автоматизоване тестування

The article examines the relevance of integrating source code analysis tools, specifically Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), into modern secure software development processes based on the innovative DevSecOps methodology. A review of scientific approaches and current practices for integrating security tools into CI/CD pipelines is provided, analyzing the advantages and limitations of SAST and DAST, as well as outlining trends in the development of combined security methods.

This article examines the current state of issues in working with APIs of various systems. The most common methodologies (Agile and DevOps), methods, and tools for building automated pipelines for project assembly and testing were analyzed, and a general pipeline structure was presented, which serves as a starting point for project development. As a result of analyzing surveys of developers and DevOps engineers, key problems in integration between different systems using APIs were identified.

This article analyzes the use of contract testing to verify the compatibility of two components, specifically web servers that use an Application Programming Interface (API) for data transmission.

Additionally, the article includes a comparison of APIs and contract tests and describes cases where the latter have an advantage. A contract structure for contract testing is described.