include it in an upcoming news show.
So that's it for this episode of the Test Guild News Show. I'm Joe and as always, test everything and keep the good.Cheers!