Tag: quality

Exploit Insights into your Cloud Application

If you develop or deliver cloud applications, you can benefit from automated knowledge fostering and exploitation. For instance, if you compose your app from multiple microservices, then you want to consider the app tainted from a security perspective once one of the microservices is found to be vulnerable. Likewise, if you bundle containers and cloud functions into a complex application, you would like to know upfront if, due to technical limitations in one small gear of the whole machinery, you will have a restricted choice of clouds to operate it. We will deliver a tutorial showing you how to accomplish that. Join us at the 9th IEEE International Conference on Cloud Computing in Emerging Markets (CCEM 2020) on November 7 to learn more!

Microservices in Numbers: Diagnostic Docker Deep Dive (Online Tutorial at CLOSER 2020)

Cloud applications are typically designed as coupled microservices and deployed in managed containerised form. Industry trends around container build processes, deployment packages, management platforms and abstractions (e.g. cloud functions) are still fast-paced. Developers and operators need to be able to tell good from bad practices based on automatically determined metrics. Assuming they participate in this tutorial, they will learn how to do that on a hands-on level. We introduce approaches and open source tools for quantitative assessment of containers and other microservice technologies and ecosystems. On the research side, we explain how this blends with policy-driven deployments, trusted cloud execution and data science opportunities.

The three-hours tutorial will be offered at the CLOSER 2020 conference (originally scheduled in Prague, now online) in the afternoon on May 7. Registration information is available from the conference website.

On Using OpenData.Swiss

In Switzerland, opendata.swiss is the go-to location for any open dataset resulting from federal, cantonal or municipal sources. From a societal and economics perspective, the portal is an important asset following the “protect private data, make use of public data” mantra, and has already led to digital innovation through the availability of many third-party applications. In this research blog post, we look at some numbers associated with the portal.

Continue reading

Docker image checks: Quality, security, up-to-dateness, layers and inheritance

Docker images have become the valuta franca in the cloud and container platform world. Although on the path to vendor-neutral standardisation (e.g. with OCI also being in Docker Hub for a year now), developers for now have settled on plain Docker as de-facto standard due to the vast ecosystem of base images and dependency images which speed up the rapid prototyping of complex scalable applications. From a production-grade DevOps perspective, a key concern is then to be assured that the containers used are of high quality, not infected by security vulnerabilities, and still containing the latest features available. In this blog post, a novel approach to visualise the situation around a particular container image is presented.

Continue reading

Introducing the Docker Compose Validator

When cloud application developers are working with docker-compose to combine multiple microservices into a single manageable entity, they can make some easy mistakes. To prevent these mistakes, they can rely on internal validation logic, which however does not catch many of the typical issues. Therefore, researchers at the Service Prototyping Lab at Zurich University of Applied Sciences wrote a dedicated quality check and assessment tool targeting developers, but also students trying to learn the technology, which has a wider range of checks. The DCValidator tool is available as a web application (see demo instance) or command-line interface. This blog post describes how to check that docker-compose files are free of issues.

docker-compose validator Web interface
Continue reading

Reflections on software artefact quality tutorial

Our work in the Service Prototyping Lab at Zurich University of Applied Sciences consists of applied research, prototype development and conveying knowledge to industry. In this context, we have worked hard over the previous two years to gather educational and hands-on material, including our own contributions, for increasingly valuable tutorials. From single lectures to half-day and eventually full-day tutorials, we aim at both technology enthusiasts and experienced engineers who are open for new ideas and sometimes surprising facts. In this reflective blog post, we report on this week’s experience of giving the full-day tutorial on microservice artefact observation and quality assessment.

Continue reading

Summer school on software evolution – Summary

From September 2 to 4, 2019, Tampere University hosted the INFORTE.fi-supported summer school on Software Evolution: From Monolithic to Cloud-Native. The Service Prototyping Lab at Zurich University of Applied Sciences contributed with five lectures (and one coincidental serverless meetup talk) to increase theoretic knowledge and practical skills of Finnish doctoral students and developers on microservices and software engineering for the cloud. All presentations are available online but as usual the slides do not capture discussions and industry relevance, so read on to get to know more about this.

Continue reading

Quality analysis of dapps: Just like cloud apps?

Looking into a possible post-cloud world, we see mentions of different computing paradigms, many of them based on decentralised structures to overcome scalability and user control limitations. Among them is blockchain-as-a-service (BCaaS or BaaS), mimicking the platform-as-a-service (PaaS) user experience for both application providers and consumers. In PaaS, providers first sign up and subscribe to the platform, then design and build their applications and deploy them to the platform where it is executing either permanently or upon incoming network requests or other event triggers. Additionally, developers may advertise their apps at technology-specific hubs such as AWS SAR or Helm Hub. Consumers then adhere to the application terms, which might require a sign-up at the provider site, before being able to invoke and make use of the application.

Continue reading