Secure Development
JustOn software, like JustOn Billing & Invoice Management or JustOn Cash Management, runs as integrated application on the Salesforce Platform and Heroku, the cloud-based platforms for software development and operation from Salesforce. As JustOn software is developed using the features provided by Salesforce Platform and Heroku, the development approach fully complies with the platforms' application lifecycle management guidelines.
Software Development
The JustOn GmbH manages the software development using Atlassian Jira, a common system for project and issue tracking.
For new functionality to be developed, we create "stories" or "tasks" – depending on the scope – in Jira. They provide the following information:
- Description
- Purpose or objective, target group
- Acceptance criteria, requirements
- Effort estimation
Example of a development task tracked in Jira
Based on this data, we plan the tasks to be completed in the next development phase ("sprint").
Sprint planning example in Jira
Software defects are also reported and tracked in Jira as "bugs". These issues provide the following information:
- Description
- Steps to reproduce the error
- Current behavior
- Expected behavior, possible additional acceptance criteria or requirements
- Possible workarounds
Example of a software defect tracked in Jira
Bugs are also prioritized and scheduled to be fixed in the sprints.
There are the following defect classes:
| Defect Class | Description |
|---|---|
| Blocker | Severe error that prevents the system from operating; must be corrected immediately |
| Critical | Error with considerable impact, but not preventing the system from operating; must be fixed in the current sprint |
| Major | Error that affects a single feature; to be fixed in the next (or a later) sprint |
| Minor | Error that does not affect the operation of the system or individual features |
Quality Assurance and Release
New features and bug fixes are automatically checked during the development process with so-called module tests. After completion, the developers execute functional acceptance tests in their development environments. Integrating the different development branches creates a new, complete software version, which is also functionally tested by the developers in their own environments. Finally, the Customer Success agents test this complete software version in "sandboxes" (non-productive copies of customer environments).
This approach corresponds to the software development and operation guidelines for the cloud platform Salesforce Platform, see Application Lifecycle Management.
Test criteria include the acceptance criteria and functional or technical requirements as defined in the stories and tasks or, respectively, bugs (see examples for development tasks and defects in Software Development). The test results are documented directly in the relevant Jira issue. Testers mark the requirements or test steps accordingly and add their comments.
Only after successfully completing all tests, the new software version is released in Salesforce AppExchange. This procedure includes an additional security review (see Pass the AppExchange Security Review) before actually publishing the software.
JustOn's development process
| Development Step | Environment | Role |
|---|---|---|
| Requirements engineering, prioritization, planning | Confluence, Jira | COO, developers |
| Development, automatic module tests, regression tests | Salesforce Platform development environment | Developers |
| Integration | Salesforce Platform development environment | Lead developer |
| Acceptance tests | Salesforce Platform development environment or Salesforce sandbox | Developers or Customer Success agents |
| Release | Salesforce AppExchange | COO |
Code Security
The JustOn source code is securely stored in Atlassian Bitbucket Cloud, a cloud-based system for code management. It archives all versions and variants of the source code, along with time stamps and user identifiers.
The JustOn GmbH benefits from the following security-relevant Bitbucket features:
Change tracking: It is always possible to see which user has made which changes at what time.
Recovering previous versions of particular files: This allows to undo unwanted changes at any time.
Archiving individual stages of a project: This allows to access all versions at any time.
Furthermore, the JustOn GmbH leverages the option to control the shared access to the code between multiple developers and the parallel development in multiple branches.
Overview page of a software project saved in Bitbucket