This April 4-6, 2023, Sonar participated at DevNexus, the largest Java conference in the USA. It was a great conference with more than 1400 developers coming from all over the world and more than 90 speakers sharing knowledge on several topics including Software architecture, Java core, Kubernetes, and Security.
Our booth presence allowed us to have many discussions with attendees, coming from different companies mainly using Java as the programming language, and their use of Sonar tooling (SonarLint, SonarQube, SonarCloud).
Some of the talks were particularly interesting, and a special mention to the Keynote "Five Skills to force multiply your technical talent" by Arun Gupta, where he gave 5 tips to improve our soft skills and leverage good communication, mindfulness, and conflict resolution in order to be a more effective person and a professional.
Another mention goes to the talk regarding Java vulnerabilities by Gerrit Grunwald called "Wargames - Java vulnerabilities and why you should care". Nowadays we know the impact of the vulnerabilities that cause data breaches and a lot of lost money. Is important to put our focus on security and his talk covered this topic explaining the different vulnerabilities and how they are related to Java security.
And finally, I would like to mention the live coding session by Mala Gupta, combining coding katas to address asynchronicity and non-blocking activities and how Java APIs help us with that, all made following an ancient Paneer Tikka Masala Indian recipe.
The majority of people that came to the booth were already using SonarQube, and their feeling is that it helps them to produce better code in a controlled way that avoids introducing bad or unclean code to their projects. They become very excited to see the vast security coverage on the Sonar analysis.
With that said, there's still room for improvement as some of the attendees are not using a code linter in their daily work, but after showing them that SonarLint is available for free as a plugin for the most common IDEs, their answer has been "nice, I will definitely try it".
There were several opportunities to demonstrate Sonar products, with live analysis of code and a walk-through of the platform showing the different issues, for those still not using Sonar products, or even for those not aware of the latest features.
I was a speaker talking about Zero Trust Architecture, for more than 50 attendees, showing the Zero Trust concept, with several interesting questions at the end of the talk.
A common approach when trying to secure our systems is to use Perimeter security, where the expected single point of entry to our system is secure, and considering that if a request from a user is inside the system it is because it already passed through the security gate. Nowadays we've seen that this is not always the case as more vulnerabilities appear that have allowed remote execution from inside our system, where security was not enforced. The Zero Trust approach considers every user as an attacker and makes mandatory the security of the communication between services, no longer trusting the network.
Being part of the Java community also brings great pleasures and meetings, in this case with all the Hispanic communities (República Dominicana, Ecuador, México, España, Perú, Guatemala) and with some of the worldwide Java User Groups leaders present at DevNexus.
Some important takeaways from DevNexus 2023 have been:
- Clean Code is seen as a key and important concept for the majority of developers
- Security is a real concern and there are tools and practices to mitigate it
- Developer productivity goes beyond coding fast and involves good practice and several soft skills to make group work reach optimal performance.
- The power of the open-source community via the Java Users Groups is great and helps the spread of good practice and knowledge.
If you want to explore more about the Clean as You Code approach, here are some recommended reads: