Frontend Quality Assurance at Cybozu, Inc #RakusMeetup Masashi Hirano / @shisama_

ฏ໺ ণ࢜ / Masashi Hirano @shisama_ shisama Node.js Core Collaborator

What is this presentation for? • ϑϩϯτΤϯυͷ඼࣭อূʹ͍ͭͯ • αΠϘ΢ζ͕ߦ͍ͬͯΔऔΓ૊Έʹ͍ͭͯ঺հ͠·͢ʂ

No content

ݕূϑϩʔͱ୲౰ ୯ମςετ && 2"ςετ ηΩϡϦςΟ ύϑΥʔϚϯε ϓϩμΫτ։ൃνʔϜ ։ൃࢧԉνʔϜ ։ൃத ɾPull Request୯Ґ ɾϚʔδޙ ϦϦʔεલޙ ϦάϨογϣϯςετ

ιϑτ΢ΣΞ඼࣭ͱ͸ʁ https://www.ipa.go.jp/files/000065855.pdf

ιϑτ΢ΣΞ඼࣭ͱ͸ʁ https://www.ipa.go.jp/files/000065855.pdf ࠓ೔͸ʮػೳʯʮੑೳʯʮηΩϡϦςΟʯ ʹ͍ͭͯ؆୯ʹ࿩͠·͢

Function

αΠϘ΢ζͷػೳʹର͢Δ඼࣭อূ • ୯ମςετɺE2EɺUIςετΛಋೖ͍ͯ͠Δ • ςετΛॻ͘จԽ͸ਁಁ͍ͯ͠Δ • kintone ։ൃνʔϜ͸ʮಡΈ΍͘͢ςετՄೳͳίʔυΛॻ͘ʯΛϛο γϣϯͷ̍ͭʹ͍ͯ͠Δ • ςετ΍඼࣭อূͷઐ໳νʔϜ(QAνʔϜ)͕͍Δ • ϓϩμΫτ։ൃνʔϜͰ͸ݟ͚ͭΒΕͳ͍ෆ۩߹ͳͲΛݟ͚ͭͯใࠂͯ͠ ͘ΕΔ

Performance

αΠϘ΢ζͷύϑΥʔϚϯεʹର͢Δ඼࣭อূ • SpeedCurve ͰఆظతʹϓϩμΫτ΍ίʔϙϨʔταΠτΛܭଌ • ϑϩϯτΤϯυΤΩεύʔτ͕ܭଌ݁ՌΛ֬ೝ • ύϑΥʔϚϯε͕Լ͕ͬͨ৔߹͸ݪҼ௥ٻ • ϓϩμΫτνʔϜͳͲଞνʔϜʹใࠂ

SpeedCurve

Lighthouse 13 • Google ੡ • OSS • Chrome devTools ʹඪ४౥ࡌ • Chrome ExtensionɺCLIɺCI (GitHub Actions, CircleCI, etc) ༷ʑͳܗࣜͰ഑෍͞Ε͍ͯΔ

Security

ϑϩϯτΤϯυʹؔ͢Δ੬ऑੑ https://blog.cybozu.io/entry/npm-vulnerabilities-and-postinstall https://blog.cybozu.io/entry/2020/05/07/110331

αΠϘ΢ζͷηΩϡϦςΟʹର͢Δ׆ಈ • ηΩϡϦςΟεϖγϟϦετνʔϜ(PSIRT)͕͍Δ • ੬ऑੑใ঑੍ۚ౓ • ߏ੒؅ཧ • ֤੡඼Ͱར༻͍ͯ͠Δ 3rd Party ੡඼Λ؅ཧ • package-lock.jsonɺyarn.lock ͔Β࢖͍ͬͯΔ 3rd Party ͷϥΠϒϥϦʹ੬ऑੑ͕ͳ͍͔ PSIRTνʔϜ͕֬ೝͯ͘͠ΕΔ • npm ύοέʔδͷ੬ऑੑ਍அπʔϧ ( Snyk ) • ੝ΜͳηΩϡϦςΟʹؔ͢Δࣾ಺৘ใڞ༗ͳͲ

https://blog.cybozu.io/entry/2020/04/28/080000

Snyk 18 • 3rd PartyϥΠϒϥϦͷ੬ऑੑΛ νΣοΫ͢ΔαʔϏε • CVEͷσʔλΛ࢖͍ͬͯΔ • ༷ʑͳݴޠʹରԠ͍ͯ͠Δ • ੬ऑੑΛमਖ਼͢ΔPull Request Λࣗಈੜ੒ • OSS͸ແྉͰ࢖͑Δ

https://speakerdeck.com/masashi ϑϩϯτΤϯυͷηΩϡϦςΟʹؔ͢Δաڈൃදࢿྉ΋ࢀߟʹͲ͏ͧ

Conclusion • ઐ໳తͳ෼໺Λ࣋ͭ։ൃࢧԉνʔϜ • ϓϩμΫτνʔϜ͕҆৺ͯ͠ػೳ։ൃͰ͖Δ • ϓϩμΫτνʔϜ͕ڠಇͯ͠඼࣭ΛߴΊΔ͜ͱ͕ग़དྷΔ • πʔϧΛಋೖ͢Δ • ൺֱత؆୯ʹͰ͖Δ

https://blog.cybozu.io/entry/2019/08/05/190000 ͦͷଞͷϑϩϯτΤϯυ΁ͷऔΓ૊ΈͳͲ͸ϒϩάʹهࡌ͍ͯ͠·͢ʂ