About This Episode:
Want to know how to get started with Appium 2.0. Does it matter if you call it monitoring or observability? You're also going to want to stay to the very end to see the five CI/CD breaches analyzed and how they impact your security testing. So stay tuned to these and other and full pipeline DevOps automation testing, performance testing, and security testing in 10 minutes or less in this episode of the TestGuild news show. For the week of June 27. So grab a cup of coffee or tea and let's do this.
Exclusive Sponsor
This episode of the TestGuild News Show is sponsored by the folks at Applitools. Applitools is a next-generation test automation platform powered by Visual AI. Increase quality, accelerate delivery and reduce cost with the world’s most intelligent test automation platform. Seeing is believing, so create your free account now!
Applitools Free Account https://rcl.ink/xroZw
Links to News Mentioned in this Episode
Time News Title News Link
0:24 Create a FREE Applitools Account https://rcl.ink/xroZw
0:57 CodeWhisperer, https://links.testguild.com/Jiean
2:46 Can we trust AI https://links.testguild.com/AmJVa
3:18 BitBar https://links.testguild.com/c03Dv
3:51 Appium 2.0 https://links.testguild.com/BV83I
4:43 AI CyFast https://links.testguild.com/xgNav
5:33 Monitoring Or Observability? https://links.testguild.com/48siR
7:07 Classification of severity levels https://links.testguild.com/FxLub
7:48 PyPi unsecured sites https://links.testguild.com/apsEn
8:49 5 CI/CD breaches https://links.testguild.com/yf6vM
News
Speaker 1: Want to know how to get started with Appium 2.0. Does it matter if you call it monitoring or observability? You're also going to want to stay to the very end to see the five CI/CD breaches analyzed and how they impact your security testing. So stay tuned to these and other and full pipeline DevOps automation testing, performance testing and security testing in 10 minutes or less in this episode of the TestGuild news show. For the week of June 27. So grab a cup of coffee or tea and let's do this.
This episode of Test Guild new show is sponsored by the awesome folks at Applitools Applitools, the next-generation automation platform, which is powered by visually AI, which helps you increase quality, accelerate delivery and reduce cost with the world's most intelligent test automation platform. But seeing is believing. So create your free account now by clicking on the link in the comment down below. And while you're there, why not leave a comment and subscribe to get alerted? Every time I release a new episode.
First up, Automation News.
So first off, I don't know if you know that GitHub copilot is now a paid solution. When they first released it, it was free. So if you're jonesing for a free option, Amazon just launched Code Whisper, which is a GitHub copilot-like A.I. paired programming tool. So why should you care about this if you're a software tester or an automation engineer? Well, if you import a library like rest-assured or another library like Appium or Selenium, this will help you write better code automatically. It'll assist you as you're writing. And as I mentioned, this has the same functionality that Copilot does and can autocomplete entire functions based only on a comment or a few keystrokes. And the company trained the system to learn on a billion lines of publicly available open-source code and its own code base, as well as publicly available documentation and code on public forums. The article does point out that it's worth noting that the Code Whisperer does some things different than copilot for one. While most of the code that the system generates is novel, every time it generates code that is close to an existing snippet in its training data, it will note and highlight the license of the original function, which is also very important. So it's up to the developer to decide whether or not to use it, and this should then hopefully alleviate some issues. You saw earlier with other news items we had with copyright concerns that may come up by using a tool like this. And also AWS made security a priority. And so they said security is also important to AWS and so they want to make sure that the code they generated was also secure. So just another great development that I think really is going to help you as an automation engineer write better, more secure code using these types of technologies. So definitely check it out in first comment down below.
So you may be saying, Joe, can I even trust machine learning technology like this or A.I. technology as well? To answer that question, if I'm another article that goes over, can I actually be trusted? And so this next article is by Beth, who is an IBM distinguished engineer and principal data science, cognitive and AI Services at IBM. So, you know, she really knows her stuff. So she goes ahead and breaks down some terminology, goes over. What do certain things mean within the AI is she also offers some steps that you can run through and how to actually assemble trusted A.I.
Are you looking for an all-in-one web and mobile API testing solution? So SmartBear, which acquired Bit Bar a few years ago, actually just released an all-in-one web native mobile testing solution release of web testing on bit bar. So if you're not familiar with Bit Bar, it's all cloud all testing platform. Whether you need to test web-native a hybrid, or truly test your apps across real environments, no lab maintenance is required. So if this is the type of solution you're looking at, here's another one on your list of vendors to evaluate.
So not sure if you're aware, but the folks at Appium have been announcing version 2.0 For a little bit now. So Eran Kinsbruner just released a new article on getting started with Appium 2.0. And so the article goes over some of the more exciting features of Appium 2.0, what it means to you, and also has a great breakdown of how to get started with some code examples in some other testing awesomeness. So if you know Eran, he really knows his stuff, so it's definitely a worthwhile article to check out if you're doing anything with Appium Automation.
And in other AI automation testing news, another company has unveiled yet another AI-enabled automation testing platform. What makes this different from what I've seen before is this also supports embedded automation using assisted machine learning. So the company is Cyient, I think, I'm not sure if I'm pronouncing that correctly. And their AI-powered framework for automated testing is called CyFast and it was created to accelerate and test automation. And the platform enables E2E test automation across not only web mobile desktops, also embedded applications and hardware devices. As I said, it's different than what I've seen in some of the other solutions. It mentions that while more than 90% of enterprises are thinking about integrating software and digital technologies into their products, only 25% have managed to scale their initiatives across multiple product lines and geographies, including huge potential for future growth. So if you're looking to do automation in automotive, medical, or embedded type systems, definitely a solution to check. I've never heard of it before. Give it a look and let me know what you think.
Next up, performance Ian Site Reliability News.
So when I started my career, I did mainly performance testing and so I'm very familiar with monitoring APM-type solutions. But for the past few years there's been a transition to site reliability engineering. I think there's been kind of some confusion around certain terms. So what I used to call monitoring, a lot of people are now calling observability. So monitoring observability. Monitoring observability. What do you call it does even matter? Well, this next article addresses this exact issue. It basically breaks down, it does it matter what you call it if you're not measuring the right things and it talks about, you know, back four years ago, Google, when you just search for application performance monitoring, you saw a list of APM type of services. But now when you go to the present, most of these vendors same names, but now they're called observability companies and monitoring does sound a little outdated. Observability sounds more hip, newer, and more scientific. But when you look under the hood, it's actually the same exact approaches, not very different from what they were back in the day. The article then breaks down how to understand observability and how to avoid certain blindspots that can get you into trouble about monitoring the wrong things. So just breaks down some terminology of what is observability and also breaks down what things you should be monitoring and what things you should avoid monitoring. Instead of getting sucked down the rabbit hole of monitoring. So I think it's a great breakdown of terminology and how both monitoring observability basically the same thing. So if an old-timer like me, you can still get into the Site Reliability observability game. So good to know.
Speaking of Site Reliability engineering and terminology, if you're newer to SRE, there are some other terms that may be throwing you off and that is the difference between severity and priority. So this next article walks you through what the differences are. So this article goes over what is severity, what is priority, and how are they different? How to set up severity levels for your organization? How to determine severity levels has a nice breakdown of what some common severity levels are and what they mean, and with a conclusion that wraps it all up. So if you're struggling to find out what they mean or you just want some clarification of your own, another article that you definitely check out in that first comment down below.
Next up, is security testing.
Now, I'll be honest, I love Python, but when I speak to some other hardcore like C developers, a lot of times they say they don't trust Python because they tell me they don't feel like it's a secure programing language. And so this next article highlights how some Python packages recently were caught sending stolen AWS keys to unsecure sites, and it talks about multiple malicious python packages available on the PyPi repository that were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposure and points accessible by anyone in the article talks for while PyPI is usually quick to respond to reports malicious packages on the platform, there's no real vetting before submissions, so dangerous packages may be lurking in there for a while and this article just breaks down some of the malicious packages that they found and how it exposes stolen data. So if your automation engineer uses Python, I think this is definitely something you should be aware of and check out as well.
So, you know, based on past episodes, if you've been listening for a while, I like to find exploits that happen in the field and what companies do to resolve it. So this next one is about five CI/CD breaches analyzed. And why do you need to update your software security approach based on this analysis? And so this analyzes some of the major CI/CD breaches that happened recently. So it goes over the PHP Git infrastructure compromised the Stack Overflow breach, the Codecov breach, the Travis CI secret exposure, and also the dependency confusion attacks. And it also has some key takeaways as well.
So for links to everything that we covered in this news episode, head over to the links in the first comment down below, and while you're there make sure to check out our awesome sponsor Applitools free account offer, and discover how to take your automation testing to the next level leveraging visual AI.
So that's it for this episode of the Test Guild news show. I'm Joe My mission is to help you succeed in creating Fullstack pipeline automation awesomeness. As always, test everything and keep the good cheers!
