| Meeting IT Compliance mandates is an | | | | source code managed by your SCM tool. With |
| immediate goal faced by most organizations. | | | | manually-scripted build solutions: References |
| Through the use of ALM tools, IT | | | | to the source code may not be pointing to the |
| organizations can manage software | | | | SCM repository or even local build directory |
| requirements, track source code changes and | | | | where the SCM source code was checked out It |
| monitor software deployment. Regardless of | | | | can be extremely difficult to determine where |
| these tools, the process is not perfect | | | | the source code actually came from when the |
| because it is missing a critical component of | | | | compile executed Solve these problems with a |
| the software development lifecycle: the | | | | Build Management Solution that allows you to |
| application build. The application build | | | | enforce the "approved" versions of the |
| process is the final piece of the IT | | | | SCM-managed source code. You can further |
| compliance puzzle, and it is complicated by | | | | enforce your system with a Build Management |
| ad hoc build scripts written in Make or Ant | | | | tool that allows you to centralize the use of |
| XML. Ad hoc build scripts are the most common | | | | SOA and J2EE objects so that all developers |
| methods used to manage application builds, | | | | are using standard versions of these |
| yet they don't meet the four essential | | | | critical, reusable objects. 3) Manage |
| requirements of IT governance standards: | | | | Dependency Mining and Orchestration Managing |
| traceability auditability validation | | | | dependencies is the most critical process a |
| separation of workflow duties How can your | | | | Build Management Solution can provide. |
| organization meet the four essential | | | | Dependency orchestration provides a complete |
| requirements of IT governance standards in | | | | audit trail showing what source code and |
| the application build process? With three | | | | versions were used to create the final |
| very essential steps: 1) Implement a Build | | | | deployable objects. Dependencies can be |
| Configuration Management System Similar to | | | | difficult to trace and often impossible to |
| Source Code Configuration Management, Build | | | | understand with manual scripts. Find a Build |
| Configuration Management allows you to track, | | | | Management Solution that will ensure that |
| trace and manage the details about the build. | | | | when the build executes, a dependency |
| Using reusable build workflow technology, | | | | scanning tool watches exactly what is called |
| details about build configurations can be | | | | and used by the compilers and linkers. You |
| managed. Configuration details include: What | | | | will gain the ability to perform accurate |
| compile and link flags were used to build the | | | | incremental builds, review Dependency Impact |
| deployable object The restriction of debug | | | | Analyses, and create Footprints and Build |
| flags used in production builds The location | | | | Audit Reports that confirm matching source to |
| and version of the compiler and linker used | | | | executables every time, based on the actual |
| in the build These subtle configuration | | | | compile. There is no higher level of IT |
| changes can cause drastic differences in | | | | compliance that can be met. Without these |
| build results, and must be tracked, managed | | | | three basic steps you cannot accurately |
| and controlled. 2) Keep Source Code | | | | manage builds to a standard required by |
| Enforcement Securely Implemented Once you | | | | audits today. Scripting languages attempt to |
| have secured your source code in an SCM tool, | | | | address these three pillars, but struggle |
| it is critical to ensure that - when the | | | | because they rely on hard coding methods. |
| build occurs - it is actually using the | | | | |