| Meeting IT Compliance mandates is an immediate goal | | | | SCM tool. |
| faced by most organizations. | | | | With manually-scripted build solutions: |
| Through the use of ALM tools, IT organizations can | | | | References to the source code may not be pointing to |
| manage software requirements, track source code | | | | the SCM repository or even local build directory where |
| changes and monitor software deployment. | | | | the SCM source code was checked out |
| Regardless of these tools, the process is not perfect | | | | It can be extremely difficult to determine where the |
| because it is missing a critical component of the | | | | source code actually came from when the compile |
| software development lifecycle: the application build. | | | | executed |
| The application build process is the final piece of the IT | | | | Solve these problems with a Build Management |
| compliance puzzle, and it is complicated by ad hoc build | | | | Solution that allows you to enforce the "approved" |
| scripts written in Make or Ant/XML. Ad hoc build | | | | versions of the SCM-managed source code. |
| scripts are the most common methods used to | | | | You can further enforce your system with a Build |
| manage application builds, yet they don't meet the four | | | | Management tool that allows you to centralize the use |
| essential requirements of IT governance | | | | of SOA and J2EE objects so that all developers are |
| standards:traceabilityauditabilityvalidationseparation of | | | | using standard versions of these critical, reusable |
| workflow duties | | | | objects. |
| How can your organization meet the four essential | | | | 3) Manage Dependency Mining and Orchestration |
| requirements of IT governance standards in the | | | | Managing dependencies is the most critical process a |
| application build process? With three very essential | | | | Build Management Solution can provide. Dependency |
| steps: | | | | orchestration provides a complete audit trail showing |
| 1) Implement a Build Configuration Management | | | | what source code and versions were used to create |
| System | | | | the final deployable objects. |
| Similar to Source Code Configuration Management, | | | | Dependencies can be difficult to trace and often |
| Build Configuration Management allows you to track, | | | | impossible to understand with manual scripts. Find a |
| trace and manage the details about the build. Using | | | | Build Management Solution that will ensure that when |
| reusable build workflow technology, details about build | | | | the build executes, a dependency scanning tool |
| configurations can be managed. | | | | watches exactly what is called and used by the |
| Configuration details include: | | | | compilers and linkers. |
| What compile and link flags were used to build the | | | | You will gain the ability to perform accurate |
| deployable object | | | | incremental builds, review Dependency Impact |
| The restriction of debug flags used in production builds | | | | Analyses, and create Footprints and Build Audit |
| The location and version of the compiler and linker | | | | Reports that confirm matching source to executables |
| used in the build | | | | every time, based on the actual compile. |
| These subtle configuration changes can cause drastic | | | | There is no higher level of IT compliance that can be |
| differences in build results, and must be tracked, | | | | met. |
| managed and controlled. | | | | Without these three basic steps you cannot |
| 2) Keep Source Code Enforcement Securely | | | | accurately manage builds to a standard required by |
| Implemented | | | | audits today. Scripting languages attempt to address |
| Once you have secured your source code in an SCM | | | | these three pillars, but struggle because they rely on |
| tool, it is critical to ensure that - when the build occurs - | | | | hard coding methods. |
| it is actually using the source code managed by your | | | | |