• How to integrate Sonatype Nexus Lifecycle with Atlassian Tools

    25 February 2020
    Comments are off for this post

    Introduction

    It is a fact that no software is built from scratch. Almost all of us are using 3rd party libraries to speed up the development lifecycle. Hence it is important to ensure that the open source components used are safe. Otherwise it could be the weakest link. This post introduces the possible integration between Sonatype’s Nexus Lifecycle and Atlassian toolset for DevSecOps.

    Sonatype Nexus platform addresses this challenge with earlier detection of security risks/non-compliance.

    Sandbox Application Build Report

    The products in the suite are

    • Nexus Lifecycle scans the open source components used and lists any reported vulnerabilities found. It also provides advice on which version is safe to use and the popularity of the open source components
    • Nexus Firewall prevents unauthorised/unsafe open source components from being downloaded from Internet to your artifact repositories like Nexus Repository or Jfrog Artifactory
    • Nexus Repository Manager caches the public components locally as well as storing the binary artifacts generated from CI/CD tools

    Sonatype is a market leader in this area because comprehensive coverage and higher accuracy (less false positives and less true negatives).

    Integrations

    Automated scanning during builds with Bamboo

    With the Nexus IQ for Bamboo app, developers can easily add a step to perform the IQ Analysis Task to the Bamboo build plan

    Sonatype Task in Bamboo

    Configure the Sonatype task in Bamboo

    With that, it is possible to see the scan results for each build. Developers can do comparison easily from the historical results from the Full Report link.
    The Nexus IQ server will only display the latest report for each stage of each application

    See the IQ Policy Evaluation results in Bamboo

    Policy Violation tracking using Jira

    Nexus IQ for Jira app can create Jira issues for selected policy violations.
    This allows the developer team to track the task easily and all the discussions and decisions are kept in context within the report.
    This reduces duplicate effort and speeds up resolution time by seeing how other teams solved the issue.

    Screenshot of Jira triggered by IQ Evaluation

    The organisation is clearly structured. Each IQ evaluation is a parent issue with each affected component as a subtask.

    A possible customisation will be to set the Affected Version(s) field.

    Policy Violation Overview in Pull Requests from Bitbucket

    The Sonatype Nexus Notifier for Bitbucket displays the Nexus Lifecycle policy evaluation information in pull requests.
    With this feature, the gatekeeper can ensure that the changes introduced meet the quality and governance guidelines before merging it to master.

    Display the Policy Violation found in Bitbucket

    Conclusion

    With the various integrations introduced, it is easier to ensure the delivery of quality software by empowering the developers throughout the various stage of development.

    Security should be everyone’s responsibility

    Share this post

  • Automating Tempo with ScriptRunner: Fast, Convenient, Efficient

    4 December 2019
    Comments are off for this post

    This is a guest blog from our partner – Tempo.

    Automation in Tempo is easy with the help of a tool like ScriptRunner! The team recently joined forces with Adaptavist and released 5 productivity scripts to automate parts of the process within the Tempo Suite. Today we’ll go over some use cases and scenarios for some Tempo ScriptRunner scripts. That being said, you can learn to automate some parts of Tempo and Tempo Timesheets in the automation webinar happening on December 5th with our partner Adaptavist.

     

    Never heard of ScriptRunner or Tempo? Time to elevate your game!

    ScriptRunner, one of the top apps on the Atlassian Marketplace, enables you to extend, automate, and customize your Atlassian stack via your own scripts or through some premade ones.
    Tempo, another top app on the Atlassian Marketplace, provides efficiency and visibility-enhancing apps such as Tempo Timesheets, Tempo Planner and Tempo Budgets to help IT, software development, consultancy, and business teams work smarter.

     

    Why should you care?

     Automating parts of Tempo enables added customization and simplification of the tool without creating recurring steps for your team. In other words, the user or team lead looking to perform specific actions from Tempo will not have to manually perform those actions anymore. By leveraging the pre-written scripts offered in the Tempo ScriptRunner Library, those actions will be automatically done!

     

    Today’s example: Get Tempo Plans Using the REST API for a Set Time Period

    This script uses Tempo Planner, a tool to streamline the management of teams and resources to quickly find available team members and maximize your resource utilization. As the name of the script suggests, ScriptRunner now has a way to remove some pesky manual labor and automate the process of pulling Tempo plans of interest for a given Jira Issue.

     

    Where does this script shine?

    Let’s take the case of Taylor, a team lead for Rougetech. Every month, Taylor and her team get together for their monthly planning. In it, they plan time for each team member on the tasks that they must do.

    In other words, her current steps to see the total plans for the next 4 weeks are as follows:

    1. In Jira, navigate to Tempo Planner and plan the task for the team
      Plan time for the team using Tempo

      In your Tempo Planner page, you will have the possibility of filtering the view to your team. The capacity of the team and the individual members will be displayed for the determined period.

    2. After the planning has been completed, Taylor will be able to revisit an issue to see who all the collaborators are, and quickly calculate the total time planned to see if it matches her initial prediction and budget.

      Planned Time for collaborators for Tempo

      The issue “Have Fun!” showcases all the planned time under “Collaborators”

     

    That being said, this is slightly annoying for Taylor because of the following:

    • She has to manually sum the time to find out how much time has been planned on the issue
    • It does not say when that time is being planned for as the issue shows the total planned time only

    On the surface, this might not seem like much and it could end up simply saving 5-20 minutes per issue. But, let’s not forget the following:

    1. Taylor has to look at more than one issue every month, making her waste even more time
    2. Taylor has to do the same steps over and over again when they can be automated
    3. Taylor has no idea if all the planned time is evenly broken up or if it’s all planned during a certain week

    This repetition of a mundane task could also be a widespread practice throughout the whole organization. Other team leads could be following the same practice (especially if it is standardized), meaning that the company is losing hundreds, if not thousands of dollars on such a little thing.

     

    In other words, the script does the following:

    • Reduces the amount of manual labor necessary to attain the end result
    • Gets the total time for the relevant period immediately when visiting an issue
    • Decreases the potential human error to near zero
    • Automatically displays the planned time of a determined time period for an issue as a Jira custom field. This allows for reporting on planned time in the Jira issue view and to include the planned time information in other Jira reports
    • Compare total estimated time with remaining planned time. Enables you to quickly query on those issues that are over- or underallocated

     

    But the use case does not limit itself to monthly planning!

    There are many other scenarios where this script can save precious time for the end user and the organization.

    For example, a manager in a consulting firm could be looking at the staff’s planned hours for a client’s issue to ensure that for a given time period, the time planned does not exceed the contractual agreement with the client. If it does, then the firm can let the client know that they will charge extra.

    Or if for example people were logging time on an off-site issue (such as meeting clients or being on the road), then it would help a manager quickly understand how much time his team is spending off-premise, and help determine the remaining capacity of his team for a predetermined time frame.

     

    How do I get my hands on the script?

     The beauty in this partnership is its simplicity. In short:

    1. Get ScriptRunner via the Atlassian Marketplace or the “Add-ons” page in Jira’ settings
    2. Head to the Tempo – Adaptavist Library found here and subscribe to the library
    3. Go to the script of interest and copy the script in your ScriptRunner
      ScriptRunner groovy script

      All you have to do is to copy-paste the script in your ScriptRunner terminal and tweak the variables to your use case.

      Are there other scripts like this?

      Today, we quickly went over one of the newly published scripts made by the Tempo-Adaptavist partnership for Tempo Planner and some scenarios in which time could be saved through automation.

      More scripts have been recently published in the Tempo-Adaptavist library. One way to learn more about those scripts would be to join the automation webinar “Save time with tempo and ScriptRunner automations” on December 5th. You can register for the event here to get a recording.

       

    Share this post

  • Color Matters

    26 December 2017
    Comments are off for this post

    Here is a post to commemorate the release of a new feature: Color Scheme Enhancement for Multiple Filters Chart Gadgets version 2.1.0

    1. “What purpose will this color serve?”
    2. “Will this (color) serve it’s purpose effectively?”

    When color is used effectively, it brings life to the charts and directs users to focus on details required for effective communication.

    Such as to (1) highlight a particular data, (e.g. Tasks that has yet to be completed)

    (2) encode quantitative values, (e.g. Density of importance corresponds to darker shades)

    and, (3) to group items.

    Colors themselves tell a story, and it’s the responsibility of the designer to make sure the palette used does not create confusion within a data visualization.

    Thus, the palettes used are to have enough variation in hue and brightness.

    Try out the different color palettes available in Multiple Filters Chart Gadget and explore the possibilities with colors.

    Fun Fact:

    Image Retrieved From https://thumbnails-visually.netdna-ssl.com/color-emotion-guide_512d42458efc1_w1500.png

    Available on the Atlassian Marketplace

    Share this post

  • Get Ready For 2017 With The Right Tool

    8 December 2016
    Comments are off for this post

    “You are only as good as your tools”

    If you are using tools like IntelliJ IDEA, Resharper, PyCharm, RubyMine or WebStorm, this might be useful info for you.

    icon_IntelliJIDEAicon_resharpericon_PhpStorm icon_RubyMine icon_WebStorm

    (more…)

    Share this post

  • Powering your Dev Teams Contest #2

    8 August 2016
    Comments are off for this post

    Akeles-PowerCube-ads

    We are organising a series of contests for the IT folks in Singapore.

    For this month, 10 lucky winners with the correct answers will get to win a Allocacoc PowerCube Remote Original + PowerRemote each. 

    The submission will close on 31 August 2016 2359hrs Singapore time

      Your Name

      NRIC

      Your Email

      Phone number

      Your answer

      Which of the following is not true on the differences between Git and Subversion?

      Git is much faster in performance than SubversionGit doesn't need a network connection to create commitsFeature branches works better with Git branchesSubversion works on Pull Requests and Git uses branches

      Security Check

      captcha
      Retype the character from the picture above

       

      I have read and agree to the terms and conditions below

      Terms and Conditions for the contest

      1. This contest is open only to citizens and permanent residents of Singapore aged 21 and above.
      2. No purchase is required. Contestants will have to like our Facebook page
      3. Limited 1 entry person. Subsequent entries will be disqualified.
      4. Each correct entry will be limited to 1 lucky draw chance. 
      5. The winners of each lucky draw will be picked from all eligible entries.
      6. The qualifying period for this draw is 1st August 2016 – 31st August 2016.
      7. The lucky draw will be conducted electronically on 15th September 2016.
      8. Winners will be notified by 16th September 2016 via a prize notification email.
      9. Lucky Draws winner are required to respond within a week from notification date in order to be eligible winners. Winners that do not respond will be forfeited.
      10. We reserve the rights to deal with all unclaimed prizes in any manner deemed fit.
      11. Any personal information collected is for the sole purpose of conducting the Contest including the notification of the winners of the Contest. By participating in the Contest, participants consent to the Organiser’s use of their personal information in accordance with the terms and conditions of the Contest.
      12. We are not a supplier of the product(s) offered and shall not bear any liability in relation thereto.
      13. Akeles’ decision on all matters relating to the draws shall be final, binding and conclusive and no correspondence will be entertained.
      14. Participation of the Contest constitutes acceptance of the terms and conditions of the Contest.

      Share this post

    • Powering your Dev Teams Contest #1

      13 June 2016
      Comments are off for this post

      To celebrate our 8th year, we are organising a series of contests for the IT folks in Singapore.

      For the 1st month, 10 lucky winners with the correct answers will get to win a Allocacoc PowerCube Remote Original + PowerRemote each. 

      The submission will close on 30 June 2016 2359hrs Singapore time

        Your Name

        NRIC

        Your Email

        Phone number

        Your answer

        Which one of the following is a characteristic of Scrum projects?

        Focused on completing a deliverableAre often used by Support teams to manage a continuous flow of work itemsHave a variable-length delivery timeframeDevelopers work on issues whenever they decided to do so

        Security Check

        captcha
        Retype the character from the picture above

         

        I have read and agree to the terms and conditions below

         

        Terms and Conditions for the contest

        1. This contest is open only to citizens and permanent residents of Singapore aged 21 and above.
        2. No purchase is required. Contestants will have to like our Facebook page
        3. Limited 1 entry person. Subsequent entries will be disqualified.
        4. Each correct entry will be limited to 1 lucky draw chance. 
        5. The winners of each lucky draw will be picked from all eligible entries.
        6. The qualifying period for this draw is 1st June 2016 – 30th June 2016.
        7. The lucky draw will be conducted electronically on 15th July 2016.
        8. Winners will be notified by 16th July 2016 via a prize notification email.
        9. Lucky Draws winner are required to respond within a week from notification date in order to be eligible winners. Winners that do not respond will be forfeited.
        10. We reserve the rights to deal with all unclaimed prizes in any manner deemed fit.
        11. Any personal information collected is for the sole purpose of conducting the Contest including the notification of the winners of the Contest. By participating in the Contest, participants consent to the Organiser’s use of their personal information in accordance with the terms and conditions of the Contest.
        12. We are not a supplier of the product(s) offered and shall not bear any liability in relation thereto.
        13. Akeles’ decision on all matters relating to the draws shall be final, binding and conclusive and no correspondence will be entertained.
        14. Participation of the Contest constitutes acceptance of the terms and conditions of the Contest.

        Share this post

      • Confluence Page of the Month – CommonWealth of Massachusetts CommonWiki

        30 March 2016
        2 comments | Leave a comment

        The Confluence Page of the Month for March goes to a Template & Training page from CommonWealth of Massachusetts CommonWiki

        CommonWiki

        4 reasons why we like this page

        • The content is useful
        • The template files are attached to the page and versioned automatically
        • Using composition macro to group the content in various tabs
        • Using icon to denote the type of the file

        Share this post

      • 6 Reasons Why You Should Learn JIRA

        24 March 2016
        Comments are off for this post

        6 reasons why you should learn JIRA

        popular-smallPopular

        JIRA has become sort of a standard for keeping track of issues. In fact, over 70% of the Fortune 100 companies are using JIRA.

        I just did a search for JIRA on Indeed.com and found 10,947 positions available. The positions that requires JIRA expertise ranges from JIRA administrators, Scrum Masters, QA Analysts, Software Engineers, Project Managers to Service Desk Specialists, etc.

        useful-smallMulti-purpose

        Today JIRA has 3 different flavors

        • JIRA Core – for business teams to track tasks, approvals, legal reviews, marketing campaigns, etc
        • JIRA Software – for software teams to track bugs, system enhancements with features to support agile development
        • JIRA Service Desk – for helpdesks to track user problems and requests

        It is possible to mix and match the 3 applications to run on a single server and web address. This provides the flexibility for business teams, software teams and helpdesk teams to collaborate on the same platform. 

        Easy-smallEasy to Use

        The UI is intuitive and Atlassian provides very comprehensive user documentation on their Confluence site. You can extend the features from the big set of add-ons from Atlassian Marketplace.

        compliance-smallCompliance

        By using JIRA to track the issues, all the historical changes and discussions are captured in context to the issue. This provides visibility and traceability that makes audits less painful.

        time-saving-smallTime Saving

        Another side effect of using JIRA is that you can save time compiling reports and sending emails. With the reporting gadgets and automation add-ons, you can focus on getting the real work done.

        affordable-smallAffordable

        The server license for 10 users starts from US$10 with 1 year of annual support. If you wish to save the hassle of setting up your own server, you can also use the Cloud edition which goes for $10 per month for up to 10 users.

        JIRA training 2016

        Share this post

      • 8 Secrets How Successful People Get Work Done

        16 March 2016
        Comments are off for this post

        8 secrets successful people get their work done

        Have you always feel frustrated at the end of the week that you have accomplished nothing despite being busy for the entire week?

        I was inspired by Barking up the Wrong Tree to write how using an issue tracker can improve the way of getting work done by incorporating behavioural science theories.

        1. Attention is equal to Time 

        First, you need to be aware that your smartphones and inbox are huge time suckers to your productivity.

        Each new email or a notification is likely to distract you from what you are doing. Mobile notifications is the new evil with a constant flood of notifications from your group chats and apps.

        According to research, it takes an average of 23 minutes and 15 seconds to get back to the task after getting interrupted

        People who do a lot of attention switching, they believe they can focus when they need to, but the reality is they have lost that ability.
        When you give them a task that requires focus, they perform worse than people that don’t spend a lot of time fragmenting their attention.

        Bakadesuyo: How to focus

        Therefore, you might want to check your mails and mobiles after completion of a task. 

        2. Maintaining a list 

        According to research, an average human can only keep track of 7 ± 2 tasks in working memory

        Therefore it is better to use computers to keep track of your tasks. It helps to keep you organised and ensure no tasks get missed.

        3. Setting up a routine 

        Have you ever wondered why people will always remember to log in to check their Facebook or to play their mobile games?
        Well, they all send you notifications periodically to remind you to do so.

        So you can set up a reminder for yourself to check on the tasks that you need to do at the start of the day/week.

        4. Create small wins for yourself 

        The biggest difference between working and studying is there aren’t regular tests to tell you how good you are performing and to let you move to the next level.

        You need to create small wins for yourself to and your team have the feeling of progress.

        People’s inner work lives seemed to lift or drag depending on whether or not their projects moved forward, even by small increments.
        Small wins often had a surprisingly strong positive effect, and small losses a surprisingly strong negative one.

        Bakadesuyo: How to be motivated: 4 new insights from research

        Start having a report to see how many tasks you have accomplished at the end of the week.

        You will not feel nothing is done at the end of every week.

        5. Start to reduce shallow work 

        A mentor once shared with me the concept of “Death by a Thousand Paper Cuts”

        Similarly, small insignificant tasks consume your time and distract you from getting the real work done.

        Shallow work is little stuff like email, meetings, moving information around. Things that are not really using your talents.
        Deep work pushes your current abilities to their limits. It produces high value results and improves your skills.

        Bakadesuyo: How To Stop Being Lazy And Get More Done – 5 Expert Tips

        Instead of spending time to compile reports and filling time sheets, use tools to automate this to free up time to do meaningful work

        6. Learn how to say no 

        Do you know that a common characteristic of successful people is that they know how to say no at the right time.

        By asking your co-workers to log a task in the system for you, it makes them think harder whether it is necessary.

        This either helps you to filter unnecessary tasks or prepare the information for the task upfront.

        It also helps your superior to see your workload and balance the assignment accordingly. 

        7. What gets measured get done 

        Usually most of us work together as a group. Sometimes you need someone to complete a piece of work before you can work on it.

        If the task is passed over to you late, you will have less time to work on it. The worse scenario is that it interrupts you 

        Try to set a due date when assigning out a task and send automated reminders to chase them.

        8. Use the correct tool 

        A major limitation of using the Inbox to keep track of your tasks is that emails are sorted with the latest first.
        It creates a natural tendency to read and react to newer emails than to follow up on the earlier emails.

        Work should be FIFO (First In First Out), not LIFO (Last In First Out).

        If you keep on reacting upon those newer incoming tasks, your older tasks will eventually become urgent and get on top of you.  
        Then you will be pressured to rush finish those late tasks. 

        You might want to use a To-do list tool or issue tracker to manage your tasks.

        References

        You can find more useful tips and related information for the quotes and links referenced in this article below:

        1. http://www.bakadesuyo.com/2015/01/how-to-be-motivated/
        2. http://www.bakadesuyo.com/2015/12/how-to-focus/
        3. http://www.bakadesuyo.com/2014/08/how-to-stop-being-lazy/
        4. http://lifehacker.com/how-long-it-takes-to-get-back-on-track-after-a-distract-1720708353
        5. https://en.wikipedia.org/wiki/The_Magical_Number_Seven,_Plus_or_Minus_Two
        6. http://www.inc.com/jessica-stillman/4-steps-to-say-no-like-the-super-successful.html

        Share this post

      • Confluence Page of the Month – Lawrence Berkeley National Laboratory

        19 February 2016
        Comments are off for this post

        The Confluence Page of the Month for February goes to a Scheduled System Outage announcement from Lawrence Berkeley National Laboratory. 

        Berkeley Lab Scheduled Outage announcement

        4 reasons we like this page:

        1. The author took effort to add the logo of the affected system so that it can be identified easily
        2. Good use of blog to communicate time related announcements to users 
        3. Facilitate navigation by putting latest news and common links on the right sidebars
        4. Integrating with Google Calendar to show upcoming events

        Tip: You can select the image uploaded previously from the Confluence image browser

        Share this post

        •  

      Archives

      Categories

      Subscription Options:

      Subscribe via RSS