Software is ever changing, and with software releases being pushed out almost every week with multiple people involved, it can be easy to get lost or make a mistake. Experts talk about DevOps and agile as being methodologies for achieving better, faster and higher-quality code, but in order to achieve that, development teams need to be able to track, manage and control their code.
“For individuals and small teams, managing software changes and collaborating between team members can be sometimes difficult,” said Scott Rose, senior director of product management at CollabNet. “As these teams grow and/or individuals/groups become dispersed, managing these changes effectively becomes near impossible.”
Software Configuration Management (SCM) is becoming a vital part of a developer’s workflow for tracking changes and managing software assets, according to Rose. “Visibility to changes, incorporating modifications from team members and merging these changes with clear visibility to the changes made across the organization are the core reasons why SCM tools are critical to the workflow,” he said.
Not only is SCM important for tracking work, but it also gives developers a way to go back in time in order to figure out why an unwanted event happened. “If someone makes a mistake, let’s say a customer reports a bug, you want to have the ability to go into your system, see when the change was made, who made the change, and isolate that,” said Jeremy Epling, principal program manager at Microsoft. “It also helps you understand the why behind a change instead of just looking at what that change.”
Implementing an effective SCM process can also help enterprises safeguard their intellectual property. “Intellectual property security risks exist as they pertain to possible malicious or inadvertent loss of code or its unauthorized distribution to third parties,” said Rose. “These can happen if a developer loses her laptop with precious code on it, for example, [or] if a disgruntled employee abuses the Git history rewrite command to erase an important repository, or a rogue user gets access to code, copies it, and shares it with an unauthorized third party.”
SCM prevents this from happening by allowing users to maintain a master repository, and giving them the ability to enforce credentialed access and role-appropriate permissions, according to Rose.
In addition, SCM helps large enterprises control Git swarm, which happens when the number of Git repositories and projects become too large and difficult to discover or manage, according to Rose. SCM allows enterprises to easily discover and reuse code by creating a hierarchy or projects and code repositories.
To have a successful SCM process in place, Rose and Epling recommend integrating a code-review system if the SCM solution doesn’t already have one. Code reviews allow other team members to comment on and have detailed discussion about a particular piece of the project.
“One of the great things about it is it enables an end-to-end flow of social code review, which we have seen really increases the quality of your codebase if you have other people looking at it,” said Epling.
Teams should also tightly integrate their SCM process into their software development framework so team members can see if a set of changes changed a build, if tests ran, and whether or not it got released into production. “Having all of those different pieces linked together is what really builds an end-to-end system for people as opposed to just having a SCM system, which is really important and everyone should be using. But it is a piece of this larger system,” said Epling.
Git-ing in control of SCM
Version control is a big part of SCM because it provides the ability to record changes or recall a specific version when necessary. There has been a movement in the industry toward distributed version-control systems, specifically Git, according to Epling.
“Everyone is moving toward Git, and it is just a matter of when they are planning to move to Git,” he said. This is because of its ability to allow teams to work offline, he explained.
“There [are] a lot of distributed teams, a lot of people who work with people all over the country. When you think of all the different people that contribute to your product, having a full copy of the codebase and all of its history right on your local machine and being able to go through it in cases where your Internet connection isn’t great helps teams work really efficiently locally.” It also gives developers the ability to on their laptop at a coffee shop, in their office, or even on an airplane as it does not require continuous connectivity to the master repository, CollabNet’s Rose added.
In addition, Git makes it very easy for teams to create branches, work in isolated environments and integrate back into the workflow. “Feature-branch development enables multiple development vectors to occur at the same time without disrupting processes on the main branch,” said Rose. This helps make an agile process easier because sometimes team members will be assigned a certain user story or feature, so having the ability to branch off and immediately start working on it makes the process much more productive, according to Epling.
“You can divide your work into a set of chunks that is easy for someone else to digest and give you feedback on,” he said.
What makes an SCM solution the right solution?
You can’t just pick up the tool of the week; the right tool depends on the workflow of a team or an organization. While some organizations may benefit from centralized version-control tools, others might be better suited for distributed version-control systems or a combination of the two. However, there are key features that teams can look for in order to make their lives easier. SD Times spoke to experts to discuss important factors they deem necessary in any SCM solution.
Scott Rose, senior direct of product management at CollabNet
While Rose thinks it depends on the developer and environment, he sees some developers prefer: 1. A completely transparent tool that manages version control, but is invisible to the developer’s workflow. 2. A more regimented and visible version-control system that controls and/or visualizes the various activities of the SCM workflow process 3. An SCM tool that is flexible to the expected changes that may occur over the course of a project/product. A modern SCM tool should not control the workflow and force developers to operate in a certain way.
Jeremy Epling, principal program manager at Microsoft
“I would look at solutions that have an on-premise and cloud offering that are very similar. If I have a bunch of compliance [issues] that I have to go deal with, and maybe the service doesn’t support that yet, or I have a specific need to keep it locally, you want to know if you are going to have that same product across both and have a seamless transition. I think if you are a small to enterprise-size team, you are going to want to care a lot about policies and control, so you are going to make sure there is a great system for single sign-in. Also being able to set up a set of policies to make sure that code reviews happen or builds happen and they are successful, which really creates code quality. And then just having an efficient, easy-to-use workflow. People need to be able to get into the product quickly, figure out how to use it, and move through.”
A guide to SCM tools
Atlassian: FishEye is a tool that allows users to search, track and visualize code changes for commits, files, or revisions across SVN, Git, Mercurial, CVS and Perforce. Users can compare changes side-by-side, get a graphical representation of activity, track what is happening throughout their projects with activity streams, and search their code.
Codice Software: Plastic SCM is an SCM tool designed to track source-code and digital asset changes over time. With Plastic SCM, users can host their projects in the cloud, collaborate with teams, replicate operations, control their repositories, achieve agility, visualize their work, sync with Git, and use a simple workflow.
CollabNet: Created by CollabNet, founder of Subversion and a major contributor to Git and Gerrit, TeamForge SCM enables enterprises and government agencies to leverage the advantages of distributed (Git) or centralized (SVN) version-control systems, while providing a better experience for developers and ensuring compliance, governance, and IP security across all source code-related activities.
Mercurial: An SCM tool written in Python designed to handle projects of any size. It features a distributed architecture to give developers a local copy of their development history; the ability to increase the tool’s functionality with extensions; and a consistent command set that is easy to use and easy to learn. Mercurial is open source under the GNU General Public License Version 2.
Micro Focus: AccuRev is an SCM tool designed to tackle complex parallel and distributed development environments, accelerate development processes, and improve asset reuse. It features a stream-based architecture that defines various configurations and automatically manages relationships with other streams; changed-based development to give teams the ability to manage and track all changes; enterprise version control that allows developers to work in their own private workspace; and stream inheritance that can automatically perform merges.
Microsoft: Microsoft offers Visual Studio Team Services as its cloud offering and Team Foundation Server as its on-premises offering. Both solutions integrate with all popular IDEs, and allow teams to share code, track work, and ship software. The solutions provide Git repositories for code; Continuous Integration; bug and task tracking; agile planning tools; and the ability to work in any language using Visual Studio, Eclipse, IntelliJ, Android Studio, Xcode or another IDE or code editor. In addition, the solutions provide easy single sign-on and multi-factor authentication using Active Directory and Microsoft Account for extra security.
Perforce: Perforce helps companies build complex products more collaboratively and securely with its highly scalable source code management and collaboration platform, Perforce Helix. Helix includes: the Helix Versioning Engine with centralized and DVCS capabilities for files of any type or size; Helix GitSwarm, a complete ecosystem for Git-based development; and Helix Swarm, a comprehensive Gerrit-style review application. Helix is available on-prem or in the cloud.
SCM-Manager: A Java Web application for creating and managing Git, Mercurial and Subversion repositories. It provides easy access to the repositories over HTTP or HTTPS; has centralized user, group and permission management; and is completely configurable from within its Web interface.
Seapine: With Surround SCM, users can ensure they have secure version control of their digital assets. The solution features complete control over branching, promoting, rebasing, and versioning; the ability to create branches and labels; built-in code review; a bird’s eye view of file history; electronic signatures; full text search; on-the-go Web access; configurable workflows to define, control and track an individual state of files undergoing change; and detailed reports.
SourceForge: Diffuse is a small and simple graphical tool for merging and comparing text files. Developers use Diffuse to merge, edit and review code changes. Diffuse can compare an arbitrary number of files side by side. Users also have the ability to manually adjust line matching and directly edit files. Diffuse can also retrieve revisions of files from Git and other repositories for comparison and merging.