ThoughtWorks Radar — November 2016
The latest edition of the ThoughtWorks Radar came out this week. For those working in technology who’ve never come across this, read it now! I thought I’d take a few minutes to summarise the items that stood out for me in this edition. They stood out mainly as they solve problems that we’ve had or scratch itches that have bothered me for a while.
The tools are:
Making web applications accessible to everyone is not only a legal requirement in many areas, but also the right thing to do. We’ve struggled for some time to make accessibility testing fully automated and easy to carry out. Seeing Pa11y on the list could help to fill that gap. As a team manager the dashboard element of this tool impresses me as much as the actual tool. Making the results of the tools full visible and challenging teams to maintain and improve them is one of the main areas I’m focussing on.
As our team moves towards Continuous Delivery we’ve become more frustrated with standard build tools such as Jenkins or Bamboo. The idea of treating your build plan like code, in source control with tests is an appealing proposition. LambdaCD is also written using Clojure and could be a way to get our developers trying out languages that appeal to them, without having to take on production code as the first opportunity.
Automated testing of the responsiveness of web pages is something we’ve been aiming for. Testing across mobile devices addresses some of this area, but testing the actual layout of a page has always been tricky. The Galen Framework looks like it could be a solution to that very problem.
Given the amount of JSON we use across our whole application, having a simple library to make assertions on this consistent and easy. I’ve not come across the developer Skyscreamer before, but looks like they have provided other useful open source licences as well.
Over the years we’ve had a couple of incidents where private keys, passwords or other secrets have been checked into our production code. Done by well meaning engineers, but ultimately the wrong solution, Talisman hooks into the pre-push hook of Git to check code and ensure this never happens. Yes, this is a ThoughtWorks library in the ThoughtWorks radar, but I’ll let them off! Next step for me would be to see this check run in our build tool on a regular basis to provide extra protection.
Having recently taken on the task of implementing an identity management solution within our platform it’s good to see a SaaS based approach to identity management. Auth0 won’t work for everyone, but there are many situations when this is the easiest (and most secure) way to add authorisation to your app.