Difference between jenkins and Urbancode build

What is the difference between jenkins and Urbancode build?

jenkins Urbancode build
Jenkins is open framework for automating the repeative tasks and has great plugins which can be used to create entire automated customized continous integration framework. Urbancode build(uBuild) is for automating the repeative tasks and has great limited sets of plugins which can be used to create entire automated continous integration flow.
Jenkins can deliver core CI loop: Detect a change, do a build, test, and deliver feedback and its open framework allows and can be used for software Deployment as well. Urbancode build(uBuild) can deliver core CI loop: Detect a change, do a build, test, and deliver feedback but it can be not be used for deployment. Urbancode Deploy(uDeploy) is another product by IBM which can be used for deployment.
Jenkins can be extended with Large sets of plugins https://plugins.jenkins.io/ Urbancode build(uBuild) can be extended with Limited sets of plugins https://developer.ibm.com/urbancode/plugins/
Jenkins is one of top active Open Source and free developed in Java. Urbancode build(uBuild) is properiety tool by IBM, previously known as Urbancode and developed in Java
Jenkins has plugins which needs extra learning curve by development teams for centrally defined templates Urbancode build(uBuild) has built-in Easy addition of new projects by development teams based on centrally defined templates
Jenkins has Dependency management and but not awareness. Build based on project relationships. Urbancode build(uBuild) has Dependency management and awareness. Build based on project relationships.

My Recommendation – Jenkins

Tagged : / / / /

What is the difference between terminating and stopping an EC2 instance?

terminating-and-stopping-an-ec2-instance

Answer

Terminate Instance

When you terminate an EC2 instance, the instance will be shutdown and the virtual machine that was provisioned for you will be permanently taken away and you will no longer be charged for instance usage. Any data that was stored locally on the instance will be lost. Any attached EBS volumes will be detached and deleted. However, if you attach an EBS Snapshot to an instance at boot time, the default option in the Dashboard is to delete the attached EBS volume upon termination.

Stop Instance

When you stop an EC2 instance, the instance will be shutdown and the virtual machine that was provisioned for you will be permanently taken away and you will no longer be charged for instance usage. The key difference between stopping and terminating an instance is that the attached bootable EBS volume will not be deleted. The data on your EBS volume will remain after stopping while all information on the local (ephemeral) hard drive will be lost as usual. The volume will continue to persist in its availability zone. Standard charges for EBS volumes will apply. Therefore, you should only stop an instance if you plan to start it again within a reasonable timeframe. Otherwise, you might want to terminate an instance instead of stopping it for cost saving purposes.

The ability to stop an instance is only supported on instances that were launched using an EBS-based AMI where the root device data is stored on an attached EBS volume as an EBS boot partition instead of being stored on the local instance itself. As a result, one of the key advantages of starting a stopped instance is that it should theoretically have a faster boot time. When you start a stopped instance the EBS volume is simply attached to the newly provisioned instance. Although, the AWS-id of the new virtual machine will be the same, it will have new IP Addresses, DNS Names, etc. You shouldn’t think of starting a stopped instance as simply restarting the same virtual machine that you just stopped as it will most likely be a completely different virtual machine that will be provisioned to you.

Tagged : / / / / / / /

Difference between Code Coverage and Test Coverage | Code Coverage VS Test Coverage

code-coverage-and-test-coverage-difference

There is not any official distinguished between code Coverage and Test Coverage. Some practitioner has expressed their difference opinion in terms of defining Code Coverage and Test Coverage.
Code coverage and test coverage metrics are both measurements that can be seful to assess the quality of your application code. Code coverage is a term to describe which application code is exercised when the application is running.

Whereas Test coverage refers to metrics in an overall test-plan. In this expert  response, you’ll learn how quality assurance professionals use both of these metrics effectively.

Another definition found over the google search as below;
Code coverage is a measure of how much code is executed during testing &
Test coverage is a measure of how many test cases have been executed during testing.

Lets know about  Code Coverage by definition more in details.
In computer science, code coverage is a measure used to describe the degree to which the source code of a program is tested by a particular test suite. A program with high code coverage has been more thoroughly tested and has a lower chance of containing software bugs than a program with low code coverage. Many different metrics can be used to calculate code coverage; some of the most basic are the percent of program subroutines and the percent of program statements called during execution of the test suite.

Basic coverage criteria

There are a number of coverage criteria, the main ones being:

  • Function coverage – Has each function (or subroutine) in the program been called?
  • Statement coverage – Has each statement in the program been executed?
  • Branch coverage – Has each branch (also called DD-path) of each control structure (such as in if and case statements) been executed? For example, given an if statement, have both the true and false branches been
  • executed? Another way of saying this is, has every edge in the program been executed?
  • Condition coverage (or predicate coverage) – Has each Boolean sub-expression evaluated both to true and false?

[Taken from Wikipedia]

Simply put, code coverage is a way of ensuring that your tests are actually testing your code. When you run your tests you are presumably checking that you are getting the expected results. Code coverage will tell you how much of your code you exercised by running the test. Your tests may all pass with flying colours, but if you’ve only tested 50% of your code, how much confidence can you have in it?

Tagged : / / / / / / / / / / /

How to Differentiate Dynamic code analysis and Static code analysis?

static-dynamic-code-analysis-difference

Difference between dynamic code analysis and static code analysis

Static analysis is the testing and evaluation of an application by examining the code without executing the application whereas Dynamic analysis is the testing and evaluation of an application during runtime.

Many software defects that cause memory and threading errors can be detected both dynamically and statically. The two approaches are complementary because no single approach can find every error.

The primary advantage of dynamic analysis: It reveals subtle defects or vulnerabilities whose cause is too complex to be discovered by static analysis. Dynamic analysis can play a role in security assurance, but its primary goal is finding and debugging errors.

Level of in-depth review

The key difference between a static and dynamic code analyser is the how in-depth the code review

process is. By default, static code analysis combs through every single line of source code to find flaws and errors. For dynamic analysis, the lines of code that get reviewed depend upon which lines of source code are activated during the testing process. Unless a line of code is interacted with, the dynamic analysis tool will ignore it and continue checking active codes for flaws. As a result, dynamic analysis is a lot quicker since it is able to review code on the fly and generates real-time data. However, static code analysis provides peace of mind that each and every line of source code has been thoroughly inspected. It may take longer, but static code analysis runs in the background and is crucial for creating a flawless web application.

 

Catching errors early and making recommendations

The primary advantage of static analysis: It examines all possible execution paths and variable values, not just those invoked during execution. Thus static analysis can reveal errors that may not manifest themselves until weeks, months or years after release. This aspect of static analysis is especially valuable in security assurance, because security attacks often exercise an application in unforeseen and untested ways.

As mentioned before, dynamic analysis reviews codes during the testing process and generates real-time results. While it is great for fine-tuning the user experience, it has one major drawback: any errors highlighted by dynamic code analysis tools requires developers to go all the way back to the source code, make changes to the code itself and then make changes to everything that has been modified as a result of changing the source code. This is a very time consuming and expensive process; one that companies and developers like to avoid at all costs. Static code analysis tools highlight any errors immediately and allow developers to makes changes before proceeding any further. Moreover, static code analysis tools are more feature-packed than their dynamic counterparts. One important feature is the number of errors it can detect and the recommendations it can make to fix that error. If configured, static code analysers can automatically make the required changes and let developers know what changes have been made.

 

Cost of code analysis tools

Just like any other business, software application companies have to find a fine balance between application costs and profit margins. With respect to price, static code analysis tools are always cheaper than dynamic analysers. Moreover, having a dynamic code analyser requires a company to hire professionals trained in the use of dynamic analysis tools. A static code analysis tool can be used by any web developer with ease, thus guaranteeing that it won’t turn out to be a long-term expenditure.

Static code analysers are absolutely essential for application developers, whereas dynamic code analysers can only be used in conjunction with static analysis tools.

 

Tagged : / / / / / / / / / / /

Dynamic code analysis VS Static code analysis

dynamic-code-analysis-vs-static-code-analysis

Difference between dynamic code analysis and static code analysis

Static analysis is the testing and evaluation of an application by examining the code without executing the application whereas Dynamic analysis is the testing and evaluation of an application during runtime.

Many software defects that cause memory and threading errors can be detected both dynamically and statically. The two approaches are complementary because no single approach can find every error.

The primary advantage of dynamic analysis: It reveals subtle defects or vulnerabilities whose cause is too complex to be discovered by static analysis. Dynamic analysis can play a role in security assurance, but its primary goal is finding and debugging errors.

Level of in-depth review

The key difference between a static and dynamic code analyser is the how in-depth the code review

process is. By default, static code analysis combs through every single line of source code to find flaws and errors. For dynamic analysis, the lines of code that get reviewed depend upon which lines of source code are activated during the testing process. Unless a line of code is interacted with, the dynamic analysis tool will ignore it and continue checking active codes for flaws. As a result, dynamic analysis is a lot quicker since it is able to review code on the fly and generates real-time data. However, static code analysis provides peace of mind that each and every line of source code has been thoroughly inspected. It may take longer, but static code analysis runs in the background and is crucial for creating a flawless web application.

 

Catching errors early and making recommendations

The primary advantage of static analysis: It examines all possible execution paths and variable values, not just those invoked during execution. Thus static analysis can reveal errors that may not manifest themselves until weeks, months or years after release. This aspect of static analysis is especially valuable in security assurance, because security attacks often exercise an application in unforeseen and untested ways.

As mentioned before, dynamic analysis reviews codes during the testing process and generates real-time results. While it is great for fine-tuning the user experience, it has one major drawback: any errors highlighted by dynamic code analysis tools requires developers to go all the way back to the source code, make changes to the code itself and then make changes to everything that has been modified as a result of changing the source code. This is a very time consuming and expensive process; one that companies and developers like to avoid at all costs. Static code analysis tools highlight any errors immediately and allow developers to makes changes before proceeding any further. Moreover, static code analysis tools are more feature-packed than their dynamic counterparts. One important feature is the number of errors it can detect and the recommendations it can make to fix that error. If configured, static code analysers can automatically make the required changes and let developers know what changes have been made.

 

Cost of code analysis tools

Just like any other business, software application companies have to find a fine balance between application costs and profit margins. With respect to price, static code analysis tools are always cheaper than dynamic analysers. Moreover, having a dynamic code analyser requires a company to hire professionals trained in the use of dynamic analysis tools. A static code analysis tool can be used by any web developer with ease, thus guaranteeing that it won’t turn out to be a long-term expenditure.

Static code analysers are absolutely essential for application developers, whereas dynamic code analysers can only be used in conjunction with static analysis tools.

 

Tagged : / / / / / / / / / / / / / / / /

Difference between dynamic code analysis and static code analysis

difference-dynamic-code-analysis-and-static-code-analysis

Difference between dynamic code analysis and static code analysis

Static analysis is the testing and evaluation of an application by examining the code without executing the application whereas Dynamic analysis is the testing and evaluation of an application during runtime.

Many software defects that cause memory and threading errors can be detected both dynamically and statically. The two approaches are complementary because no single approach can find every error.

The primary advantage of dynamic analysis: It reveals subtle defects or vulnerabilities whose cause is too complex to be discovered by static analysis. Dynamic analysis can play a role in security assurance, but its primary goal is finding and debugging errors.

Level of in-depth review

The key difference between a static and dynamic code analyser is the how in-depth the code review

process is. By default, static code analysis combs through every single line of source code to find flaws and errors. For dynamic analysis, the lines of code that get reviewed depend upon which lines of source code are activated during the testing process. Unless a line of code is interacted with, the dynamic analysis tool will ignore it and continue checking active codes for flaws. As a result, dynamic analysis is a lot quicker since it is able to review code on the fly and generates real-time data. However, static code analysis provides peace of mind that each and every line of source code has been thoroughly inspected. It may take longer, but static code analysis runs in the background and is crucial for creating a flawless web application.

 

Catching errors early and making recommendations

The primary advantage of static analysis: It examines all possible execution paths and variable values, not just those invoked during execution. Thus static analysis can reveal errors that may not manifest themselves until weeks, months or years after release. This aspect of static analysis is especially valuable in security assurance, because security attacks often exercise an application in unforeseen and untested ways.

As mentioned before, dynamic analysis reviews codes during the testing process and generates real-time results. While it is great for fine-tuning the user experience, it has one major drawback: any errors highlighted by dynamic code analysis tools requires developers to go all the way back to the source code, make changes to the code itself and then make changes to everything that has been modified as a result of changing the source code. This is a very time consuming and expensive process; one that companies and developers like to avoid at all costs. Static code analysis tools highlight any errors immediately and allow developers to makes changes before proceeding any further. Moreover, static code analysis tools are more feature-packed than their dynamic counterparts. One important feature is the number of errors it can detect and the recommendations it can make to fix that error. If configured, static code analysers can automatically make the required changes and let developers know what changes have been made.

 

Cost of code analysis tools

Just like any other business, software application companies have to find a fine balance between application costs and profit margins. With respect to price, static code analysis tools are always cheaper than dynamic analysers. Moreover, having a dynamic code analyser requires a company to hire professionals trained in the use of dynamic analysis tools. A static code analysis tool can be used by any web developer with ease, thus guaranteeing that it won’t turn out to be a long-term expenditure.

Static code analysers are absolutely essential for application developers, whereas dynamic code analysers can only be used in conjunction with static analysis tools.

 

Tagged : / / / / / / / / / / / / /

Static vs dynamic code analysis: Advantages and Disadvantages

static-vs-dynamic-code-analysis-advantages-and-disadvantages

What are the advantages and limitations of static and dynamic software code analysis? Maj. Michael Kleffman of the Air Force’s Application Software Assurance Center of Excellence spelled it out.

Static code analysis advantages:

  1. It can find weaknesses in the code at the exact location.
  2. It can be conducted by trained software assurance developers who fully understand the code.
  3. It allows a quicker turn around for fixes.
  4. It is relatively fast if automated tools are used.
  5. Automated tools can scan the entire code base.
  6. Automated tools can provide mitigation recommendations, reducing the research time.
  7. It permits weaknesses to be found earlier in the development life cycle, reducing the cost to fix.

Static code analysis limitations:

  1. It is time consuming if conducted manually.
  2. Automated tools do not support all programming languages.
  3. Automated tools produce false positives and false negatives.
  4. There are not enough trained personnel to thoroughly conduct static code analysis.
  5. Automated tools can provide a false sense of security that everything is being addressed.
  6. Automated tools only as good as the rules they are using to scan with.
  7. It does not find vulnerabilities introduced in the runtime environment.

Dynamic code analysis advantages:

  1. It identifies vulnerabilities in a runtime environment.
  2. Automated tools provide flexibility on what to scan for.
  3. It allows for analysis of applications in which you do not have access to the actual code.
  4. It identifies vulnerabilities that might have been false negatives in the static code analysis.
  5. It permits you to validate static code analysis findings.
  6. It can be conducted against any application.

Dynamic code analysis limitations:

  1. Automated tools provide a false sense of security that everything is being addressed.
  2. Automated tools produce false positives and false negatives.
  3. Automated tools are only as good as the rules they are using to scan with.
  4. There are not enough trained personnel to thoroughly conduct dynamic code analysis [as with static analysis].
  5. It is more difficult to trace the vulnerability back to the exact location in the code, taking longer to fix the problem.
Tagged : / / / / / / / / / / / / / / /

Why Git is Better than X | Git or X

why-git-is-better-than-x

Cheap Local Branching

svn perforce

Everything is Local

bzr svn perforce

Git is Fast

hg bzr svn perforce

The Staging Area

svn perforce

Distributed

svn perforce

Any Workflow

hg svn perforce

GitHub

perforce

Easy to Learn

hg bzr svn perforce

Git is the new standard

Tagged : / / / / / / / / / / / / /

Comparison Between UCC, CLOC, POWERSOFTWARE,EZ-Metrics and Metrixware

ucc-vs-cloc-vs-powersoftware-vs-ez-metrics-vs-metrixware

Unified CodeCount (UCC) CLOC POWERSOFTWARE EZ-Metrics Metrixware
Languages
C/C++, C#, Java, SQL, Ada, Perl, ASP, ASP.NET, JSP, CSS, HTML, JavaScript, VB, and VbScript YES – All ADA, Assembly, ASP, C#, C/C++, CSS, Fortran, IDL, HTML, Java, JavaScript, JSP, Perl, PHP, PL/SQL, PowerBuilder, Python, Ruby, ShellScript, Textfiles, VB6 / VB.NET / VBScript, VHDL, Windows Batch and XML YES ALL
Platforms
Windows & Linux Linux 2.6.9, Unix, Mac OS X, Windows 9x/Me/XP/Vista, Solaris BOTH Windows, Linux planned but no date Both
Baselines comparison
How the tool manages folder hierarchy changes? The tool tries to match files between two baselines using filenames. As such, two files having the same name in different folder structures can be matched. The tool also detects to match and compare files if the folder is changed while filenames of the files contained in the folder are kept the same. NA No information NA
How the tool manages files which are renamed? Currently, the tool does not handle files renamed. However, if the file is renamed but its content does not change, the tool considers it as a duplicate. NA No information NA
How the tool manages files or block swapping? We have not handled swapping blocks of code yet. If the code is copied from one place to another, it is considered as deleted and added. If files are swapped and its filename does not change, the tool can match and compare them. Available No information Available
What is the algorithm used for line change detection? For comparing between lines, we detect the number of common characters between them and determine whether they are modified or deleted using a threshold. This threshold can be specified through a parameter named –t. For detecting bulk of changed or added code, we implemented our own algorithm for detecting longest common sequences. I am sorry, it is quite complex to be described in this email. We are documenting it in detail, and if you are interested I can send you a copy after it is completed. SLOC, PERL Mod No information NA
Miscellaneous
GUI & CLI CLI CLI Both but separate products GUI
CSV & XML Output Only TXT XML HTML, CSV, RAW XML data YES
Provide Qualitative metrics? No. The tool is focused on software size metrics. NO yes but separate product YES
Price Open Source Open Source KEPM (which includes EPM) costs 1,995 USD for a single license or 4,995 for a 5-user license Commericial
Frequency of the releases No information in net Regular One minor/Major release per month or 2 months.
Date of last release December,2009 Apr-10 16-Mar-10
Press on the net Not many reviews available in net Nope
Integration with quality platform Provides different language source for the integration. Nope
Recommend NO Yes No No
Algorithm confidence The total sizing of analyzed source code files in terms the SLOC count contains the highest degree of confidence. However, the sizing information pertaining to the sub classifications (compiler directives, data lines, executable lines) has a somewhat lower level of confidence associated with them.

Misclassifications of the sub classifications of SLOC may occur due to:

(1) user modifications to the UCC tool,
(2) syntax and semantic enhancements to the parsed programming language,
(3) exotic usage of the parsed programming language, and
(4) integrity of the host platform execution environment.

SLOC algorithm with perl string handling features and SPAN mdoules NA
Advantages / Drawbacks / Comments Output not according to our need.
Limited Output Format
Delta is not useful
Low Processing speed
Output according to our need.
Output in many form(CSV, XML, TXT and Mysql)
Delta is useful according to our needs
Fast processing
I tried 30 days trial version. They given web based account/dashboard to add src file and generate output. Which was not functional and could not test it functionality in details. Basic functionality is not working.
Tagged : / / / / / / / / / / / / / / / /