While confirming itself as one of the most conservative business sectors in terms of software development and distribution policies, the banking world is also progressively embracing more advanced code creation models, on which the applications used daily are based. This is the case of a well-known Italian banking group, which, with the support of Sorint.lab, has adopted the practice of continuous integration (CI) in a project for the creation of proprietary trading applications for internal use, aimed at the institution’s financial operators.
Develop and update software faster
At the bank, these trading apps are developed ‘tailor-made’ for users, with customized features that faithfully reflect their usual way of working: they allow for the effective management of various financial transactions, such as asset pricing and listing, or risk assessment activities. They are therefore strategic tools for strengthening the efficiency of core activities. The need, however, was to develop them from scratch, as, at the time, in 2015, these tools did not yet exist. The bank’s other fundamental need was to create and update the software more easily and quickly, adopting a development cycle that would allow the code to be released even frequently. Thus, towards the end of 2015, the institute decided to launch a project to create trading applications, with the support of various partners, among which Sorint.lab provided a significant contribution, both technologically and in terms of consultancy.
Continuous Integration Pipeline
To date, seven trading platforms have been developed in total. They can be classified as web apps and have specialized features to cover the management of the various financial products marketed by the bank. Having to implement applications from scratch, Sorint.lab, in agreement with the client, immediately adopted a “modern application development” (MAD) strategy, aimed at exploiting, on a case-by-case basis, the most suitable technologies: therefore microservices, mini services or application servers, depending on the specific business requirements to be met. At the development method level, as mentioned, to address the need to quickly provide traders with frequently updated software with ever-new functionality, the project involved the complete implementation of a continuous integration (CI) pipeline. Currently, the CI pipeline fully administers the automation of the development and update cycle of the seven trading platforms.
Reliable and quality code
To ensure traders have an agile and rapid delivery of applications with always-up-to-date functionality, ensuring the production of reliable, high-quality software, both syntactically and semantically, has also proven crucial. To this end, the CI pipeline has enriched the toolchain with the introduction of open-source tools that verify software quality and standardize code formats. Additionally, tests are also active to verify the presence of any vulnerabilities in the libraries used
Continuous integration and accelerated release rates
The institution’s satisfaction with the project was confirmed by the growth over time of the trading applications developed. Users greatly appreciate the ability of tools to conform to their mode of operation, but also the speed and reliability provided by the software. Above all, the introduction of new features into different trading platforms is made extremely rapid by the existence of the continuous integration pipeline, which, for each application, makes it possible to release new updates approximately every fortnight.
Perspectives of continued innovation
Of course, due to the very fact that it is based on the DevOps paradigm, the project is open to continuous improvement. In particular, once the implementation of a comprehensive CI/CD pipeline at the technological and organizational levels is consolidated, the goal, in the future, is to further strengthen the control of code security aspects, making the transition to the DevSecOps paradigm. In this way, it would be possible to perform security tests from the early stages of the development cycle that allow us to verify any critical issues and vulnerabilities in the code.