To help companies integrate testing into their DevOps cycle, tool provider Coverity recently announced the Development Testing Maturity Model, a guide for implementing testing best practices.

Coverity’s Development Testing Maturity Model works in conjunction with the Coverity Development Testing Platform, but it isn’t solely for users of that platform. Rather, it’s a set of practices for organizations no matter what testing platform they’re using. “Between our open-source experience as well as having worked with a variety of enterprise customers, we’ve come up with this best practices model that the whole industry can use,” said Jennifer Johnson, VP of marketing at Coverity.

The Development Testing Maturity Model outlines a phased-in approach to development testing adoption. “We’re not telling people to just throw in a technology and figure it out or do everything all at once,” Johnson said. “Take incremental steps. That’s how you’re going to be successful.”

The maturity model helps companies find quality and security issues as code is being developed. “We are not saying that we’re going to replace QA testing and security audits, absolutely not. You still need to do them,” said Johnson. “But what this does is it helps remove a lot of the defects in the front end that, right now, QA testers and security auditors waste time trying to fix, like basic bug detection and fixing.”

This helps accelerate the DevOps process, Johnson said, because if you can find the majority of defects in development and fix them before they ever get to a QA tester, then that QA tester can focus on validating that the code works and that it can scale, as well as do load testing. She said it also helps the security auditor to focus on exactly what they were meant to do, which is to look at the software from a security standpoint to make sure that it meets compliance requirements.

“You’ll have more reliability in what you’re actually pushing out into operations. You’re going to have less of a troubleshooting escalation loop back to development once you’re in the field,” Johnson said. “This is because you’re helping everybody eliminate more defects so you get less out in the wild, so to speak. Plus you get more products faster to market, and you get better quality on the back end.”
The Development Testing Maturity Model
Level 1: Automated defect detection: At this level, you take a snapshot of where you are today, use that as your baseline, and then put a policy in place so that you will not introduce any new defects. Johnson recommended that you do this with your nightly builds.

Level 2: Identification of residual risk: This level brings unit testing into the equation. Unit testing, Johnson said, is like a version of the functional testing that QA testers do. But with unit testing, it’s the developers who do the tests. When developers are coding, she said they should be writing a script that helps them automatically test the unit. If developers want to start doing unit testing, Coverity will help them understand where the risk is in their codebase.

Level 3: Developer workflow optimization: This level is where the testing platform is more integrated with the systems that developers are already using in their environment, such as source control, bug tracking and IDEs. Because of this integration, Johnson said developers’ workflows become more automated. They receive automatic notifications when defects are introduced, those tickets are automatically sent to their bug-tracking system, and their source-control-management system lets them more deeply analyze the code changes they need to make.