Technical Strategy - amitbhilagude/userfullinks GitHub Wiki

  1. Tech Debt Framework

    1. Overview
      1. Technical Debt is an area of improvement in the mature applications.
      2. This item will improve the application continuously and help to innovate faster and release new features without additional complexity.
      3. As per SAFe, Dedicated capacity should be allocated in each sprint to focus on the Tech Debt. Range should be between 20% to 60%.
    2. What includes in Tech debt
      1. All NFR requirements e.g. Azure Well-architected Framework pillars
      2. Old Framework
      3. Old Tooling
      4. Code Refactoring
      5. Improvement in any area
      6. Test coverage like missing unit test cases, Automation etc.
    3. Measuring Tech debt
      1. Best way to measure tech debt is to use each pillar and set a grade for application. e.g. A is the highest grade and it can lower down to E.
      2. There should be an automated way to measure these grades for you application using tools like Sonarqube, Checkmarx, Blackduck, etc.
      3. Reliability Measuring
        1. can be measured using Operations feedback, Customer incident frequency, Error rate, SonarQube Reliability grade
      4. Security Measuring
        1. Can be measured using Sonarqube, Blackduck, and Checkmarx
      5. Operational Excellence and Testablitly
        1. can be measured using unit testing coverage is done using Sonarqube
      6. Performance\Scalablity
        1. can be measured based on load testing reports, Production monitoring, customer feedback

  2. Architecture Review Framework

    1. Overview
      1. Review the architecture of existing products or new Products.
      2. New Product architecture to be reviewed which is compliance with Microsoft recommendations, Organisational Best Practices
      3. Existing product which is releasing new feature or issue in existing architecture that is creating problems in Production/load testing.
    2. Framework Template
      1. Set of artifacts to be products in the first review based on Well-Architected Framework, Cloud Adaption Framework etc.
      2. Reliability :
        1. Infrastructure overview e.g. ARM template viewer or Lucidchart? Cost report.
        2. Azure Cost Analysis Report e.g. Sample Report and Advisor Recommendation Report
        3. Incidents and failed releases report e.g. Report CI/CD Pipelines description
        4. Data/Storage architecture e.g. Database Diagram in SQL
        5. Advisor Score Report. Advisor Score Report e.g. Sample Report
      3. Security
        1. Threat model Link
        2. Checkmarx Report
        3. Blackduck hub report
        4. Pen Testing Report
        5. Azure Security Posture Score Report Link e.g. Sample report and Recommendation Report
        6. WAF Rules and Policies Report
      4. Performance
        1. Application map report to find out performance bottleneck Link e.g. Sample Report
        2. APM tool report e.g. Azure Application Insights Dashboard report Link Sample Report
        3. Profiling tool e.g. Visual studio profiling tool Link like CPU, Memory, DB and Async performance
      5. Testing
        1. coverage expectations
        2. load\Performance testing Report
        3. Regression Testing Automation
        4. Functional Testing Automation
        5. Unit Testing Automation
      6. Maintainability
        1. Sonarqube report
      7. Organisational Standards
        1. Tooling to choose
        2. Third-party license to use
        3. Recommended nuget packages
        4. any other standards for naming convention, tagging etc.

  3. Security Review Framework

  4. DevSecOps Framework

    1. Branching Strategy: GitFlow and Code review
    2. Build Strategy with Quality gates
      1. Build Quality: Unit Testing automation, Static code analysis, Scanning with security tool like Checkmarx and black duck
    3. Release strategy
      1. Stages per Environment
      2. Smoke Testing automating
      3. API Testing Automation
      4. Functional Automation

  5. Coding Best Practices

    1. c# coding conventions : https://learn.microsoft.com/en-us/dotnet/csharp/fundamentals/coding-style/coding-conventions
    2. Secure Coding: https://learn.microsoft.com/en-us/dotnet/standard/security/secure-coding-guidelines
    3. SOLID Principals https://learn.microsoft.com/en-us/archive/msdn-magazine/2014/may/csharp-best-practices-dangers-of-violating-solid-principles-in-csharp

  6. Architecture Best Practices

    1. Well-architected Framework
    2. Cloud adaption framework

  7. ARB