Building out products and features is no longer about owning all the code used. As technology continues to grow at an astronomical rate, it remains necessary to utilize open-source code in the form of third-party packages and APIs.
Third-party packages and APIs enable you to leverage code written by other individuals to get to your goals faster and build out desired features with ease. A great example of this would be the requests package in Python. This package lets you simplify HTTP requests so you can automate your processes without worrying about the overhead. Though requests is a highly used and well-maintained package, there are thousands of other projects out there which can be leveraged—so how can you decide which package is best to use? Integrating with third-party code can be broken down into 3 major areas of consideration: vetting the package, determining security risks, and implementing the code.
The last thing any good product security team wants is for their codebase to look something like this:
This nightmare scenario is why security teams use a process known as “secrets management” to find and remove secrets from production code. However, the issue with manual secrets management is that it is a reactive process instead of a proactive one.
September 2, 2021 | Posted by Melodie Moorefield-Wilson
Golang at Pendo
From Pendo’s inception, we have felt strongly about using performant, modern tools and languages to build our product with. Go was a conscious choice because it was built on 3 principles that were crucial to Pendo’s success and agility: efficient compilation, efficient execution, and ease of programming. A future blog post will discuss in detail the process of choosing Go, and all considerations that went into the decision-making process. If you would like to know more about Go, click here for a comprehensive FAQ.
Welcome to the second part of our two part blog on Quality at Pendo, in part one we looked at ensemble testing and how this benefited one of our key releases. In part two we tried our hand at Gorilla testing to see how this form of testing might benefit our testing approach and culture.
To try a different method of testing
To open new channels and methods for communication and collaboration within the quality team
To promote knowledge sharing
To increase test coverage and confidence in areas affected by framework migration (including data)