| Meeting IT Compliance mandates is an immediate goal | | | | manually-scripted build solutions: References to the |
| faced by most organizations. Through the use of ALM | | | | source code may not be pointing to the SCM |
| tools, IT organizations can manage software | | | | repository or even local build directory where the SCM |
| requirements, track source code changes and monitor | | | | source code was checked out It can be extremely |
| software deployment. Regardless of these tools, the | | | | difficult to determine where the source code actually |
| process is not perfect because it is missing a critical | | | | came from when the compile executed Solve these |
| component of the software development lifecycle: the | | | | problems with a Build Management Solution that allows |
| application build. The application build process is the final | | | | you to enforce the "approved" versions of the |
| piece of the IT compliance puzzle, and it is complicated | | | | SCM-managed source code. You can further enforce |
| by ad hoc build scripts written in Make or Ant/XML. Ad | | | | your system with a Build Management tool that allows |
| hoc build scripts are the most common methods used | | | | you to centralize the use of SOA and J2EE objects |
| to manage application builds, yet they don't meet the | | | | so that all developers are using standard versions of |
| four essential requirements of IT governance | | | | these critical, reusable objects. 3) Manage Dependency |
| standards: traceability auditability validation separation | | | | Mining and Orchestration Managing dependencies is |
| of workflow duties How can your organization meet | | | | the most critical process a Build Management Solution |
| the four essential requirements of IT governance | | | | can provide. Dependency orchestration provides a |
| standards in the application build process? With three | | | | complete audit trail showing what source code and |
| very essential steps: 1) Implement a Build Configuration | | | | versions were used to create the final deployable |
| Management System Similar to Source Code | | | | objects. Dependencies can be difficult to trace and |
| Configuration Management, Build Configuration | | | | often impossible to understand with manual scripts. Find |
| Management allows you to track, trace and manage | | | | a Build Management Solution that will ensure that when |
| the details about the build. Using reusable build | | | | the build executes, a dependency scanning tool |
| workflow technology, details about build configurations | | | | watches exactly what is called and used by the |
| can be managed. Configuration details include: What | | | | compilers and linkers. You will gain the ability to perform |
| compile and link flags were used to build the | | | | accurate incremental builds, review Dependency |
| deployable object The restriction of debug flags used | | | | Impact Analyses, and create Footprints and Build Audit |
| in production builds The location and version of the | | | | Reports that confirm matching source to executables |
| compiler and linker used in the build These subtle | | | | every time, based on the actual compile. There is no |
| configuration changes can cause drastic differences in | | | | higher level of IT compliance that can be met. Without |
| build results, and must be tracked, managed and | | | | these three basic steps you cannot accurately |
| controlled. 2) Keep Source Code Enforcement | | | | manage builds to a standard required by audits today. |
| Securely Implemented Once you have secured your | | | | Scripting languages attempt to address these three |
| source code in an SCM tool, it is critical to ensure that - | | | | pillars, but struggle because they rely on hard coding |
| when the build occurs - it is actually using the source | | | | methods. |
| code managed by your SCM tool. With | | | | |