Subscribe to Blog feed Blog
Connecting the world of software delivery.
Updated: 47 min 17 sec ago

Top reasons to attend Tasktop Connect 2017 (including Early Bird Discount)

7 hours 45 min ago

By now, we hope you’re aware that we are hosting our first conference, Tasktop Connect, on October 4, 2017 in Columbus, Ohio.

At Tasktop Connect, leaders from some of the most successful IT organizations such as Comcast, Nationwide, Lockheed Martin, and others, will share their best practices and lessons learned from undergoing large-scale Agile and DevOps transformations. Leaving no stone left unturned, they will be joined on stage by industry experts such as Gene Kim, in what promises to be the definitive ‘lowdown’ on the software development and delivery space.

If our speakers alone are not enough to entice you, let me share a few more reasons why you should attend:

Transformations Aren’t Working

IT trends come and go as quick as the seasons, and organizations are investing in new staff, tools, and processes to keep up. And yet even with all this investment, software development and delivery still isn’t fast enough, or effective enough, to drive the change the business wants. With 10+ compelling sessions that cut cross a range of industry verticals, attendees will gain invaluable insight into how leading enterprises have started to turn this around, making software development and delivery a competitive advantage for their business.

Customer use-cases

In addition to presentations from Tasktop CEO and co-founder, Mik Kersten, and Tasktop VP of Product Management, Nicole Bryan, Tasktop customers will be sharing their individual journeys towards an integrated value stream using Tasktop’s Integration Hub “Tasktop. While your organization may be using Tasktop to integrate your PPM and BA tools, another organization may be using the platform to connect Developers to Testers. Despite varying business context, you’ll learn how you can unleash your organization’s full software delivery potential with technology and support. We promise you will leave inspired and ready to implement the tactics at your own organization.

On-site Support

If you’re a Tasktop customer or partner, you already know the Tasktop Support team are real MVPs. Lucky for attendees, the team will be on-site and ready to answer all your technical questions – no matter how big or small. You’ll learn how to optimize your software delivery process to extract the most value for your business from the crème de la crème in the industry. What could be better than that?

Grow your network

Just as Tasktop brings together your software delivery teams, tools, and value stream, this customer-focused event will connect you with the software delivery community; Agile and DevOps industry experts, fellow customers and partners, and Tasktop’s ‘go-the-extra-mile’ product gurus. With plenty of coffee breaks, lunch, and evening entertainment, attendees will have the opportunity to engage with like-minded individuals from around the world (supplemented with plenty of delicious food and beverages!) for a truly fulfilling day and night.

Still not convinced? Contact me or one of my colleagues to find out exactly what Tasktop Connect can offer you and your business.

But just to push you over the registration edge, here’s a discount code for 10% registration: TTCONNECT.

Register by August 7th to secure our Early Bird discount rate.

We can’t wait to see you in Columbus!

P.s. Want to know why we chose Columbus? Check out our blog by Tasktop’s pre-sales engineer (and local Ohio-boy) Jeff Downs, who explains why our inaugural event will take place in ‘The Arch City’.

Support for Gitlab, ServiceNow Express and Modern Requirements4TFS Now Available

Tue, 07/25/2017 - 14:50

Increasingly we’re seeing large organizations that want to pick and choose the best-of-breed tools that combine to create a customized tool chain that supports their specific software development and delivery needs. So we’re pleased to announce that today we’ve added support for Gitlab, ServiceNow Express and Modern Requirements4TFS, expanding the options available when creating a modular tool chain.

Here’s some of the benefits for integrating each tool:


By connecting Gitlab with ITSM tools such as ServiceNow and Zendesk, or Agile Planning tools such as CA Agile Central, JIRA, LeanKit, or VersionOne, you enable better visibility across your organization with information surrounding the issues being kept up to date in all systems.

For example when integrating GitLab Issues with Agile planning tools you can:

  • Ensure your teams are aware of the progress of relevant issues, regardless of which tool they’re using.
  • Facilitate automated communication between teams by allowing inter-team communication and collaboration with up-to-date information about the issue
  • Allow Gitlab labels to flow to your Agile planning tool of choice, helping to organize your team’s workflow
  • Let developers communicate back and forth via comments.

ServiceNow Express

Tasktop has long supported ServiceNow Service Desk, ServiceNow SDLC and ServiceNow PPM, and the addition of ServiceNow Express to our supported tools expands the benefits of Tasktop to users of this product. ServiceNow Express users will now be able to get the same cross-tool traceability and reporting benefits when they connect to other tools used in their software development and delivery organization.

See an example of how you could connect ServiceNow Express and Gitlab Issues in this demo video:

Modern Requirements4TFS

Many organizations, particularly those building for Microsoft platforms, use Modern Requirements4TFS as their go-to solution for Requirements Management. All requirements are stored natively as work items in TFS / VSTS. They may also use TFS for development work item tracking, testing and release management. However, when members of the extended team adopt specialist tools, for service desk management or project / portfolio management, for example, the work items in all tools can be kept current by being synchronized.

Tasktop allows you to flow artifacts to & from TFS and Modern Requirements4TFS, such as user stories, requirements, and test cases, to the myriad third-party tools that your other teams may utilize.  Updated statuses, due dates, owners, comments, and attachments all flow seamlessly from one tool to the other, to break down communication barriers and enhance cross-team collaboration.

For more details on all the new features available on Tasktop Integration Hub visit our What’s New page.


How to optimize your software development co-op / internship program

Thu, 07/20/2017 - 09:26

Co-ops and internships for students and young graduates have become very commonplace in the software industry. Beneficial for interns and companies alike, an internship program can help budding software developers to enhance their skill set while contributing to the success of the business.

As a software engineering co-op at Tasktop, I’ve witnessed first-hand what it takes to execute a successful internship / co-op program. Below are some key benefits of hiring interns and some key considerations that can help you determine whether it’s the right program for your company, as well as the key benefits it can yield.

What do interns / co-op programs offer?

  • Learn by doing

Hiring interns really helps the software industry grow. Internships are important to the success of the careers of aspiring software developers, and gaining work experience early on can help interns pinpoint what they really want out of their career. Hiring interns enables them to ‘learn by doing’ in a professional environment, which helps produce better software engineers that can drive the industry forward.

  • Fresh perspective

Interns provide the kind of diversity in thought that relies on a fresh pair of eyes. Interns are unique as they have little to no prior industry experience and limited knowledge of the standard conventions that take place in most software companies around the world. While this means they have a lot to learn, it also means that they don’t have a bias towards traditional systems, and can be useful in recognizing overlooked problems. Without a familiarity bias, they may find new, and better, ways of doing things. They might even discover a new process that could make the entire team more efficient.

  • Develop your own developer

Interns don’t need to be temporary. With the right support and room to grow, you can train a skilled developer that is not only schooled in your approach to software development, but also one that becomes a loyal brand advocate too. Furthermore, when an intern becomes a full-time employee, you negate the need for onboarding, saving your company time and money.

  • Company exposure

There is also an element of exposure. If you are running a software company that targets niche markets, then there’s a chance that many people outside of your sector will not have heard of you, making it harder to attract talent. Software engineers like working in environments that they know will challenge them and help them to grow. The easiest way for them to find such environments is searching for jobs in companies that they are already familiar with and who have already built up good reputations. Hiring interns will increase the amount of people that have worked at your company by virtue of them being cycled out every eight months, and the more people who have worked at your company, the more chances your former employees will tell other software engineers how great it is work there. This can really help boost your company reputation and talent acquisition capabilities.

What are the key considerations for running your own internship program?

  • Supervisor resources

Do you have the resources to supervise and support a co-op intern? Without strong support, they have the potential to accidentally produce a lot of inefficient, unmaintainable code. To ensure this doesn’t happen, implement a mentoring program that is overseen by strong base of full-time software engineers that are willing to help and provide feedback to steer interns in the right direction.

Tasktop does a fantastic job of creating a strong foundation for their co-op program, with full-time experienced employees easily accessible and willing to spend time with helping new hires.

  • Code review

A rigorous code review process, like we have at Tasktop, prevents writing code that other engineers won’t be able to maintain in the future, and it helps interns get up to speed quicker by enabling them to look at code reviews from other engineers. Having a code review system is especially effective as a form of mentoring because interns now have the ability to teach themselves without requiring dedicated time from full-time engineers to continuously walk them through the code review process.

  • Onboarding

Without an efficient onboarding process, hiring co-ops and interns can be time-consuming for both the company and the intern – especially if you’re hiring new interns every eight months like Tasktop does. You can save time by hiring interns in large groups and training them simultaneously rather than one-on-one, which encourages questions and group activity, as well as forging a team spirit right from the beginning.


Hiring interns is a complex endeavor, but one that can potentially have a great payoff for your company. As a Tasktop co-op, I’ve expanded my skill set, learnt how to overcome new challenges, and feel I have played a vital role in changing the software development and delivery landscape.

If you’re interested in working at Tasktop, please view current openings on the careers page and/or contact us. Do also get in touch if you’re thinking about running your own internship / co-op program too, we’d be more than happy to help!

Optimizing collaboration between Software Engineers and Product Owners by integrating JIRA and Targetprocess

Tue, 07/18/2017 - 09:57

As Software Engineers, we tend to get lost within our ivory towers. We are logical people, and crave logic in the world around us. The real world around us, though, is messy and frustratingly illogical. I am happiest, and most productive, when I have a well-defined Epic to work on, with clear requirements and acceptance criteria. My team and I can silently work away on the code, and resurface into the world when the job is complete.

The problem, though, is that the requirements are not always clear, and the acceptance criteria is often incomplete or missing altogether. This is where that messy, outside world invades our ivory tower. Locating the missing information and context, and communicating with Product Owners, was often a tedious mix of meetings, emails, and frustrating demos. I often felt that half of my job was to be the Product Secretary, keeping track of all the decisions, requirements and acceptance criteria on the original Epic.

As it turns out, I was duplicating all of this information. The Product Owners have tools to keep track of the requirements and acceptance criteria, and we work in our own tools for development. Since we don’t both access each other’s tools, we were forced to keep our own records of everything during meetings and update our own copies of the Epic.

The obvious solution was to be granted access to each other’s tools. In the Engineering department, we are using Atlassian JIRA, with the Agile tools for Kanban. This provides an excellent view into the current state of our project. Meanwhile the Product team uses Targetprocess, a tool designed for project management. Both teams are happy with their respective tools, and have built internal processes that fit with them. However, this satisfaction didn’t extend to collaboration.

Even with access to the other team’s tool, we Engineers still ended up manually duplicating most information into JIRA as there’s no synchronization between the tools. I quickly became frustrated at the constantly changing feature boards in Targetprocess, and having to switch back and forth between the two tools. And since not all of the Engineers had access to Targetprocess, I had to copy everything into JIRA for any fellow Engineer who required the information.

The Product Owners also had their struggles with JIRA.  Our Kanban boards tend to be an undulating pipeline of work items, only a portion of which are the Epics and Stories they are familiar with. The rest of our boards contains Defects, Tasks, and Technical Debt filled with overly complex technical details.

What’s more, by granting access to each other’s’ tools, we had created an even larger issue. Neither side used the other’s tools unless prompted, yet both sides assumed their changes were now visible to the other team. Collaboration actually got worse.

This is where Tasktop Integration Hub came in. We set up Integrations between Targetprocess and JIRA to synchronize Epics (called “Features” in Targetprocess). This meant that any change I make to the Epic are instantly updated on the Feature in Targetprocess.  When I want to ask questions, I just comment on my JIRA Epic. The Product Owner can then reply in their Targetprocess Feature.

Now I am able to stay within JIRA, my tool of choice, and I no longer have to be the product secretary. Even better, the integration removed the need for many of our time-consuming meetings. For example, when an Epic falls out of the release, I can just change the associated version number in JIRA. This change is then instantly updated in Targetprocess, sending configured emails to the Product Owner.

I can now return to my ivory tower and become productive once again…

If you’re working within the software value stream and want to know how Tasktop Integration Hub can dramatically improve the way you work with all other practitioners in the lifecycle, contact us today.

How can DevOps Integration transform your role as a Project Manager?

Tue, 07/11/2017 - 11:34

Before joining Tasktop, I spent several years as a Project Manager working with non-profit clients. During this time, one of the biggest obstacles I faced was overcoming the communication barriers between separate teams at our organization.

So when approached to co-host a webinar with cPrime on the top challenges facing Project Managers, I jumped at the opportunity. In the webinar, Brian Mulconrey – cPrime Agile Coach – walked through the ways that Agile Program Management can transform your PMO challenges into opportunities through continuous communication and delivery. While listening to his excellent presentation, I thought “All very true…but there’s one crucial piece missing!”

And that missing piece was DevOps Integration, the next significant milestone in software delivery. By looking at the software delivery process from a value stream perspective – i.e. as a sequence of activities that design, produce and provide a product and/or service – we begin to see where value is being created and lost to optimize end-to-end production.

This state can only be achieved by connecting the DevOps side of the software delivery pipeline with the rest of the software lifecycle for visibility, traceability and governance over the value stream – the holy trinity of requirements for first-class project management.

Common challenges

As a Project Manager, it is your job to straddle several different worlds, working with software developers, QA teams, business analysts, technical writers and more. Each team likely uses separate tools, and has separate internal processes and policies that you, as the Project Manager, must learn to navigate. Without an integrated toolchain (as these disparate tools do not naturally integrate), this can be an exhausting challenge that can test the sanity of even the very best Project Managers.

I used to spend countless days (and even weeks!) waiting on IT to grant me access to the many tools I needed to communicate with each contributor on my team. Once I gained access, I would spend hours watching training videos to learn how to use the tool. And even then I’d get in trouble for submitting requests the wrong way as each team had different practices and policies within their tool.

Even when I was able to access and use each tool, I could lose up to one working day a week. To put it simply, a fragmented toolchain is a costly and time-consuming endeavor that means a project manager is doing more admin than management.

Consequently, balls are dropped, serious issues are missed and avoidable mistakes are made. Lack of integration puts the success of all projects under threat, which ultimately means lost business if customers do not receive the right product or service on time. Not to mention the impact on job satisfaction of talented Project Managers who may lose patience and move on to a better, more connected environment…

A Project Manager’s Nemesis: A Fragmented Value Stream

DevOps Integration allows you to connect the disparate activities occurring in separate tools into one united value stream by connecting those tools into a modular toolchain. Wouldn’t it be great if you could automatically flow information from your tool of choice (maybe a PMO tool such as Microsoft Project Server) in real-time to the other tools that your team members were using? No more double entry into multiple systems, no more twiddling your thumbs while you wait for IT to grant you access to yet another tool, no scavenger hunts for important data.

This is all achievable through true DevOps Integration. It’s much more than just connecting your development and operations tools for improve collaboration when building and delivering software. It’s all about connecting those critical teams and tools with the whole value stream to optimize the entire process, from ideation and planning to testing and customer feedback. The end result? Fast and efficient continuously delivery of awesome software.

This is how:

  • Each of these purpose driven tools are connected to one another, and information is able to flow seamlessly between them
  • When you change a deadline, or the owner of a task, or details on a change in scope communicated to you by a customer, you’re able to easily flow that information to your Business Analyst in their own Requirements Management tool so that they can update the requirements for that deliverable
  • Once your Business Analyst has updated the requirements for that deliverable, those details can flow to the tool your software engineers are using to track feature development
  • Once your developers complete work on that feature, they can flow that information to the QA tool your testers are using
  • You can even take all of that information from each tool and flow it into one central database so that you can run your own analytics to identify bottlenecks and high-level patterns that may be impacting delivery for your customers

Proof of Concept

Here’s an example from our own workflow here at Tasktop:

  • When a customer requests a new feature for our product, one of the first steps that our Business Analyst takes is to determine – in collaboration with our engineering team – if that request is technically feasible within our product
  • To do that, our Sales and Professional Services team submits requests in their tool of choice, Salesforce. Those requests then flow over to our Business Analysts’ requirements tool, Targetprocess
  • The Business Analyst can then check a box on the request to initiate a technical investigation
  • Once that box is checked, the request will flow over to JIRA, the tool that our developers use. That new JIRA artifact will then automatically pull in to our developers’ triage process during their daily stand-up call

As you can see, by utilizing their existing processes and tools, we are able to facilitate continuous communication between key players across the value stream and speed up our software delivery to deliver powerful results for our customers.

DevOps Integration with the rest of the lifecycle is vital as there is no single tool platform that provides a silver bullet. While each team benefits from using best-of-breed tools that are built for their specific goals, without enterprise-level integration, all the project-critical information that is created for the sole purpose of being shared with other teams is siloed. Communication and collaboration suffers, while Project Managers are unable to see bottlenecks and trace the flow of work, meaning they can’t make informed decisions that will directly impact the success of a project.

With Tasktop’s DevOps Integration technology – which delivers the best results and Total Cost of Ownership on the market – Project Managers have a dynamic and simple means to connect all tools, teams, and disciplines across an organization, obtaining a holistic overview of the whole value stream. The result is an omniscient and empowered Project Manager, able to focus solely on their job i.e. managing projects and ensuring that the value stream is flowing and consistently delivering value.

If you’d like to learn more, watch the full webinar with cPrime: ‘5 leading challenges facing PMOs – and how Agile Program Management changes the game.’

You can also check out the webinar ‘Eliminating the PMO Scavenger Hunt’, as well as download our short e-book on the same topic.

If you’d like to know more about Tasktop’s DevOps Integration technology, contact us or request a demo today. Say goodbye to soul-crushing admin and hello to smooth project management best practice.

Get Integrated for Free with HPE ALM Octane I/O

Fri, 06/30/2017 - 13:21

If you’re an HPE ALM/QC or HPE Octane user you’ll know that to get true traceability and reporting you need to integrate it with other tools used by software development teams, and there are a variety of ways you can do that.

There’s now a new offering available to you – HPE ALM Octane I/O – which offers integration to JIRA, TFS, CA Agile Central/Rally and VersionOne. And the best part is it’s free for the first 100 users! Leveraging HPE ALM Octane I/O allows you to put HPE ALM/QC or HPE ALM Octane at the center and flow different artifacts such as requirements, epics, stories and defects back and forth between the various systems in real time.

If you’re an HPE ALM/QC user, you might already be familiar with the variety of integration offerings that are available including HPE Synchronizer, HPE Octane Synchronizer or the HPE Next Gen Synchronizer. You might have even tried them at some point. What makes this new offering different is the tools you can integrate with. HPE Octane I/O integrates with Version One and CA Agile Central (in addition to JIRA and TFS), and all versions of those tools will be supported. It’s powered by Tasktop, which means it can support enterprise-grade integration requirements – it’s technology used by almost half the Fortune 100.

Let’s look at one example of how this could be used – connecting HPE ALM with JIRA. By integrating these two tools with HPE Octane I/O, you can automatically flow epics and stories from JIRA to HPE ALM so that testers can see the requirements right in their tool. The integration also synchronizes relationships so that you have traceability between parent and child requirements. Comments or questions logged in HPE ALM  are automatically sent back to JIRA to that developers can see everything in their tool. Once test cases are created in HPE ALM direct coverage status can be sent to JIRA so that iteration managers can see the details of the user story and understand status as it pertains to the testing effort. URLs and artifact IDs can be passed back and forth between the two tools to add even more traceability.

Integrating these tools together not only eliminates manual handoffs and automates traceability, it also allows you to leverage functionality within HPE ALM that you might not have been able to previously. Maybe you have people that are manually importing requirements into HPE ALM, maybe you’re not using your requirements module at all. But with the real-time requirement integration running you can turn on alerts in HPE ALM.  The result: changes to stories in JIRA or other Agile tool will update the requirement in ALM plus it will notify the owners of related test cases that a review is needed.  Testing the correct version of the requirement ultimately means better releases and happier customers.

So how do you get started? Simply request a license key from Tasktop through this form. You’ll then be able to get the software directly from HPE. For more information, view the on-demand recording of the Vivit webinar HPE ALM Octane I/O Enterprise Grade Integration with your 3rd Party Agile Tools.

Routes & Ladders

Tue, 06/13/2017 - 10:20

The typical ladder has nice, evenly spaced rungs to get you from the ground to whatever high spot you have your sights set on. But what happens when the top rungs are missing? You can get part way up, but can’t go very high.  Or what if all of the bottom rungs are missing? It’s hard to even get off the ground.

This is why fully functioning role model ladders are important for women in business. Meaning women at every level of an organization need to be ready to help other women. They are the “rungs” that can take women from the bottom to the top, and every step between.

Why not an elevator that shoots you right to the top floor? Because having a rung at every level, having role models at each step along the way, helps make the goal seem more attainable. In other words, the women you aspire to be need to be close enough in scope and age, so that you can relate to them.

Don’t get me wrong… heroes are great. We all want to shoot for the moon, but the reality is that our role models have far greater and more direct impact if they are one rung above us–within our reach.  If someone is doing a job that you can clearly envision and filling the role in a concrete, realistic way, it’s easier to picture yourself in that role.

Let me tell you a story. My ten year-old daughter was tasked with writing an essay about her biggest role model.  She picked Mara, one of the young women on my team at work. She selected Mara because she started on my team as an intern while she was still in college, and she would come over to our house and talk about her job. Bailey would hear me talk about how talented and hard working Mara was. But I talk about the amazing people I work with all the time.  Why did she pick Mara?  Because she can relate to Mara. She can see herself in Mara. And the rungs continue. I am Mara’s role model–a female VP of Product Management.  My job feels attainable to her.  And I look up to Gail, our Chief Science Officer.  Every rung matters.

If you agree that “Role Model Ladders” are critical or women in the workforce (or hoping to be part of the workforce), how do you create them?  One step at a time (pun intended). Step one: you need to talk about it. Direct discussion is critical to address any elephants, or lack of elephants, in the room.  When you see a missing ladder rung in your organization, go to your HR department or your department head and highlight it for them. Let me offer an example. I once called our Senior Director of Engineering and said, “Do you realize we don’t have any female engineering managers? Next time we’re hiring, let’s focus on that.”

Here in Austin we have the University of Texas—a big and great university. We also have under recognized resources like Texas State, Saint Edwards University, and ACC. I first posted a job opening on the UT job board. Then I met a female professor at Texas State, so I had a direct local connection.  When all I got was resumes from men, I called her and said, “I know there are talented women at Texas State. Can you encourage them to apply for this position?”  And guess what?  The woman she encouraged to apply is the woman that my ten year old looks up to.  It’s local.  It’s personal.  My company isn’t changing the world in broad strokes. We are affecting real woman (and the world) in small ways. But if every organization does the same, it will undoubtedly have a broad stroke effect.

By the way, it is ok (and not illegal) to shoot for diversity – to target under represented people. But it may take more time and more energy. I was at a dinner party a couple of years ago with a man who had founded a startup.  He said to me, “I don’t have time to wait. I need to fill positions. Ten people walked in the door and they were qualified, so I hired them. If they had been women, I would have happily hired them, but they weren’t.” If we want this to change, we all have to be willing to make the effort to seek out and hire women.  Founders of small companies have to expand the search.  Doing the right thing for women is undoubtedly doing the right thing for your company–more growth, more success.

It’s also important to note that sometimes women on the middle rungs of the ladder slip off. Often, the people who fill the middle rungs are at an age where they are starting families. Too often they don’t climb back on the ladder because there are too many obstacles to overcome. Truly innovative companies don’t let this happen to talented team members.

I’ll never forget standing outside the London Tube when my son called in tears because he lost an important mock trial at school. I looked at my colleague, a young woman who is not yet a mom, and said, “I have to talk to my son right now.” She watched me as I tried to console him. Yes, I was on a business trip in Europe, but my family comes first. Seeing the reality of how you balance these situations can be crucial for many young women.

While we are at it, let me tell you what middle and upper rung women should not do. A female VP of Engineering did this to me when I was on a lower rung looking up to her.  She said, “You just suck it up and deal with it.” Right before I gave birth to my child with a laptop next to me.”  She was proud of that. Don’t do that to women colleagues.

Instead, the women filling those higher rungs must be willing to open themselves up and show the personal side. Let the people around them witness the juggling act.  Let them see the moments that are crazy and difficult.  Let it be personal.  We have great heroes like Sheryl Sandberg who write books about what it is like, but I can guarantee you that the colleague who stood with me outside the London Tube and listened to me cry with my son will not forget that.

It is only through small, intentional steps that we can change things for women in the workplace. Tasktop is doing it. Your company can do it. And, I guarantee that if your daughter comes home and says that she is writing about a woman in your ladder, you will feel exhilarated and hopeful about the future.

Managing Open Source Effectively

Tue, 06/06/2017 - 11:33

Unless you are a developer who enjoys reinventing the wheel (and spending countless hours or weeks developing functionality that already exists), it’s likely that you use open source dependencies in your projects. While it is great being able to easily incorporate functionality that you didn’t write into your application, such as user management, it does not come without risks.

Two of the major risks are licensing and security vulnerabilities, both of which are exacerbated when an application grows. When developing an application, your transitive dependencies (which are dependencies that your direct dependencies require) are increasingly hard to track down because there can be many layers of dependencies. Finding all of them can be an onerous task as they are often hidden inside packages.

Considering your direct dependencies rely on transitive dependencies, this is a serious concern for developers using open source. In this piece, we will explain why improving open source software visibility is critical for managing the risk associated with licensing and security vulnerabilities.


Licensing of open source software may seem like a simple task when only a few dependencies are being used, but this task can quickly turn into a nightmare when you dig into the details. Not only does one need to keep track of all the direct and transitive dependencies in the product, but one also needs to determine what license is associated with every dependency, which is no easy feat.

Maintaining this list of dependencies and licenses is a tedious task, made even harder by the fact that finding the license for a dependency is rarely straightforward. Based on our own experience with our internal tool, we have come across several problems with this approach.

For instance, finding all direct dependencies along with transitive dependencies requires effort in maintaining scripts that ensure every dependency gets recognized. Then, once a list of dependencies is established, carrying out due diligence of each license can be a laborious endeavor because:

  • Not all bundles have licenses included in the package or stated within the included files
  • Other packages have multiple, sometimes conflicting, licenses
  • Other packages can be downright confusing, such as when a different license is stated in the bundle than what it is in the source code e.g. we have seen cases when the reported license is Apache 2.0, while the source code contains references to GPL 2.0…

Incorrect licensing can have significant effects on a commercial product, since a copyleft license such as GNU General Public License 2 without any exceptions can require the product’s source code to be freely available. So for instance, if you incorrectly report a package to be licensed under Apache 2.0, but it turns out that it was GPL 2.0, you can suddenly find yourself managing an open source software that was previously a commercial product. So ideally we want to discover the dependencies with unacceptable licenses and replace them as soon as they are added to the product.

Solving licensing issues

One tool that enables easy management of dependencies, their licenses and their known security vulnerabilities is Sonatype’s Nexus IQ Server. IQ Server is a web application that automatically recognizes components, or parts of components, included within a product and provides information regarding licenses and security vulnerabilities for the discovered components. The application allows for easy bookkeeping of dependencies along with observed and declared licenses, as reported by IQ Server, and licenses that are deemed to be the correct or effective by the user.

Furthermore, policies can be set on IQ Server to define which licenses are acceptable and which unacceptable, allowing developers to be notified as soon as a product containing unacceptable licenses is scanned. IQ Server’s policies thus allow for the automation of dependency approval, and diminish the need for developers to remember which licenses are to be avoided.


As important as licensing is for the success of a product, the success of a product also depends on minimizing the security vulnerabilities contained within it. Security vulnerabilities could, among others, lead to access to sensitive data, user impersonation, or denial of service, which could have detrimental effects.

Prior to using IQ Server, we would spend time looking up Common Vulnerabilities and Exposures (CVE’s) for dependencies included in our product by hand. However, with IQ Server the process has become much simpler. IQ server collates research from several sources including their own research team, providing detailed vulnerability information and suggested upgrades to avoid the vulnerability.

Not only does the application give information on confirmed CVE’s for the current version of the component, it also shows a record of CVEs for other versions of the component, allowing you to pick a version with less vulnerabilities. As with licensing, policies can also be set up for security vulnerabilities, notifying developers immediately when a dependency with a high severity security vulnerability is introduced.

IQ Server provides an elegant solution to keeping track of dependencies along with their licenses and security vulnerabilities, but together with Tasktop Integration Hub it can provide instant notifications on changes in the license status of dependencies or updates in policies.

Currently, IQ Server provides web hook functionality for four event types:

  • Policy Management Event
  • Application Evaluation Event
  • Security Vulnerability Override Management Event
  • License Override Management Event

When events such as updating of a policy, completion of an evaluation, or changes in the license status of a dependency occur, using Tasktop Integration Hub, they can be easily converted into JIRA tasks or passed on to any other connectors serviced by Tasktop.

For further information on how Tasktop can integrate with your open source tools to improve security and license risk management, visit our website and chat to one of our informative members of team.

Tasktop Recognized for Contribution to DevOps in SD Times 100

Thu, 06/01/2017 - 15:12

We’re delighted to announce that Tasktop has been honored in the prestigious ‘2017 SD Times 100’ for the company’s ongoing work in helping the world’s largest and most impactful organizations optimize their DevOps transformations.

Judged by SD Times’s editors – all of whom are well versed in all facets of software development – we find ourselves in esteemed company, commended alongside technology partners such as Atlassian, CA Technologies and HPE. Speaking of the selection criteria, the publication explains that the awards honor companies that are ‘the best of the best’.

Elaborating on the DevOps category, SD Times says: With cycles getting shorter and shorter, developers need tools that help them with Continuous Integration and Delivery, as well as managing issues in post-production. With speed in mind, these companies keep developers on track, no matter how fast they need to go.”

Reflecting on the award, a jubilant Dr Mik Kersten, CEO and founder, comments: “The award means the world to us. DevOps is still the next big thing in quality software delivery by ensuring consistent and reliable code is deployed in production at high velocity. Any business worth its salt has attempted to adopt DevOps in some form or another, yet sadly implementation success is varied and tales of failure are common.

“One of the main reasons for a DevOps transformation failing at scale is that an organization’s best-of-breed toolchain is not integrated – including specialist tools used by developers and operations. This fragmentation solidifies the barrier between the two departments, which harms the quality and speed of software delivery and generates large volumes of waste that undermines an organization’s value stream.

“That’s why the core goal of our life work, realized with the Tasktop Integration Hub, has been to break down these barriers to collaboration – including focusing on DevOps methodologies and frameworks. With everything connected, waste is minimized (or even eradicated entirely), and practitioners are empowered in their roles as result.

“To be recognized by the industry for Tasktop’s notable contribution and ongoing commitment to DevOps and software development is truly humbling, and will spur us on to ensure all enterprises are maximizing the power of DevOps to create a dynamic work environment that drives their digital transformations.”

About the award

Each year SD Times 100 recognizes companies, non-commercial organizations and open source projects and other initiatives for their innovation and leadership. More here.

Further reading:

Why Agile and DevOps transformations are failing at scale – E-book

Imitation is Limitation – Why Your Agile and DevOps Transformations are Failing

Wed, 05/31/2017 - 10:09

You probably know that your software delivery capabilities are vital in safeguarding your organization against digital disruption from younger, more digital-native companies. To address this threat, you’ve probably adopted widely-publicized Agile and DevOps practices to enhance the delivery speed and quality of your software.

Perhaps you or your someone in your team was inspired by a dazzling presentation at a tech conference that implied, “if you copy this model, you can enjoy the same success!” Yet success has been limited (if there’s been any benefits at all) – so what gives? Sure, your agile development team seem to be creating better code faster, but why is that code not delivering value for customers? And why is waste (i.e. non-value work) so high? What gives?

The cold hard truth is that imitating the successful transformations of Facebook, Netflix, Airbnb et al. will not necessarily improve your ability to quickly deliver quality software. In fact, it could be detrimental, leading to more bottlenecks and waste that could cost your business up to $10 million in lost productivity.

Why is there no silver bullet or magical blueprint? Mainly it’s because you’re not the same as those digital disruptors. In fact, you’re two distinctly different businesses with your own unique software ecosystems. These nuances must be understood if you’re to be successful with your digital transformation. These core differences you need worry about are:

  • Criticality of applications
  • Audit / regulatory obligations
  • Size of developer workforce
  • Partner network

While these differences have a severe impact on your ability to scale Agile and DevOps initiatives, there is a solution. The key is to connect teams and tools to automate the flow of information between stakeholders to obtain visibility and traceability into your software value stream, which is achieved through ‘Value Stream Integration’. This process creates a robust backbone with which to scale Agile and DevOps transformations, enabling organizations to compete (and innovate) in a digital world.

Download our latest e-book – Why Agile and DevOps transformations are failing at scale – to discover why the aforementioned core differences between established organizations and more digital-centric rivals impact your ability to scale your Agile and DevOps transformations, and why Value Stream Integration is only way to level the playing field and optimize your software delivery capabilities.

There’s No Magic

Tue, 05/30/2017 - 09:01

There’s a common phase here at Tasktop, “There’s no magic.” It’s typically evoked when there’s a tough problem to solve. There’s no magic to solving tough problems, it’s hard work and deep thinking. But in the very next breath, we talk about giving customers magical experiences–making things ‘just work’ and anticipating their needs before they know they have them.

I have to sheepishly admit that I’m an amateur magician. I know how to palm a coin and make cards disappear. It’s a bit of a hobby. But what surprises me most is the parallel between a good magic and good software. Today I’d like to talk about two: flourishes and sleights.

Flourishes are the fancy stuff you see magicians doing. Fanning cards, rolling coins across their knuckles. They’re the flashy displays of talent that add color. They make you think, “this person knows what they’re doing”. But here’s the part you may not realize…flourishes aren’t the magic. The real magic is in the sleights.

The sleights are the things you don’t see. They’re the part where the magician secretly drops the ball in their pocket or palms your signed card. That’s where the real magic happens. Magic is more about what you don’t see than what you do see.

All flourishes and no sleights makes a juggler. There may be great talent, but there’s no magic. All sleights and no flourishes doesn’t draw a crowd. A good magician needs both. And so does good software.

Tasktop Integration Hub is no different.

I’d argue that our Integration Landscape is an excellent flourish. It catches your eye. It’s incredibly helpful to understand your overall integration picture. But the magic is about the things you don’t see. I’d like to tell you about a few of them.

Unlike a magician who hides their sleights, we want to tell you about them. We think that pulling back the curtain to show you behind the scenes makes our “magic” all the more impressive.

Here are a few bits of magic you may not even have noticed when using Tasktop. And really, that’s how it should be. These are things that should be seamless when you’re using our product.

Ok, so let’s start:

Smart Fields

There are some fields that are in nearly every tool. Things like Summary, Description, ID, etc. These are fundamental to almost all artifacts in any tool we work with. Here’s the rub…sometimes these fields are named differently across systems. That could be confusing, but Tasktop Integration Hub has built in smarts. It knows that these differently named fields are really the same.

Here’s an example: the “Description” field in JIRA is called the Description field, but in IBM DNG it’s called “Primary Text.”.Tasktop is smart enough to automatically map these two fields together. You don’t have to think about it.

Smart Transforms

So speaking of Description fields, different tools have different text markup in those fields. Some use Rich Text, others use their own proprietary markup language. We have to transform the different markup styles between dozens of different tools. We take care of all that behind the scenes. There’s nothing for you to do. There’s no flourish here. It’s all behind the scenes.

Smart Value Mapping

Tasktop employs a Model-based integration style which allows for a normalized definition of your requirements, defects, stories, etc. We allow end systems to define their field values independently and then map them to values in your custom models.

That’s great when the values in your tools don’t match the values in your Model, but very often, you create your Model to reflect your tools. Tasktop is smart enough to automatically match field values to your model values. You only need to match the values that are different.

Automatic Person Mapping

What is a ‘person’? Sounds silly, right? But in ALM tools, a ‘person’ is a complicated thing. It may involve a display name, internal ID, email address, department, etc and there’s no guarantee that this information is the same between tools. In any integration, it’s important to flow person fields between tools, but since much of the information (such as person ID) may be different, there’s definitely some magic involved.

In order to match users across tools, Tasktop employs a smart algorithm to inspect the person fields and match based on their metadata. We see if the internal person ID’s match, then whether the display names match, then whether the emails match.

This is all behind the scenes for the Tasktop admin. All you need to do is indicate that you want the person fields to flow.

Comments with impersonation

Tasktop enables cross team communication and this is exemplified with our Comment Flow. A user in one tool can comment on an artifact and that comment shows up on the twin artifact in another tool.  For example, the product manager in can comment on a Feature in Targetprocess and the developer sees that comment on the Epic that shows up in JIRA. That’s pretty magical, but it gets even better.

Not only will the comment appear, it will be attributed to the tester! And you know what you need to do to configure that? Nothing. If you enable comments to flow, Tasktop will automatically take care of comment attribution. We call this Impersonation.

And enabling comments and comment impersonation is as simple as checking a checkbox.


I could go on and on about these behind the scenes sleights, but just like in the real world, there’s no such thing as magic. There’s an explanation for everything, but sometimes, just sometimes, you can have a magical experience. That’s what we’ve set out to give you with Tasktop Integration Hub. And just as in a magic performance, the flourish is important, but it needs no explanation. But unlike a magic performance, we feel that understanding some of the workings behind the scenes makes our performance even more amazing. I hope you’ve enjoyed a behind the scenes look at just a few of the things we’ve built in to give you this experience.

Tasktop Connect 2017: Why Now and Why Columbus?

Wed, 05/24/2017 - 07:29

Today we announced the inaugural Tasktop conference, Tasktop Connect 2017, which will take place on Wednesday 4th October 2017 in Columbus, Ohio. Hosted at the modern and stylish urban-venue VUE in Columbus’ historic brewery district, this dynamic event will provide a pertinent snapshot into the state of software delivery.

Bringing together the shared experiences of IT transformation leaders and Agile, DevOps and Lean visionaries, this inspiring conference will provide attendees with tangible takeaways on how to optimize their software delivery and scale Agile and DevOps transformations.

The high-quality content program – a host of educational sessions from Tasktop customers and industry thought-leaders – is really beginning to take shape with Gene Kim and Carmen DeArdo already confirmed and we cannot wait to unveil further details in the coming months.

But first – why now?

This year saw the accumulation of everything we’ve tried to do at Tasktop come to fruition, with a host of milestones including:

The common theme across all these milestones is ‘customer success’. Tasktop and our customers are on a shared journey to change the way software is built and we wanted a dynamic platform that both celebrated our mutual achievements and laid the foundations for future growth. Our customers were clearly on the same page – we were inundated with questions about whether we were going to host our own event!

So we knew ‘why’ we wanted to host our own event – to continue to support and drive our customers’ digital transformations – but the next big question was, where? The answer was simple; Columbus.

But why Columbus?

For many of you who haven’t been to Columbus before, it may come as a surprise that Tasktop is hosting its first-ever user conference in the Ohio capital. You might even be saying, “Hang on, aren’t you based north of the border in Vancouver, BC? And aren’t your US headquarters in Austin, TX? Wouldn’t it make sense to host the event there?”

The answer is an emphatic “no!”. Columbus is the perfect representation of Tasktop’s burgeoning enterprise customer base and a natural location to gather our audience for our inaugural event. Tasktop boasts 43 of the Fortune 100 as customers, with 8 of those 42 headquartered and/or have significant presence in Ohio. Most of the others are spread across the Midwest and the Eastern US and Canada; providing an easy drive or short direct flight to Columbus.

The support that Tasktop and other software startups receive in Columbus shouldn’t be a surprise to the “locals”. The Columbus ecosystem is special. The Fortune 100s that call Columbus home are also very committed to supporting the local startup community, and while Tasktop isn’t a Columbus-based startup, the large Columbus enterprises have been instrumental to our success.

This quote by financial company Chase, who has a huge presence in Columbus, perfectly sums up the gravitational pull of the city: “With so much of the technology, change and leadership here in Columbus, we don’t go to New York, New York comes to us. And we’re proud of that.” And as an Ohio-kid, I couldn’t be happier for the event to be hosted in a place I call home.

For further information, please visit the Tasktop Connect website and if you have any further questions please don’t hesitate to contact us. We can’t wait to welcome you to what promises to be an energetic and rewarding day for everyone involved as we continue to connect the world of software delivery.

Automate Everything: Reflections on HPE Customer Forum, Dublin

Mon, 05/22/2017 - 13:35

Getting started with automation is a bit like investing – high risks with potential high rewards. Most DevOps transformations are set in motion in order to get things done better; “better” often meaning getting things done quicker and cheaper.

I attended the lifecycle and continuous tracks on Days 1 and 2, respectively, of the HPE Customer Forum in Dublin 2017. It was clear from the start that Kaizen is at the heart of DevOps; or, as Tal Levi Joseph, VP of R&D ADM at HPE, put it: “DevOps is an evolution, not a revolution”.

As a summary of the talks I compiled a diagram below (figure 1). The diagram depicts the common challenges and benefits of DevOps and thus does not accurately describe each DevOps transformation – I did hear someone had a reduction in speed as a result of applying DevOps practices (quite rare I say). Traditionally, all people want from DevOps is agility and speed. However the demands and realized benefits in the more recent DevOps adoptions focus on the right talent, scale, and quantity.

Figure 1: Summary of key learnings from talks at #HPEForumsDublin. The new, mature era of DevOps focuses on continual improvement, allows for failure, and plans for large-scale deployments from the start (not forgetting traditional goals such as agility). Automation and integration underpin the benefits – as well as the challenges – across the DevOps transformation.

So what about the risks? Seeing them more as healthy challenges, DevOps initiatives will expose flaws in processes and collaborations (or the lack thereof), within organizations. Toine Jenniskens from Rabobank highlighted the importance of automation while getting started with DevOps. Even if not all automated processes will work perfectly, they will still bring efficiencies, give more accurate outcomes without human error, and quickly indicate which parts of the automated process are broken. One of his mantras was “one function, one tool”. Indeed, many tools have been developed with one primary function in mind, and using best of breed solutions for each, is typically the best way forward.

In a different talk, Arne Luehrs from HPE described ChatOps as “anything that is not email and allows users to communicate in real-time”. A great example of an organization embracing a new method of communication, to share and explore information in a way that serves its users better. Now at HPE, they have over 4000 chatrooms dedicated to particular systems and configuration items with empowered teams able to collaboratively create their own rules of engagement for each conversation.

The above examples are really about reducing “time to market”: getting rid of boundaries of email, or automating tasks. But what else can you do? One idea that came up was to regard everything as code: infrastructure, data, best practice code; giving you the possibility to automate everything. A good example of this is when developers have access to all code written within the organization, and they can quickly find a package written by and reviewed by their peers. This not only saves time but adds much-needed resilience and lowers the risk of poor code in the developed solution.

To summarize the fantastic two days in Dublin in two words: embrace failure. This forces teams to re-establish an open culture where instead of looking for someone to blame teams are concentrating on working together with one goal in mind: team success.