This initiative has made it possible to complete the catalog of QA tools and refine the implementation of the automatisms associated with FIATC’s delivery and deployment, integrating the SAST analysis and the early evaluation of the applications’ security. Additionally, the bases have been established for the creation of a QA office to govern these processes.
Industry
Insurance
TYpe of Service
Project
Technological Area
The Challenge
FIATC is one of the main national insurers. It is immersed in an ambitious project to optimize different processes, methodologies and tools within the company’s digital environment.
In this context, it was necessary to define a series of protocols and standards to process and guarantee compliance with an adequate quality assurance of the software developed within the organization.
As an initial requirement, FIATC demanded the implementation and configuration of the static code analysis tool that would allow analyzing the technical debt of its assets. But also detect the possible vulnerabilities that these could have in terms of security such as SQL Injection, Log Injection, cross-site scripting, etc.
Our Solution
The first step was to establish all the CI/CD flows and pipelines within the various existing projects. All of this was done on top of Jenkins, using separate pipelines for each project and environment.
Initially, a Gitflow methodology was established in the most current and leading projects. Once validated, it was extended to the rest of the entity’s projects. Over a thousand to date.
Next, the execution and validation of Sonarqube results were integrated into the Jenkins pipelines, enabling this cross-sectional analysis for the rest of the projects. Once the first reports on the security holes and bugs detected were presented, a protocol of action began to be discussed and formalized to address this deficit as soon as possible.
Existing gaps were identified, such as the lack of functional documentation, an issue that was tackled with the support of the QA team.
The toolchain was completed by choosing a tool for prototyping and wireframes (Invision).
Through the test management tool Cucumber Studio (formerly Hiptest) all the scenarios and test runs of each project would be organized and analyzed.
The foundations of the future automation framework were established by choosing a framework based on Java, Cucumber, Junit, Extend Reports and connected via API to Cucumber Studio to synchronize the results of each test run executed in the future in Jenkins.
Finally, the foundations of what would be the future quality office began to be established. It would be in charge of defining quality and safety policies, their automated execution and validation.