Digital Immune System and Testing

An immune system protects its host from infection through layered defenses. In 2022, Gartner published an article titled “What Is a Digital Immune System and Why Does It Matter?” The article outlines a combination of practices and technologies for software design, development, operations, and analytics to mitigate business risks. While it is valuable to limit focus on any single practice or technology, achieving an effective immune system requires establishing maturity across these key pillars and their corresponding outcomes. In the prior post, we talked about the importance of observability to ensure we had visibility into the systems within our organization. In this post, we will focus on testing and the feedback loops established around observability to reduce business risks.

Gartner highlights the considerations of "enabl[ing] organizations to make software testing activities increasingly independent from human intervention". Today, the notion that software testing activities being independent from human intervention is reinforced by the increased utilization of artificial intelligence to improve productivity or reduce costs. The majority of use cases provided by AI-augmented testing products, leverage Artificial Intelligence (AI) and Machine Learning (ML) to?"complement and extend conventional test automation and includes fully automated planning, creation, maintenance and analysis of tests."

Combined with observability, AI could be leveraged to identify and evaluate the adherence to specific Service Level Objectives (SLOs) and Service Level Indicators (SLIs) with the testing analysis. These assessments could be performed within CI/CD pipelines to prevent non-compliant builds from advancing in the software supply chain. These evaluations are typically performed after performance or automated testing (such as Selenium) included within the CI/CD pipeline(s). There are multiple vendors in the Application Performance Monitoring space, such as Dynatrace or Datadog, that have provided opportunities to incorporate quality validations or gates to check the adherence of the SLOs and SLIs / KPIs. Upon success, the compliant release would proceed to production, or inversely, enable progress delivery using techniques like blue-green deployments or triggering feature flags in production. Using the implementations provided by Dynatrace, for example, would provide event correlation, associate identified performance degradation to deployment events, and enable self-healing thus reducing business risks for impacted applications.

Next up, we'll talk about chaos, or reliability engineering, and its relevance as part of the digital immune system.