czwartek, 24 lutego 2022

Figma (online blackboard)

For several years I have been working remotely in a fully distributed team. Working in a distributed team means that sometimes we need tools that we would not normally need. An example of such a situation is the simultaneous work of several people at the blackboard.

Everyone who has worked in a programming team knows how useful a blackboard can be, where two or more developers can come and start writing and explaining various problems at the same time.

One of the tools that is trying to replace the table for distributed teams is the Figma application. We used it yesterday in our Scrum retrospective and it generally worked. The team decided that the tool is ok and it lived up to its opinion, so I leave a note on the blog here if I ever look for a name for this solution in the future.


Links:

piątek, 18 lutego 2022

OWASP ZAP

Yesterday I was at a local .net group meeting. One of the presentations was about automatic tools for improving code quality. The first of the presented tools was the SonarQube that is a tool for static code analize that I know and use. The second presented tool for dynamic UI testing in terms of security was OWASP ZAP. It is a "proxy" tool, i.e. it is used to place it between the browser and the visited page, which can view or modify information sent from / to the browser. If anyone has used Fiddler, know what a "browser proxy" is (same type of tool but improved).

OWASP ZAP in the default mode is used to make the user use the page in "normal" mode, and the tool underneath checks for any security vulnerabilities. If someone uses Selenium for automatic tests, then by connecting OWASP ZAP gets additional safety tests.

It is also possible to run OWASP ZAP from the script level, which makes it possible to insert it into the CI / CD tool or to generate a weekly report. It is recommended to test on a different instance than production / test because full tests can take a long time and generate server load.

Tool is Open Source and supported by Community.

Summary:

We have 3 main modes: 

  • the user clicks on the page himself (useful when we have an automatic tester using Selenium) 
  • basic scanning mode (useful to plug into a CI / CD tool and test automatically, e.g. with a larger deploy)
  • full scan mode (takes a long time, so it should be done on a separate server in a night task mode).

Linki:

piątek, 4 lutego 2022

SonarQube

SonarQube is a tool for static analise of code. It detects bugs, security issues, copied code blocks, unit test covarege and other code smells. It have a great feature for multiple work configuration, in example "full project" and "new code" analise. This is a great option for supporting and attaching this for old software written years ago. 

In my current project we have integrated this tool into Azure Pipelines so we run this on each merge on branch master (what is a good solution). SonarQube also have a plugin into Visual Studio that we can see our bugs when we code.

My opinion: This is a tool that we needed few years ago in one of my previous companies. I regret that I don't know this tool earlier.


Links:

Official website

Project page on wikipedia

czwartek, 14 lutego 2019

Swagger.io

Good tool for creating JSON API documentation with included free tool for test this API. It is compatiblie with .net core 2.0 API (and .net core 2.0 web app with json result) and for me this is a good choice. It's also free for commercial use (GNU GPL licence) that makes it very useful.
Direct link to tool -> https://swagger.io/

piątek, 25 maja 2018

Setting Different Colors for Connections in SSMS

New  (for me) "killer feature" of SQL Server Managment Studio: Setting different colors for different servers in SSMS. This can reduce some "lunch test script on production" bugs. 

More details here: http://www.sqlservercentral.com/articles/Management+Studio+(SSMS)/101920/

p.s. it's a small thing that make me happy ;-)

sobota, 7 kwietnia 2018

Alternative To

Do you ever wonder what is an alternative software to one, that you are familiar with, but in some reasons you can't use it?
In example, adobe pdf reader is free to home use but can't be used as embedded in your app and can't be run on company server (due to its licence).

In that situations we need to look for alternatives. We can use google.com or duckduckgo.com for searching our alternative programs, but we can also use dedicated site created for that purpose: alternativeto.net

Postman

In current web development most communication between systems is done using API. In most cases it is REST API.

When working with external API or even when we need to set API for somebody else it would be great to have some good tool for REST API testing. And here comes Postman.   

Postman is free tool for REST API testing, with many functions, easy GUI, and ready for automation testing. Many web developers already use this tool (in example me) and I recommend you to test and maybe you too will start using it in you current work.

External links:
getpostman.com -> website where you can get postman tool