Archives: Engineering Blog Posts

Engineering Blog Post

Integrating Third-Party Packages

Building out products and features is no longer about owning all the code used. As technology continues to grow at an astronomical rate, it remains necessary to utilize open-source code in the form of third-party packages and APIs.

Third-party packages and APIs enable you to leverage code written by other individuals to get to your goals faster and build out desired features with ease. A great example of this would be the requests package in Python. This package lets you simplify HTTP requests so you can automate your processes without worrying about the overhead. Though requests is a highly used and well-maintained package, there are thousands of other projects out there which can be leveraged—so how can you decide which package is best to use? Integrating with third-party code can be broken down into 3 major areas of consideration: vetting the package, determining security risks, and implementing the code.

Proactive Secrets Management at Pendo

The last thing any good product security team wants is for their codebase to look something like this:

This nightmare scenario is why security teams use a process known as “secrets management” to find and remove secrets from production code. However, the issue with manual secrets management is that it is a reactive process instead of a proactive one.

Using Gosec to find Insecure Code Patterns

Golang at Pendo

Go and Pendo

From Pendo’s inception, we have felt strongly about using performant, modern tools and languages to build our product with. Go was a conscious choice because it was built on 3 principles that were crucial to Pendo’s success and agility: efficient compilation, efficient execution, and ease of programming. A future blog post will discuss in detail the process of choosing Go, and all considerations that went into the decision-making process. If you would like to know more about Go, click here for a comprehensive FAQ.

Quality at Pendo: Our experience of Gorilla Testing

Welcome to the second part of our two part blog on Quality at Pendo, in part one we looked at ensemble testing and how this benefited one of our key releases. In part two we tried our hand at Gorilla testing to see how this form of testing might benefit our testing approach and culture. 

Goals:

  1. To try a different method of testing
  2. To open new channels and methods for communication and collaboration within the quality team
  3. To promote knowledge sharing
  4. To increase test coverage and confidence in areas affected by framework migration (including data)