Despite rolling out 15-20 major releases every two weeks, the client’s security assessment was manual and occurred in a siloed manner after the development process concluded. Assessments were also conducted independently of each other, making it difficult to gather key insights. Moreover, it was tough for anyone other than test engineers to run tests or analyze the results.
Our client wanted to see exactly what software quality engineering in the airline industry could do. We understood the need to integrate quality software testing into the CI/CD pipeline to speed things up and gain insights across the testing process. Our software testing services team embedded a DevSecOps solution and a centralized platform for all tests, bringing security test automation into the CI/CD pipeline.
Using a test automation framework
Integrating testing into the development pipeline
We quickly realized that the client needed to introduce DevSecOps as a service into the entire development process. We introduced a CI/CD workflow that featured Static Application Security Tests (SAST) for code scanning at the CI stage and applied Dynamic Application Security Tests (DAST) for application scanning at the CD stage. We built a centralized platform using DefectDojo, to which the code scan results could be pushed. This created a single source of truth for assessing all vulnerabilities, resulting in a more comprehensive view of test results.
Focusing on application security was one of the major concerns of our client. While the airline conducted vulnerability testing for new software releases, it was done manually after the DevOps workflow. That meant that testing increased the delivery lifecycle, and there was no overall visibility of the security testing results. Vulnerabilities, if any, were picked up relatively late, further delaying releases and increasing manual rework.
To integrate software testing services for the airline, we introduced a DevSecOps automation strategy, so product assessments could be conducted during design and development in the CI/CD pipeline. We began with a Static Application Security Test (SAST) for code scanning and a Dynamic Applications Security Test (DAST) for app scanning. We also brought in a process to onboard apps into this pipeline.
The lack of security assessment systems was a drawback for the client, as they failed to get an overview of how the apps performed. We built a dashboard using DefectDojo that would allow testers and those with security clearance to get an overview of the apps’ performance to take big-picture decisions. This created a single source of insight for assessing all the vulnerabilities across all apps, and every security scan was tracked in the app, allowing unprecedented oversight.
By proposing a more efficient approach to security testing, we enabled cost and time efficiency for the client – as well as significantly reduced the risk of any vulnerabilities making it into production applications.
We folded assessments into the development process instead of being a separate task after development, and our dashboard enabled the client to identify and rectify vulnerabilities at a faster rate. Our DevSecOps solution shortened the release cycles, saved the developers’ and testers’ time, and provided for early identification and remodification of the vulnerabilities.
Our DevSecOps solution allowed the client to bring out new releases faster than ever.
Our custom dashboard gave the client clear test results and an overview that they missed before integrating software quality engineering.
The reduced times and the improved QA in the aviation development process give the client tangible benefits in their bottom-line figures.
Learn how to create an effective integration strategy for your IT infrastructure.
01
Our sales managers reach out to you within a few days
02
Our experts set up a meeting to understand your requirements
03
We estimate and propose project efforts and timelines