SavvyCal Secure Software Development Life Cycle (SSDLC)

Last updated January 23, 2023

The SavvyCal team is committed to developing high-quality, secure software for our customers and their schedulers. The purpose of this document is to outline specific methodologies we employ to ensure we maintain quality as we ship changes to the software.

Planning & Analysis

  • We track all development projects and tasks in Linear
  • We link to customer conversations related to various projects (typically housed in Help Scout)
  • For complex features, product management describes requirements in detail and attaches those requirements to the Linear ticket or project
  • Project leads and task assignees are designed in our project management software
  • Projects are planned and tracked on Roadmaps in Linear for visibility

Design

  • Developers collaborate with product management to map out data flows and storage for new features

Development

  • Feature prototyping occurs on feature branches
  • Work-in-progress branches are pushed to GitHub pull requests early, for peer-review and visibility

Testing

  • Developers practice test-driven development, writing both unit, functional, and integration tests for all features
  • Continuous integration (CI) via Circle CI runs on every code commit
  • Automated CI workflows run linters (credo), static type checking (dialyzer), code formatting (mix format), static application security tests (sobelow), and test suites
  • We maintain a test/staging environment for manual QA testing

Deployment

  • We practice continuous deployment (CD) when changes are merged into the main branch on GitHub
  • Circle CI is configured to deploy code to our hosting provider only after all automated checks are passing
  • Features are often deployed behind a feature flag before fully rolling them out to all customers
  • For key features, we instrument them to track usage

Maintenance

  • We perform continuous error montoring with Honeybadger, to quickly identify bugs
  • Error monitoring notifies all developers when production errors occur
  • We follow up with customers who are known to have encountered an error in production