SlideShare a Scribd company logo
Spira-ling into
Quality Pipelines
@Coveros | @inflectra
Kim Trott
Business Development • Coveros, Inc.
Quick Overview
▪ Quality through End-to-end Traceability
Adam Sandman, Inflectra
▪ Quality Gates: Forcing Functions to Bake Quality In
Jeff Payne, Coveros
▪ SpiraPlan DevSecOps Pipeline Integration Demo
Hugo Sanchez, Coveros
▪ Lessons Learned from Years of Building (quality through)
Pipelines at Coveros - Jeff Payne, Coveros
▪ Q & A
▪ Meet and Greet in Cre8ive Spaces
Spira-ling into
Quality Pipelines
Quality through
End-to-end
Traceability
@Coveros | @inflectra
Adam Sandman
Director • Inflectra Corporation
Inflectra Corporation
inflectra.com • sales@inflectra.com
How SpiraPlan Enables
Progress Tracking and
Visualization through
Dashboards
Firstly, What is Quality?
Quality Control vs. Quality
Assurance
OK, So What is Traceability?
Why does Traceability Matter?
For many industries it’s the law
• ISO 9001 / AS 9100
• Aviation - DO-178C
• Medical – 21 CFR Part 11
• Automotive - ISO 26262
Traceability – Finding the Root
Cause
• Let's work the
problem people.
Let's not make
things worse by
guessing
Gene Kranz, Apollo 13
SpiraPlan – Traceability &
Visibility
Key Metrics and Artifacts
• Requirements
• Tests and Coverage
• Risks
• Known vs. unknowns
• Defects
• Velocity and root cause
Dashboards
Dashboards
Test Coverage
Traceability to Code
Inflectra and Coveros
Spira-ling Into
Quality Pipelines
Quality Gates:
Forcing Functions to
Bake Quality In
@Coveros | @inflectra
Jeffery Payne
CEO, Founder• Coveros, Inc.
Jeffery Payne
CEO, Founder • Coveros, Inc.
• 30+ Years in Software
• Founder of 2+ software companies
• Passionate about Agile & DevOps
Coveros, Inc.
coveros.com • solutions@coveros.com
DevOps & DevSecOps
Development and Operations Tension:
▪ Development wants fast creation and innovation
▪ Operations wants bug-free, secure, and stable
systems
A pipeline is a set of tools, technologies, and
automated processes, enabling teams to
consistently build, test, and deploy software
meeting Quality & Security Requirements.
DevOps / DevSecOps Pipelines
Delivery-focused
Code-focused Quality-focused
From Speed to No Surprises
DevOps / DevSecOps Pipelines
Core components and functions:
▪ Continuous Integration Tools merge
code in a central repository
▪ Continuous Deployment Tools manage
configuration and infrastructure
▪ Continuous Testing Tools automate tests
▪ Automation Servers orchestrate pipelines
Incorporating Quality & Security Gates
Delivery-focused
Code-focused Quality-focused
Incorporating Quality & Security Gates
Incorporating Quality & Security Gates
Incorporating Quality & Security Gates
Spira-ling Into
Quality Pipelines
Integrating a
DevSecOps Pipeline
with the Spira Family
of Tools
@Coveros | @inflectra
Hugo Sanchez
Managing Consultant • Coveros, Inc.
Coveros, Inc.
coveros.com • solutions@coveros.com
Quick Overview
▪ What is a DevSecOps Pipeline?
▪ Finding defects before production quickly
and preventing continuous bugs
▪ Integrating Spira with a Pipeline
▪ Jump-start your efforts to get a working
pipeline on your project
Our Sample Application
https://github.com/7ep/demo/
Built from the ground up using a variety of Agile
development best practices like BDD and TDD.
Our Sample Application
Testing includes: Unit tests, Database tests,
Acceptance Tests, Security static analysis, API
tests, UI BDD tests, UI tests, Security dependency
analysis, Performance tests and Mutation tests.
https://github.com/7ep/demo/
Application Artifacts in Spira
▪ Release
▪ Requirements
▪ Test Cases
▪ Test Runs
▪ Product QA Dashboard
Our Demo Pipeline
Build and Integration
Quality Assurance & Staging
▪ Code Repository - GitHub
▪ Build - Gradle
▪ Unit Tests – JUnit / JACOCO
▪ Database Tests – Executed with
JUnit
▪ Automated Acceptance Tests –
Cucumber
▪ Security: Static Analysis –
SonarQube
▪ Deploy to TEST – Deployed with
Tomcat
▪ API Tests – PyTest
▪ UI BDD Tests – Quick readiness
check, Behave (similar to
Cucumber, Gherkin syntax),
Selenium
▪ UI Tests – JUnit, html UnitTests and
Selenium
▪ Security: Dependency Analysis –
OWASP Dependency Check
▪ Performance Tests – JMeter
▪ Mutation Tests – PiTest
▪ Send Results to Spira – Python /
Jenkins Pipeline
▪ Build Documentation – Javadoc
Our Demo Pipeline
Integrating Spira
DevSecOps Pipeline
Spira
Release
• Requirements
• Test Cases
• Test Runs
• Product Dashboard
Release Decision
Build
Automated Tests
Deployment to TEST
Automated Tests
Analysis
Documentation
Update Spira
Deploy / Release
Trigger
Update
• Requirements
• Test Cases
• Test Runs
• Product Dashboard
Trigger
DevSecOps
Pipeline
Demo
Updated Artifacts in Spira
▪ Release
▪ Requirements
▪ Test Cases
▪ Test Runs
▪ Product QA Dashboard
Key Takeaways
▪ The move to DepSecOps is happening. Testing is
needed otherwise what ends up in production might not
reflect the level of quality you desire
▪ Quality is important on a pipeline because you don’t
want continuous bugs
▪ Pipelines enable rapid feedback (Defects) from your
customers and the ability to detect defects prior to
production quickly and fix them
▪ You already have a foundation with the Spira toolset
and we can integrate them for you
Spira-ling Into
Quality Pipelines
Lessons Learned from
Years of Building
(quality through)
Pipelines at Coveros
@Coveros | @inflectra
Lessons learned
▪ Start with simple quality & security gates
▪ Focus first on automating you code-focused
gates
▪ Expect to have to coach development teams
on how to pass gates
▪ Watch for those who circumvent the process
Coveros helps companies accelerate the
delivery of secure, reliable software with
agile methods
Agile/DevOps Transformations
Agile Software Development
Agile Testing & Automation
DevOps Engineering
DevSecOps
Agile, DevOps, DevSecOps,
Testing Training
Open Source Products
Questions?
Thank You!
Enjoy Cre8ive Spaces
Chat with us about
hosting your next
event in a
Creative Space

More Related Content

What's hot (20)

PDF
5 Principles to Managing Your Application Lifecycle with SpiraTeam
Adam Sandman
 
PPTX
Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019
Inflectra
 
PPTX
DevGeekWeek 2017 Inflectra Meetup in Herzliya Presentation
Adam Sandman
 
PPTX
Developer 1: Workflows And Code Management
Inflectra
 
PPTX
Say Goodbye To Old Tools And Stay Sane
Inflectra
 
PPTX
Methodologies 3: Using Spira for Waterfall
Inflectra
 
PPTX
Testing 2: Advanced Test Management
Inflectra
 
PPTX
Rapise Overview Presentation (2021)
Inflectra
 
PPTX
TaraVault Overview Presentation (2019)
Inflectra
 
PPTX
Developer 2: Building A DevOps Toolchain
Inflectra
 
PPTX
Program And Portfolio Management
Inflectra
 
PPTX
Don't Let Your Users be Your Testers - Lunch & Learn
Adam Sandman
 
PPTX
TaraVault Overview Presentation (2021)
Inflectra
 
PPTX
Extending Spira With Add-Ons
Inflectra
 
PPTX
Rapise Overview Presentation (2019)
Inflectra
 
PPTX
Keynote: Inflectra Company Vision - InflectraCon 2019
Inflectra
 
PPTX
Testing 3: Data-Driven Testing
Inflectra
 
PDF
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
Edureka!
 
PPTX
RemoteLaunch Overview Presentation (2021)
Inflectra
 
PPTX
Test Masters 2016 Spring Conference
Adam Sandman
 
5 Principles to Managing Your Application Lifecycle with SpiraTeam
Adam Sandman
 
Spira 101 - How We Designed Spira To Be Used: InflectraCon 2019
Inflectra
 
DevGeekWeek 2017 Inflectra Meetup in Herzliya Presentation
Adam Sandman
 
Developer 1: Workflows And Code Management
Inflectra
 
Say Goodbye To Old Tools And Stay Sane
Inflectra
 
Methodologies 3: Using Spira for Waterfall
Inflectra
 
Testing 2: Advanced Test Management
Inflectra
 
Rapise Overview Presentation (2021)
Inflectra
 
TaraVault Overview Presentation (2019)
Inflectra
 
Developer 2: Building A DevOps Toolchain
Inflectra
 
Program And Portfolio Management
Inflectra
 
Don't Let Your Users be Your Testers - Lunch & Learn
Adam Sandman
 
TaraVault Overview Presentation (2021)
Inflectra
 
Extending Spira With Add-Ons
Inflectra
 
Rapise Overview Presentation (2019)
Inflectra
 
Keynote: Inflectra Company Vision - InflectraCon 2019
Inflectra
 
Testing 3: Data-Driven Testing
Inflectra
 
DevOps Testing | Continuous Testing In DevOps | DevOps Tutorial | DevOps Trai...
Edureka!
 
RemoteLaunch Overview Presentation (2021)
Inflectra
 
Test Masters 2016 Spring Conference
Adam Sandman
 

Similar to Building Quality into Your DevSecOps Pipelines (20)

PPTX
Quality Assurance to Test Engineering – Insights From our Journey by Oksana S...
QA or the Highway
 
PDF
Virtual Dreamin Salesforce DevOps Top 10
Richard Clark
 
PDF
The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...
SmartBear
 
PPT
SOASTA Webinar: Process Compression For Mobile App Dev 120612
SOASTA
 
PPTX
AUG NYC June 12 - Event Presentations
Madhusudhan Matrubai
 
PDF
Quali webinar de-mystifyind dev_ops-a practitioner’s perspective
QualiQuali
 
PPTX
Modern SDLC and QA.pptx
Zaid Shabbir
 
PDF
Continuous Deployment To The Cloud @DevoxxPL 2017
Marcin Grzejszczak
 
PPTX
Shift Left Quality Assurance: How to do it. Why it matters.
Worksoft
 
PDF
Quality Loopback
Omar Bashir
 
PDF
Patterns and Practices of a Successful DevOps Transformation
Chef
 
PPTX
Continuous Integration (CI) is about more than releases
Chris Riley ☁
 
PDF
Datatree.io Webinar: Continuous Integration & Delivery for Agile Teams
Tara Walker
 
PDF
How to achieve shorter release cycles for medical devices?
Bluefruit Software
 
PPT
Continuous Load Testing with CloudTest and Jenkins
SOASTA
 
PDF
Continuous Delivery at Ancestry.com
TechWell
 
PPTX
SecDevOps: The New Black of IT
CloudPassage
 
PDF
Continuous Deployment of your Application - SpringOne Tour Dallas
VMware Tanzu
 
PPTX
DevOps_service.pptx
phamvinhcntt
 
PPTX
Is DevOps The Right Career Option To Choose In 2024? | Career Growth In DevOp...
Simplilearn
 
Quality Assurance to Test Engineering – Insights From our Journey by Oksana S...
QA or the Highway
 
Virtual Dreamin Salesforce DevOps Top 10
Richard Clark
 
The API Lifecycle Series: Exploring Design-First and Code-First Approaches to...
SmartBear
 
SOASTA Webinar: Process Compression For Mobile App Dev 120612
SOASTA
 
AUG NYC June 12 - Event Presentations
Madhusudhan Matrubai
 
Quali webinar de-mystifyind dev_ops-a practitioner’s perspective
QualiQuali
 
Modern SDLC and QA.pptx
Zaid Shabbir
 
Continuous Deployment To The Cloud @DevoxxPL 2017
Marcin Grzejszczak
 
Shift Left Quality Assurance: How to do it. Why it matters.
Worksoft
 
Quality Loopback
Omar Bashir
 
Patterns and Practices of a Successful DevOps Transformation
Chef
 
Continuous Integration (CI) is about more than releases
Chris Riley ☁
 
Datatree.io Webinar: Continuous Integration & Delivery for Agile Teams
Tara Walker
 
How to achieve shorter release cycles for medical devices?
Bluefruit Software
 
Continuous Load Testing with CloudTest and Jenkins
SOASTA
 
Continuous Delivery at Ancestry.com
TechWell
 
SecDevOps: The New Black of IT
CloudPassage
 
Continuous Deployment of your Application - SpringOne Tour Dallas
VMware Tanzu
 
DevOps_service.pptx
phamvinhcntt
 
Is DevOps The Right Career Option To Choose In 2024? | Career Growth In DevOp...
Simplilearn
 
Ad

More from Inflectra (20)

PPTX
Inflectra Partner Program Information (2025)
Inflectra
 
PPTX
Inflectra Company Overview Presentation (2025 Update)
Inflectra
 
PPTX
KronoDesk Overview Presentation (2025 Update)
Inflectra
 
PPTX
Rapise Overview Presentation (2025 Update)
Inflectra
 
PPTX
SpiraTest Overview Presentation (2025 Update)
Inflectra
 
PPTX
SpiraTeam Overview Presentation (2025 Update)
Inflectra
 
PPTX
SpiraPlan Overview Presentation (2025 Update)
Inflectra
 
PPTX
Inflectra Company Overview Presentation (2025)
Inflectra
 
PPTX
Inflectra Company Overview Presentation (2025)
Inflectra
 
PPTX
InflectraCON 360: Risk-Based Testing for Mission Critical Systems
Inflectra
 
PPTX
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
PPTX
From Theory to Practice: Utilizing SpiraPlan's REST API
Inflectra
 
PPTX
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
Inflectra
 
PPTX
From Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
Inflectra
 
PPTX
Webinar: SpiraTeam - A Jira Alternative to Revolutionize Your Project Management
Inflectra
 
PPTX
Webinar: Discover the Power of SpiraTeam - A Jira Alternative To Revolutioniz...
Inflectra
 
PPTX
Inflectra Lightning Session: Exploring the Full Potential of the Inflectra Suite
Inflectra
 
PPTX
Webinar: Unleashing the Power of Spira 7.7 - Scaling Agile with Program Capab...
Inflectra
 
PPTX
Webinar: Transforming Healthcare QA with SpiraTeam - Achieving Excellence in ...
Inflectra
 
PPTX
Intro inflectra PTA DATIS Summit 2023
Inflectra
 
Inflectra Partner Program Information (2025)
Inflectra
 
Inflectra Company Overview Presentation (2025 Update)
Inflectra
 
KronoDesk Overview Presentation (2025 Update)
Inflectra
 
Rapise Overview Presentation (2025 Update)
Inflectra
 
SpiraTest Overview Presentation (2025 Update)
Inflectra
 
SpiraTeam Overview Presentation (2025 Update)
Inflectra
 
SpiraPlan Overview Presentation (2025 Update)
Inflectra
 
Inflectra Company Overview Presentation (2025)
Inflectra
 
Inflectra Company Overview Presentation (2025)
Inflectra
 
InflectraCON 360: Risk-Based Testing for Mission Critical Systems
Inflectra
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
From Theory to Practice: Utilizing SpiraPlan's REST API
Inflectra
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
Inflectra
 
From Challenger to Champion: How SpiraPlan Outperforms JIRA+Plugins
Inflectra
 
Webinar: SpiraTeam - A Jira Alternative to Revolutionize Your Project Management
Inflectra
 
Webinar: Discover the Power of SpiraTeam - A Jira Alternative To Revolutioniz...
Inflectra
 
Inflectra Lightning Session: Exploring the Full Potential of the Inflectra Suite
Inflectra
 
Webinar: Unleashing the Power of Spira 7.7 - Scaling Agile with Program Capab...
Inflectra
 
Webinar: Transforming Healthcare QA with SpiraTeam - Achieving Excellence in ...
Inflectra
 
Intro inflectra PTA DATIS Summit 2023
Inflectra
 
Ad

Recently uploaded (20)

PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
DOCX
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
PDF
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PDF
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PPTX
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
PDF
Staying Human in a Machine- Accelerated World
Catalin Jora
 
PDF
Advancing WebDriver BiDi support in WebKit
Igalia
 
PDF
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...
Rejig Digital
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
DOCX
Cryptography Quiz: test your knowledge of this important security concept.
Rajni Bhardwaj Grover
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
Staying Human in a Machine- Accelerated World
Catalin Jora
 
Advancing WebDriver BiDi support in WebKit
Igalia
 
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...
Rejig Digital
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
Cryptography Quiz: test your knowledge of this important security concept.
Rajni Bhardwaj Grover
 

Building Quality into Your DevSecOps Pipelines