Pair Programming and test-driven development with Visual Studio Live Share and GitHub Copilot

by Contributed | Feb 18, 2023 | Technology

This article is contributed. See the original author and article here.

Pair programming is a software development technique in which two developers work together on the same code at the same time, with one typing and the other reviewing and offering suggestions. This technique can increase productivity and promote knowledge sharing, as well as improve code quality through increased collaboration and code review.

Test-driven development (TDD) is a software development process in which tests are written before writing the actual code. The tests serve as a guide for the development process and help ensure that the code meets the requirements and behaves as expected. The TDD cycle consists of writing a test, running it to see if it fails, writing the minimum amount of code needed to make the test pass, and then repeating this process until all tests pass and the code is complete.

GitHub Copilot is a tool that can be used to support pair programming and TDD. It allows developers to collaborate in real-time on the same codebase and provides an environment for running tests and code review. This can help teams work more efficiently and effectively, especially for remote teams who may be working from different locations. Additionally, Copilot can also assist with automated code suggestions and recommendations based on best practices, further improving code quality and efficiency. 

In summary, pair programming and TDD are valuable software development techniques that can enhance the development process, and GitHub Copilot can help teams effectively utilize these practices to produce high-quality code.has context menu

Getting Started 

To get started with activating your FREE GitHub Copilot 
Download GitHub Copilot for VS Code
Download GitHub Copilot Labs for VS Code

GitHub Copilot is a simple, powerful way to use GitHub for automated, test-driven development. It provides an easy-to-use framework for writing, running, and monitoring tests, as well as an integrated interface for managing the entire development process.

To get started with GitHub Copilot, first create your GitHub account and activate your copilot subscription. Create a new repository in GitHub and add the Copilot extension, then, create your test files and add code to run the tests many academic institutions introduce test driven development in classes which use pair programming.

Pair programming is a popular Agile technique that involves two developers working on the same piece of functionality together. In many cases this is used in lab exercises to help student identify bugs and gain understanding of reading and documenting codes bases.

The benefits of pair programming include:

•  Quality of produced code should be higher as two developers have been involved and verified code.


• Increased awareness and understanding of the codebase across the team which leads to improved experiences and documentation.


• Skilling and sharing of best practices which lead to higher quality and greater collaboration.

During COVID many courses lost the opportunity of students being with other students in the same room looking at the same screen, thankfully tools like VSCode LiveShare faciliated students to keep pair programming and allowed students to communicate not only screen share but also via voice. 

Allowing students to give peer feedback on code, discover underlying issues, and support the coder/driver in successful development.

Many benefits of pair programming are only seen when it’s done as a collaborative team effort. On the other hand, artificial intelligence may potentially give you a real virtual tutor or assistant. We have found GitHub Copilot works really well at increasing your productivity, and also helping.

How to generate tests and test data

Students often need to think of sample data for your tests, documentation, or default settings. In many cases this results in a burden for the course tutor or academic to validate the data or in some case even produce the sample data sets.

GitHub Copilot is an amazing support asset. For example, your student need a set of personnal data record for there application development. 

The task set has a Person class:

from dataclasses import dataclass

from datetime import date

@dataclass

class Customers:

    first_name: string

    last_name: string

    birth_date: date
    def age(self):

        return (date.today() – self.birth_date).days // 365
    @property

    def full_name(self):

        return f“{self.first_name} {self.last_name}“

What you now need is a selection of data for this class did you know you can used GitHub Copilot to populate a list of Sales details.

So if your starting from nothing you can simply ask copilot to create a data set. 

// create me a list of people based on first_name:string, last_name:string, birth_date:date
Sales = [      
    { “first_name”: “John”, “last_name”: “Doe”, “birth_date”: “1970-01-01” },
    { “first_name”: “Jane”, “last_name”: “Doe”, “birth_date”: “1970-01-02” },
    { “first_name”: “John”, “last_name”: “Smith”, “birth_date”: “1970-01-03” },
    { “first_name”: “Jane”, “last_name”: “Smith”, “birth_date”: “1970-01-04” },
    { “first_name”: “John”, “last_name”: “Doe”, “birthdate”: “1970-01-05” },
    { “first_name”: “Jane”, “last_name”: “Doe”, “birthdate”: “1970-01-06” },
    { “first_name”: “John”, “last_name”: “Smith”, “birthdate”: “1970-01-07” },

]

GitHub Copilot successfully figured out to use your Person class for the Sales list elements. 

If you all ready have the reference code, you simply need to Declare an empty Python list using an expressive variable name, and hit Enter just after the opening square bracket ([) to trigger the suggestions:

Customers = [

As you keep hitting Tab after each suggested line, you might end up with the following list of employees: and then close ]

Creating a Test Driven Development

You can use that list as a common test fixture for a group of test cases that require it.  GitHub Copilot can be an excellent help in the testing process itself by suggesting both tests and the code under test.

Exercise Test-Driven Development (TDD)

Briefly, the TDD process:

• Write a failing test case that you have too satisfy


• Implement the smallest amount of code to make your test case pass


• Optionally, refactor the code while all your test cases are still passing


• Then, rinse and repeat!


• As long as you’re disciplined enough to stay in this perpetual cycle, you’ll write testable code that has high test coverage and documents itself.

So an example we want to create and test a HashTable implementation, using GitHub Copilot as your virtual pair programmer?

Step 1. Create two empty Python files next to each other in the same folder:

src/

├── hashtable.py

└── test_hashtable.py

The hashtable.py code under test. The test_hashtable.py is the home of your test cases driving the implementation. 

Automation of TDD

Once you have set up your tests, you can use the Copilot interface to manage and monitor your testing process. This includes running tests, viewing results, and tracking progress. GitHub Copilot also integrates with popular continuous integration (CI) tools like Jenkins, Travis CI, and CircleCI, allowing you to easily integrate tests into your development workflow.

To help ensure that your tests are up-to-date, Copilot can be configured to run automatically on a regular basis, such as after each commit or nightly. This helps keep your tests and code in sync and ensures that any bug fixes are applied quickly.

Conclusion 

There are several reasons why students should use GitHub Copilot for TDD and virtual pair programming:

• Improved Code Quality: By incorporating TDD and pair programming into the development process, students can ensure that their code meets the requirements and behaves as expected. They can also catch and fix any bugs or issues early on in the development process.


• Enhanced Collaboration: GitHub Copilot provides an environment for real-time collaboration, allowing students to work together on the same codebase and share ideas and knowledge with each other. This can lead to a more efficient development process and can help students learn from each other.


• Remote Work Support: With the increasing popularity of remote work, virtual pair programming has become an important tool for development teams. GitHub Copilot allows students to work together, even when they are in different locations, which can help them collaborate effectively and build a better understanding of each other’s strengths and weaknesses.


• Automated Code Suggestions: GitHub Copilot provides automated code suggestions and recommendations based on best practices, which can help students write better code and improve their coding skills.


• Real-World Experience: Using GitHub Copilot for TDD and virtual pair programming gives students a taste of what it’s like to work on real-world software development projects. Students can apply the skills they’ve learned in the classroom to real-world situations and gain hands-on experience.
  
  

GitHub Copilot is a great tool for developers who want to take advantage of test-driven development and automated testing. It provides an easy-to-use interface and powerful features to help developers quickly and easily create, run, and monitor tests. Copilot is FREE for students and educators and enables educators and students to practice and improve their TDD and pair programming skills, which can help them build better software and enhance their career prospects. 

Step-by-Step Compliance for the Cybersecurity Maturity Model Certification (CMMC)

by Contributed | Feb 17, 2023 | Technology

This article is contributed. See the original author and article here.

Odds are, if you are impacted by the Cybersecurity Maturity Model Certification (CMMC) mandates, you already know it.  Odds are, if you are reading this post, you are doing research because you are impacted by the mandates.  If you are impacted by the mandates, this post is for you.  This post is to give you ideas that [we hope] help you on your compliance journey. 

The open question is likely “how do I become compliant”?   Ultimately, there are two options.  But before we get to the options of how to become compliant, we first need to address the scope of what needs to become compliant. 

What about scope? 

There are thousands of other published pages on the scope of CMMC, and that’s not the point of this post.  The point here is to state the following: 

1. Today, you have N applications in your Portfolio 


2. A subset (maybe 100%, and maybe a smaller percentage) of those applications and their data must be compliant with CMMC by certain dates depending on your contracts and business requirements 


3. Every business that is beholden to the mandates needs to make a list of the applications (and data) that are in-scope.  Many companies will do that rapid assessment on their own.  Other companies will enlist the help of partners/vendors to help them move faster and more confidently.  Either way is fine.   

Once you have the list of apps (and data) that are in-scope for you, then what?  Then, it is time to choose an option. 

Option 1: Work on the running engine 

The challenge with working on a running engine is the increased risk of losing a finger :smiling_face_with_smiling_eyes:.  Honestly, if you had to spend time quantifying your Portfolio, then it stands to reason that there may be things that you missed in that assessment.  But leaving that point aside, there is always the option to assess every app, every piece of data, every server, every switch, etc to become compliant.  That is a very difficult journey because of years of technical debt.  Can you really clean out all shared-credential-service accounts in your environment without breaking something critical? 

Option 2: Build a new engine and rapidly move to it 

Surely there are exceptions, but we have yet to see one.  The best answer [is usually] to build a new engine.  Not only is the right answer to build a new engine, but the right answer is to build a new engine in the cloud.   

Why the cloud? 

1. They are already compliant (e.g. Microsoft Azure Government [MAG] and Government Commercial Cloud High [GCCH]) 


2. You will not invest more in cybersecurity and compliance than Microsoft Cloud will, so they are and will be, more secure than you can be 


3. If you leverage the cloud, you then only have to worry about securing the pieces and parts that are unique to YOUR business: your enclave(s) and tenant(s), your application(s), your data. 

Executing on Option 2 (New, Cloud Engine) 

Step A: Rapidly Establish Cloud Enclave 

1. M365: Commercial and/or GCC and/or GCC-High and/or GCC-DOD 
   
   
   
   1. Which one(s) do you need? 
   
   
   2. How do you rapidly set them up and harden them? 
   
   
   3. How do you continuously monitor (and automatically respond) to anomalies that would take you out of compliance? 
   
   
   4. How do you give the auditor a real-time dashboard to speed up the audit(s)? 
   
   
   
   


2. Azure: Commercial Azure, Azure Government as IL2, Azure Government as IL4, Azure Government as IL5, or a combination 
   
   
   
   1. Which one(s) do you need? 
   
   
   2. How do you rapidly set them up and harden them? 
   
   
   3. How do you continuously monitor (and automatically respond) to anomalies that would take you out of compliance? 
   
   
   4. How do you give the auditor a real-time dashboard to speed up the audit(s)? 
   
   
   
   


3. For every enclave and/or tenant, how will it be managed on Day 1?  Day N?  (often, the goal is to “manage it myself” on Day N, but folks are unclear and aren’t ready to manage it on Day 1) 

Step B: Move Applications (and Data) 

1. How do you prioritize your applications based on timelines and resourcing? 


2. For each application, should it  
   
   
   
   1. Lift and Shift? 
   
   
   2. Have slight tweaks? (e.g. converted to PaaS?  Converted to hardened containers per DevSecOps Reference Architecture and DoD Standards?  Other?) 
   
   
   3. Rewrite?   
   
   
   4. Other? 
   
   
   5. For every application (and data), how will it be managed on Day 1?  Day N?  (Often, the goal is to “manage it myself” on Day N, but folks are unclear and aren’t ready to manage it on Day 1) 
   
   
   
   

Step C: What about Client Devices? 

1. Are your laptops and desktops managed in such a way that they are compliant? 


2. What about mobile devices? 


3. Can you detect and minimize spillage? 


4. Do you understand your Data Loss posture? 

Step D: What about Policies? 

1. For example, is your Data Loss Prevention Policy where it needs to be for CMMC? 


2. Are the written policies tactically implemented for the Enclaves, Tenants, Apps and Data defined as you establish the enclaves and move the applications? 

Step E: What about Auditability? 

1. When the auditor shows up, will you spend days and weeks with them, or will you show them your real-time dashboards?   


2. When the auditor shows up, will you do tabletop exercises with them?  Will you introduce an out-of-compliance-server and watch the automation turn off the server?  Will automation also create a security incident in parallel?  Is it true that the only way to end up with an errant server in this new, pristine engine is that someone went around the process as defined by the policy?’ 

Surely, you will choose Option 2.  

Insource, Outsource or Hybrid?  

Now, the only remaining question is whether you will figure it all out on your own or will you bring in someone to help you?  Given the impact of getting it wrong and given the timeline, most companies will bring in someone to help them. 

Which Partner? 

There are two courses of action: 

1. Pay someone to “consult” with you while doing the work yourself 


2. Pay someone to do it for you including Day 1 thru Day N management 

Most companies prefer B, but they assume that there is no such unicorn.  And, if they assume there is a unicorn, they fear that they cannot afford it. 

The ideal partner will help you in the following ways: 

1. Rapidly define the in-scope apps and data 


2. Ask a series of repeatable business questions 


3. Rapidly establish the enclave(s) and tenant(s)….ideally by using automation to save you time and money 


4. Rapidly move applications and data to the new enclave(s) and tenant(s) while making the necessary application tweaks (and being willing to take accountability for full application re-writes as necessary)….ideally using automation to refactor and/or re-write the apps 


5. Manage the clients and mobile devices and/or work through and with your existing client/mobile team to take accountability for the client and mobile posture….ideally using automation  


6. Manage the enclave(s), tenant(s), applications and data to keep them current and compliant….ideally using automation 


7. Work through and with your Policy team(s) to update Policies as necessary to match the actual implementation  


8. Stand at the ready to host your auditors when they show up …. ideally using automation  


9. Partner Requirements 
   
   
   
   1. Already doing this same work in DoD IL5/CUI environments 
   
   
   2. Already doing this work in Commercial environments including for Defense Industrial Base 
   
   
   3. Already doing this work for small customers (e.g. 5 seats) through huge customers (e.g. 150k seats) 
   
   
   4. Willing to take the risk to do the work as Firm-Fixed-Fee on a committed timeline  
   
   
   5. Willing to commit to pricing of operations and maintenance pricing for years 2 through 5 (and beyond) on day 1 
   
   
   6. Willing to provide significant multi-year discounts 
   
   
   
   

Call to action: 

1. Quantify the applications (and data) that will fall within your CMMC scope 


2. Leverage Microsoft Azure Government and GCCH to meet the requirements 


3. Leverage an experienced partner to help you skip the learning curve  

About the Author: 

Carroll Moon is the CTO and Co-Founder of CloudFit Software.  Prior to CloudFit, Carroll spent almost 18 years at Microsoft helping to build and run Microsoft’s Clouds.  CloudFit Software aims to securely run every mission critical workload in the universe.  CloudFit is a DoD company that also intentionally serves commercial companies.  Commercial customers (including Microsoft’s Product Groups) keep CloudFit on the cutting edge of cloud and cloud apps—that makes CloudFit attractive to DoD customers.  DoD customers require that CloudFit be a leader in cybersecurity—that makes CloudFit attractive to commercial customers.  This intersection of DoD and Commercial uniquely positions CloudFit Software to help customers comply with cybersecurity mandates like CMMC, and the build-and-run-the-hyperscale-cloud pedigree of CloudFit’s executive team means that CloudFit is executing on their charter with software and automation rather than with people.  CloudFit Software’s patented platform enables increased repeatability, decreased costs, increased availability and increased security in all areas from establishing hardened cloud enclaves to migrating (and re-factoring) workloads to operating securely in the cloud.  Beyond the IT/Cloud charter, CloudFit Software exists to fund two 501c3 charities: KidFit (providing hope and opportunities to youth using sports as the enabler) and JobFit (providing hope and opportunities to adults and young adults using IT training and paid internships as the enablers).  Carroll lives in Lynchburg, VA with his wife and two children.  CMMC | CloudFit Software