Because of the wide use of containers by developers to build and deploy applications, organizations need to be sure they have the right tools and processes in place to test applications built with containers.
Testing is not only done to ensure applications built with application containers actually work as expected; modern testing regimens also include checking for potential security risks as well as overall application resiliency.
Here are five key recommendations for effectively managing and testing container-based application development activities:
1. Start with a baseline scan using a third-party tool or service. A good place to start is by scanning containers for potential risks, Ron Powell, manager of Marketing Insights and Strategy at CircleCI, told ITPro Today.
"Upon discovery of vulnerabilities, start building a strategy for remediation and an understanding of impact," he said. "All vulnerabilities can be remediated, but some will have a greater priority as they will represent a greater threat."
2. Automate container scanning. After an organization has determined an appropriate threat tolerance and a strategy for resolving issues, Powell suggests that development teams automate container scans and bring that automation into the CI/CD pipeline.
"According to a recent report, today's most effective software development teams are scanning every change to their service," Powell said.
3. Actually manage the test resources. One of the biggest changes with testing is the management of test resources, Sergei Egorov, CEO of AtomicJar, told ITPro Today.
"When it comes to containers, it becomes especially important to ensure that the test framework provides not only the capabilities for reliably starting containers for testing, but also for cleaning up after the tests were executed," Egorov said. "This is the Day 2 stuff that not everyone talks about."
4. Decide where to run application container tests. When testing containers in development, it's not always obvious where the containers should run in order to be tested. A key challenge, according to Egorov, is "nesting" — that is, running one container runtime inside of another. There is now a whole category of tools and services that compensate for the nesting issue, such as Google Cloud Build for Docker image building and Testcontainers Cloud, which is run by AtomicJar, for testing with containers but without a locally available container runtime, he said.
5. Get the most out of application containers. Containers are a great abstraction that unlocks new capabilities for developers and shouldn't be treated the same as OS processes, Egorov said. For example, where previously developers could only run one instance of a database per continuous integration (CI) worker node, developers now can have many, all running on random ports, he said.
"Make use of the powerful APIs that container runtimes provide because sometimes tests do need a fresh instance of a database each test run, something that we couldn't afford previously where databases were installed next to the tests," Egorov said. "And, of course, pick the right tools that already incorporate the best practices: Bash scripts are fun to write, but I am sure there is a better use of developers' time."
