Code Signing With Compage- Safeguarding Your Software Supply Chain from Threats
A software supply chain comprises the code, people, system, and processes of creating, distributing, and …
Whatever your business, customers want a great product and even better customer service. Delivering such an experience at pace demands a refined software development lifecycle (SDLC) that focuses on saving time, effort, and cost wherever possible. Despite many advances in software development, teams have yet to catch up. With developers needing to make hundreds of changes to their software daily, it would be hard to imagine the time taken for testing and delivering these changes, if done manually.
However, sluggish development, infrequent releases, and siloed teams form the reality of many development teams today, negatively impacting businesses. Another challenge for developers is poor code, which leads to an increase in bug-fixing time. According to VentureBeat, developers spend as much as 20% of their time on bug-fixing, affecting their efficiency and diverting their attention from more rewarding tasks like building code.
Image Source: Clean Code, a book by Robert C. Martin
Poor software quality resulting from cutting corners and not following standards not only impacts developers within the organization or new ones joining the project, but it also carries financial repercussions. In 2020 alone, according to the Consortium for Information and Software Quality, poor software quality cost US companies around $2.08 trillion.
Overcoming these long-standing issues requires the adoption of Continuous Integration and Continuous Delivery (CI/CD). CI/CD automates code building, testing, and deployment, reducing development time. By testing and delivering daily changes quickly, CI/CD allows developers to move to shorter release cycles. Automated testing helps catch errors early, ensuring that the code is always deployment-ready. Prompt resolution leaves room for releasing more features to meet consumer demand. Additionally, CI/CD minimizes reliance on a small number of skilled developers by standardizing practices and processes, allowing new developers to start on projects immediately. According to GitLab, adopting CI/CD can result in a 78% savings in development costs per program.
The recommendation is to follow the 12-factor approach alongside CI/CD to further scale and maintain applications flexibly, while laying the foundation for a successful software ecosystem.
The twelve-factor methodology offers principles for building scalable, high-performing, resilient enterprise applications. It requires applications to use declarative formats to reduce time and cost for new developers, maintain a clean contract and achieve maximum portability, have suitability for deployment on modern cloud platforms, minimum disparity between development and production for continuous deployment and scalability without any significant changes to tooling, architecture, or development practices.
Compage, our low-code universal language framework, is built for modern applications that adopt the 12-factor methodology. It automates the backend development process, saving businesses time and money. Compage follows established security best practices, so you don’t have to make a choice between faster releases and secure code.
P.S. We’ve prepared a complete guide to Compage, check it out!
We wanted to build a procurement solution that is more efficient and agile. To achieve this, we chose Compage for automating the development process. Below are the specific details:
Check out our step-by-step guide on how we implemented a procurement solution with Compage.
1. Sign into Compage with GitHub.
2. Once signed in, create a project. Since we are building this use case from scratch, we will make a New Project.
3. Name your project and repository. We opted for a domain-specific format and named our project and repository intelops-procurement-solution. Domain-specific names provide clarity, contextual relevance, improved searchability, alignment with business logic and ease of maintenance. Once completed, the repository name will appear on GitHub.
4. Once the project is created, we can begin building nodes (microservices). The first node we are creating will be for the invoice service.
5. Double click on the node and add the required details, including the component name, preferred language, and the server. Compage provides built-in support for Go; however, we also offer support for other languages through OpenAI.
6. After selecting the Server (we chose REST server), select the template, framework, port and database.
7. As we are creating a node for the invoice service, we will define attributes we want to capture the data for, including amount, payment terms, and items.
8. Once done. click on Update Changes followed by Generate Code. The generated code is saved to GitHub repository.
Let’s take a moment to pause and explore a few integrations we have used.
CodeCov helps collect code coverage data for codebases. The collected data can be used to identify untested code areas and measure the overall test coverage. Compage’s integration with CodeCov allows it to automatically collect code coverage data for projects. This saves time and helps ensure that the code is fully tested.
DeepSource integration within Compage provides an advanced code review and analysis layer, systematically identifying code quality issues and potential bugs.
GitHub Actions is a CI/CD platform used to automate software development workflows. It can be used to perform tasks such as building, testing, and deploying code.
Trivy is an open-source security scanner that scans container images for vulnerabilities. Compage’s integration with Trivy helps in developing more secure applications by automation the security scanning process and providing visibility into the security risks of container images.
9. Merge first pull request.
K8s integration is a way to deploy applications to Kubernetes clusters. This can help to improve the scalability and reliability of applications and make it easier to manage applications.
Cosign enhances the security of Docker images by digitally signing them, providing verifiable proof of the image’s origin and integrity. Integrating Cosign image signing with Compage adds a layer of trust and security to application deployment process.
10. The code for the invoice service is ready and reflected on GitHub.
11. Start server on local, curl request.
DevSpace is an open-source CLI tool used to develop, deploy, and manage cloud-native applications.
Prometheus, an open-source monitoring system, collects metrics from applications and stores them in a time series database. Compage integrates with Prometheus to gather metrics from microservices, enabling monitoring of their health and performance for troubleshooting.
11. Follow Step 4-6 to create a new node (microservice) for Payment Service. For Payment Service, we will use gRPC server and we will select Invoice (which we created a node for) as an attribute to establish a 1-to-1 relationship. Other attributes include invoice number and total.
12. Both nodes can now be connected by an edge. Click on edge to modify its properties, such as name, server and port number.
13. Merge second pull request.
14. Compage can generate both REST clients and gRPC clients for the backend workloads that you design. REST clients are typically used for communication with HTTP APIs, while gRPC clients are used for communication with gRPC APIs.
15. Start the server locally (both REST and gRPC servers run with a single command), and use the Evans CLI to make gRPC calls.
DevContainers provides a way to develop applications in isolated environments containing all the necessary dependencies. This improves reproducibility of development environments, making it easier to debug problems. Compage integrates with DevContainers to create DevPods, which are pre-configured DevContainers optimized for Compage development. The integration saves time and effort required for setting up environment and guarantees that dev environments are always consistent.
15. The procurement solution has been set up with both the codes ready for use.
What would have taken days is now possible in hours. That’s the power of Compage! Try it for yourself; check out the Compage documentation for more details. If you like what we are doing, check out Compage on GitHub. A star is always appreciated. We have more updates coming so, follow us on LinkedIn.
A software supply chain comprises the code, people, system, and processes of creating, distributing, and …
Efficiency and speed are vital for success in software development. Traditional manual coding is slow, …
Imagine embarking on a journey across uncharted seas—the world of software deployment. Navigating these waters …
Finding the right talent is pain. More so, keeping up with concepts, culture, technology and tools. We all have been there. Our AI-based automated solutions helps eliminate these issues, making your teams lives easy.
Contact Us