About This Episode:
Want to know the findings of a recent study of all-around organizations and their automation testing efforts. Have you ever seen how to create an automated Jmeter performance test using a Java DSL? Do you know that only 3% of open source software bugs are actually attachable? Stay tuned to these and other full pipeline DevOps, automation testing, performance testing, and security testing in 10 minutes or less. This episode of the TestGuild news show is for the week of July 3rd. So grab your favorite cup of coffee or tea, and let's do this.
Exclusive Sponsor
This episode of the TestGuild News Show is sponsored by the folks at Applitools. Applitools is a next-generation test automation platform powered by Visual AI. Increase quality, accelerate delivery and reduce cost with the world’s most intelligent test automation platform. Seeing is believing, so create your free account now!
Applitools Free Account https://rcl.ink/xroZw
Links to News Mentioned in this Episode
| Time | News Title | News Link |
| 0:27 | Create a FREE Applitools Account | https://rcl.ink/xroZw |
| 0:55 | Four pillars of OOP | https://links.testguild.com/Jbuli |
| 1:52 | Jenkins now requires Java 11 | https://links.testguild.com/q0qHJ |
| 2:38 | Buildkite | https://links.testguild.com/kZGc2 |
| 3:27 | KeysightResearch | https://links.testguild.com/y06N8 |
| 5:09 | TestNG Test Framework | https://links.testguild.com/H7Q2i |
| 6:03 | Jmeter Java DSL | https://links.testguild.com/yec5g |
| 6:51 | SRE @Visa | https://links.testguild.com/vp4IG |
| 7:31 | Datadog Database Monitoring | https://links.testguild.com/BkrUG |
| 8:31 | 3% of Security Bugs Are Attackable | https://links.testguild.com/CG83c |
| 9:08 | Fastest SAST Tool !!!!! | https://links.testguild.com/yhSAZ |
News
First up, Automation News.
OOP Principles Applied to Automation Testing Scripts
So maybe you've been doing automation testing for a while and heard that automation testing is software development, but maybe you don't have a background in object-oriented programming. So I found this great article. It will be part of a four-part series by Bas, talking about the introduction to the four pillars of object-oriented programing by Bas If you don't know, BAS is a go-to resource for all things automation, especially API testing, and his four-part series will cover four main areas. The first one is encapsulation, and that's what this post goes over. But you want to follow him because he's also going to cover inheritance, polymorphism, and abstraction, and he goes over in detail what things are, gives an example, shows different programming, and languages, how they might look, and, more importantly, how these principles apply to automation. So definitely a go-to resource. I'll have a link for it in the first comment down below. And thank you, Bas, for all you do for the community. If you're not following him, you want to follow them to stay tuned for the rest of this four-part series.
Jenkins Required Java 11
So I know a lot of automation engineers use Jenkins to run their automated tests. So if that's you, you don't want to listen to this next news article I found because it will impact what Java version will be required for you going forward using Jenkins. And it's taken a while. But the Jenkins project confirmed that Java 11 would be required from this week's Jenkins 2.357 and for the upcoming September LTS release. And I know a lot of companies that haven't done this yet because the shift from Java 8 to 9 and beyond presents many developers with all kinds of challenges, from technical in terms of language and runtime changes to legal. So there are many different things that need to go on for you to upgrade to Java 11. And to make matters worse, Java 17 lurks in the background.
BuildKite Flaky Test Feature
So if you're an automation engineer, I'm sure you're familiar with flaky tests. I know many different tool vendors have come up with this functionality, and that's the ability to add analytics to your tools to identify flaky apps fast. And the latest is from BuildKite. So BuildKite has added an analytics tool to continuous integration, continuous delivery CI/CD platform that helps you identify flaky tests. And if you don't know, according to a recent study, 59% of developers deal with flaky tests on a daily, weekly, or monthly basis. And that's one of the reasons why BuildKite added this new functionality to their application. So we talk about Jenkins, but there are other tools you can use for your CI/CD platforms, and BuildKite is one of them. So if you use BuildKite, let me know in the comments below what you think of it and let others know how it helps you with your CI/CD efforts.
Automation Research Results
So this next article is by the folks at Keysight on research they did on different organizations in their efforts for automation testing. And you want to check out some exciting things that were revealed in the study. And so this research dives into what they found with different organizations. And one of them was. What test approach does your company use? I thought this was interesting. 11% said that they have a fully automated approach. I'd be interested in seeing that. 32% see automated with some manual. 25%. So you have manual and half automated, and I'm surprised. 18% said manual with some automation, and 13% are still fully manual. So many times when I spoke to companies earlier in my career, many of them didn't know of automation. They've just started with automation. The study shows that automation is gaining inroads, with 75% of organizations using a combination of both automated in manual testing. However, only 11% have a fully automated strategy. With the growing complexity, the number of tests is also increasing. And what's also interesting about the study is that respondents ranked the outcomes of their business impact into these mean buckets. 51% said they're most concerned about security breach risk. 48% say increased expenses. 42% say slow time to the market. 36% talk about the defective product, and 34 talks about the loss of revenue. So I've also seen security as a trend in this article, and people find it a need for their organization. So a lot of other cool stuff this research has shown. So you want to see it in the comment down below.
TestNG Training
And a few years ago at Automation Guild, I had a session by Rex Jones on TestNG. It was one of the highest-rated sessions that year for the conference. So I found the following article by Rex Jones that explains breaks down step-by-step TestNG that you definitely should check out. If you're using TestNG if you heard about TestNG and are unsure what it is. So it's part of a two-part video series where Rex breaks down all things TestNG test automation framework, and he goes over things like what is the TestNG annotations? All about types of annotation in TestNG. So he also has a great demo in this video on the test annotations, how to configure the annotations, and how he's implemented the test annotations. Thank you, Rex, for that, and I'll have a look at it in the comments below. And you definitely should give that a view.
Next up is performance and reliability news.
Writing JMeter Performance Script Programmatically
And if you've been following me for any amount of time, you know, one of my go-to resources for all things performance performance-related testing is not only Scott Moore but also the folks at Perfbytes. If you haven't checked out their Twitch YouTube channel, I highly recommend subscribing there. But this next article caught my attention. It's an interview, a demo hosted by Mark Tomlinson on how to use Jmeter DSL. So scripting performance tests using Jmeter in Java in an IDE. And so this does a really good breakdown of Jmeter scripts written in Java. It's a great new functionality. If you don't know about you definitely should check it out. And this is a video series that breaks it down step by step for you to get started. Thank you, Mark Tomlinson, and the folks at PerfBytes, for delivering fabulous content weekly on performance.
Day in the life as an SRE at Visa
So find another great resource on a Day to Life type article. On how Site Reliability engineering is done at Visa. And this is by an insider who goes over how they define what Site Reliability engineering is, what they do to pay attention to specific systems, make sure they're more observable, how they deal with toil, and what the power of automation is that they've seen as they've implemented it, how they've reduced operational dependencies and some good retrospective on collaboration and some other cool insights on tooling as well. So if you're doing anything with Site Reliability engineering, you want to know how other companies are implementing it. Here's another great article about another company, Learn, as they've implemented site reliable engineering for their organization.
Database Performance Metrics
So back in the early 2000s, when I was doing performance testing, issues and performance within the database layer were the hardest things to debug or troubleshoot. So this next article is about how the folks from Datadog help you get some insights into key metrics for your load metrics within your database. So thank you, Kyle, for posting this on LinkedIn. And it goes over how to analyze wait events and in-flight queries within the Datadog database list. I like that it also covers how to identify and troubleshoot overloaded databases and how to investigate performance issues with detailed query metrics. How to get started with the Datadog database and more. This had me drooling. I wish I had this back in the day because it would have made my life so much easier. But you don't have to go through that. So if you're doing anything with performance and dealing with databases. You'll want to check this out and see how it can also help you in your organization. And there'll be a link for it again in the first comment below.
Next up, security testing news.
3% Security and RISK
So this next article talks about how they found only 3% of open source software bugs are attackable. So a new study says that 97% of open source vulnerabilities linked to software supply chain risk are not attackable. But is attackability the best method for prioritizing bugs? This is something I think everyone struggles with. You need a way. Anytime you do anything with testing, you need to assign a risk value. And so this talks about determining what's attackable. So this helps you break down and simplify your threat modeling approach to open source vulnerabilities to drastically cut down your fire drills.
SemGrep FAST SAST
The following tool came my way via LinkedIn from my friend Akshay. Thank you for your support. It's on SAST and a cool tool he uses and recommends. That I think you should know about as well the tool he came across is SemGrep, which is an open-source tool that runs on Python. I never heard of it. So when I went to the site, it was a static analysis at ludicrous speed, finding bugs and enforcing code standards.
So for links of everything have value we covered in this news show, head over to links the first comment down below and while you're there. Check our awesome sponsor, Applitools, and click on their free account offer to take your automation testing to the next level using Visual AI. So that's it for this episode of the Test Guild's new show. I'm Joe My mission is to help you succeed in creating e2e Fullstack Pipeline automation awesomeness. As always, test everything and keep the good. Cheers
