[go: up one dir, main page]

TWM665240U - Comprehensive agile development risk management system - Google Patents

Comprehensive agile development risk management system Download PDF

Info

Publication number
TWM665240U
TWM665240U TW113211015U TW113211015U TWM665240U TW M665240 U TWM665240 U TW M665240U TW 113211015 U TW113211015 U TW 113211015U TW 113211015 U TW113211015 U TW 113211015U TW M665240 U TWM665240 U TW M665240U
Authority
TW
Taiwan
Prior art keywords
development
module
program
agile
round
Prior art date
Application number
TW113211015U
Other languages
Chinese (zh)
Inventor
林世哲
柯合治
陳哲宏
陳明祥
林潓祺
吳承璋
Original Assignee
台北富邦商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 台北富邦商業銀行股份有限公司 filed Critical 台北富邦商業銀行股份有限公司
Priority to TW113211015U priority Critical patent/TWM665240U/en
Publication of TWM665240U publication Critical patent/TWM665240U/en

Links

Images

Landscapes

  • Stored Programmes (AREA)

Abstract

A comprehensive agile development risk management system is applied to the Application Lifecycle Management platform for managing the application lifecycle. The system comprises a requirement communication module, a program development module, an automated process and deployment module, and an operations monitoring module. The requirement communication module is configured to collect user requirement data and convert it into development task data. The program development module is coupled with the requirement communication module to receive the development task data and program code. The automated process and deployment module is coupled with the program development module to receive the program and automate the detection process, conducting security checks and quality control for the program. The operations monitoring module is coupled with the automated process and deployment module to perform subsequent tracking and risk assessment based on the results of security checks and quality control.

Description

全方位敏捷開發風險管控系統 Comprehensive and agile development of risk management system

本創作係關於一種風險管控系統,尤其是指一種全方位敏捷開發風險管控系統。 This work is about a risk management system, and in particular, a comprehensive agile development risk management system.

數位技術是現代企業韌性的重要基石。隨著金融科技(FinTech)的蓬勃發展,確保金融應用程式的安全性、穩定性和可靠性成為首要任務。在當今瞬息萬變的市場環境中,能夠迅速響應和適應增量與極端變化至關重要。為此,企業必須加強數位能力的投資,以維持穩定運營並靈活應對變化。 Digital technology is an important cornerstone of modern enterprise resilience. With the booming development of financial technology (FinTech), ensuring the security, stability and reliability of financial applications has become a top priority. In today's rapidly changing market environment, it is crucial to be able to respond and adapt quickly to incremental and extreme changes. To this end, companies must strengthen their investment in digital capabilities to maintain stable operations and respond flexibly to changes.

目前大多數企業在進行金融應用程式開發時會導入應用程式生命週期管理(Application Lifecycle Management,ALM)技術,應用程式生命週期管理是一種策略流程,用於管理從初期概念發想、設計、開發、測試、部署一直到壽命終止的整段軟體或產品生命週期。應用程式生命週期管理能夠協助軟體工程團隊運用經實證有效的敏捷工作模式和值得信賴的最新資訊,高效率地協同合作處理專案。 Currently, most companies will introduce Application Lifecycle Management (ALM) technology when developing financial applications. Application Lifecycle Management is a strategic process used to manage the entire software or product life cycle from initial concept ideation, design, development, testing, deployment to end of life. Application Lifecycle Management can help software engineering teams use proven agile working models and trustworthy latest information to efficiently collaborate on projects.

然而,現行的應用程式生命週期管理流程在各階段中存在多項痛點, 具體如下: However, the current application lifecycle management process has many pain points at each stage, as follows:

1.需求溝通階段:使用者需求通常透過郵件、電話等方式進行傳達,這樣的傳統溝通方式容易導致訊息不清、遺漏需求,進而影響效率,響應速度也較為緩慢。 1. Demand communication stage: User needs are usually communicated through emails, phone calls, etc. Such traditional communication methods can easily lead to unclear messages and missed needs, which in turn affects efficiency and slow response speed.

2.程式開發階段:多數系統仍需手動開發,當多人參與開發時,程式版本管理變得困難,版本控制依賴人工操作,增加錯誤或不一致的風險。 2. Program development stage: Most systems still need to be developed manually. When multiple people are involved in development, program version management becomes difficult. Version control relies on manual operations, increasing the risk of errors or inconsistencies.

3.開發部署階段:系統的部署仍以手動方式進行,且程式版本控制不穩定。多人開發時,必須依靠人工進行版本整合與控制,這不僅提高了操作錯誤的風險,也增加了管理的複雜性。 3. Development and deployment stage: System deployment is still done manually, and program version control is unstable. When multiple people are developing, version integration and control must be done manually, which not only increases the risk of operational errors, but also increases the complexity of management.

4.測試階段:測試大多依賴人工進行,並需手動整合報告,尚未實現測試的全面自動化。特別是質量保證(QA)測試,仍需大量人力介入,降低了整體測試效率。此外,安裝流程驗證時亦存在人工介入的情況,增加了人為失誤的風險。 4. Testing stage: Most tests are done manually and reports need to be manually integrated. Full automation of testing has not yet been achieved. In particular, quality assurance (QA) testing still requires a lot of human intervention, which reduces the overall testing efficiency. In addition, there is also manual intervention during installation process verification, which increases the risk of human error.

5.上線準備階段:在此階段,系統需重新部署後進行包版與上線操作,這不僅導致延誤,還造成了重複的人工操作,進而降低效率。 5. Online preparation stage: During this stage, the system needs to be redeployed for package and online operations, which not only causes delays, but also causes repeated manual operations, thereby reducing efficiency.

6.程式發布階段:發布流程涉及多人的手動操作,過程中容易出現操作失誤,進一步影響整體效率。 6. Program release stage: The release process involves manual operations by multiple people, which can easily lead to operational errors, further affecting overall efficiency.

7.監控運行階段:由於缺乏對各階段處理進度的即時追蹤,無法充分掌握需求自提出到最終上線的處理情況,這對於及時解決問題造成了阻礙。 7. Monitoring the operation stage: Due to the lack of real-time tracking of the processing progress of each stage, it is impossible to fully grasp the processing status of the demand from the proposal to the final launch, which hinders the timely resolution of problems.

上述問題導致整體應用程式生命週期管理的效率低下,增加了錯誤發 生的風險,也延長了回應及處理問題的時間。 The above problems lead to inefficiency in overall application lifecycle management, increase the risk of errors, and prolong the time to respond and resolve problems.

因此,有必要研發一種能夠提高應用程式生命週期管理效率並且降低錯誤風險的系統,以解決先前技術之問題。 Therefore, it is necessary to develop a system that can improve the efficiency of application lifecycle management and reduce the risk of errors to solve the problems of previous technologies.

有鑑於此,本創作提供一種全方位敏捷開發風險管控系統,藉以解決以上所述的習知問題。 In view of this, this work provides a comprehensive agile development risk management system to solve the above-mentioned learning problems.

本創作提供一種全方位敏捷開發風險管控系統,應用於一應用程式生命周期管理平台中以進行一應用程式生命周期之管理,全方位敏捷開發風險管控系統包含一需求溝通模組、一程式開發模組、一自動化流程與部署模組以及一維運監控模組。需求溝通模組係用以收集一使用者於一溝通平台輸入之一需求資料,並將需求資料透過一敏捷開發方法轉換為一待辦開發任務資料,其中溝通平台係用以提供使用者與一開發人員於溝通平台上進行待辦開發任務的溝通及協作。程式開發模組係耦接需求溝通模組,程式開發模組包含一開發環境,程式開發模組係用以接收待辦開發任務資料以及一程式。程式係透過開發人員根據待辦開發任務資料於開發環境進行一程式開發而產生。自動化流程與部署模組係耦接程式開發模組,用以接收程式並透過自動化流程與部署模組中的一持續集成單元自動化進行一檢測流程,以針對程式進行一資安檢測以及一品質控管,以產生一資安檢測結果以及一品質控管結果,其中檢測流程的一執行狀態係透過應用程式生命周期管理平台進行呈現。維運監控模組係耦接自動化流程與部署模組,用以根據程式之資安檢測結果以及品質控管結果,針對應用程式生命周期之管理進行後續追蹤及風險評估。 This invention provides a comprehensive agile development risk control system, which is applied to an application lifecycle management platform to manage an application lifecycle. The comprehensive agile development risk control system includes a demand communication module, a program development module, an automated process and deployment module, and a one-dimensional operation monitoring module. The demand communication module is used to collect demand data input by a user on a communication platform, and convert the demand data into pending development task data through an agile development method, wherein the communication platform is used to provide a user and a developer to communicate and collaborate on pending development tasks on the communication platform. The program development module is coupled to the demand communication module. The program development module includes a development environment. The program development module is used to receive pending development task data and a program. The program is generated by a developer developing a program in the development environment according to the pending development task data. The automation process and deployment module is coupled to the program development module, and is used to receive the program and automatically perform a detection process through a continuous integration unit in the automation process and deployment module to perform an information security detection and a quality control on the program to generate an information security detection result and a quality control result, wherein an execution status of the detection process is presented through the application lifecycle management platform. The maintenance and monitoring module is coupled with the automation process and deployment module to conduct follow-up tracking and risk assessment for the management of the application life cycle based on the information security detection results and quality control results of the program.

其中,程式開發模組進一步包含一追蹤單元。追蹤單元係用以提供使用者即時追蹤程式開發之進度狀態,並且用以建立程式之一程式碼與使用者之需求資料之間的一關聯性,並根據關聯性進行標記以產生一追溯性。 The program development module further includes a tracking unit. The tracking unit is used to provide users with real-time tracking of the progress of program development, and to establish a correlation between a program code and the user's required data, and to mark the correlation to generate traceability.

其中,自動化流程與部署模組進一步包含一流程優化單元。流程優化單元係用以分析程式開發的一流程問題,並根據流程問題產生一流程優化建議。 Among them, the automated process and deployment module further includes a process optimization unit. The process optimization unit is used to analyze a process problem in program development and generate a process optimization suggestion based on the process problem.

其中,透過自動化流程與部署模組進行之檢測流程包含串接測試、資安掃描、部署及功能回歸測試,其中,檢測流程的執行狀態係透過應用程式生命周期管理平台以一視覺化方式以及一量化方式呈現。 Among them, the detection process carried out through the automated process and deployment module includes serial testing, information security scanning, deployment and functional regression testing. Among them, the execution status of the detection process is presented in a visual and quantitative way through the application lifecycle management platform.

其中,維運監控模組進一步包含一安全性控制子模組。安全性控制子模組係用以進行安全測試、漏洞掃描及合規性檢查,並整合至自動化流程與部署模組中的持續集成單元中,以確保程式開發之過程符合一行業之一安全標準及一法規要求。 The maintenance and monitoring module further includes a security control submodule. The security control submodule is used to perform security testing, vulnerability scanning, and compliance checks, and is integrated into the continuous integration unit in the automation process and deployment module to ensure that the program development process complies with an industry security standard and a regulatory requirement.

其中,維運監控模組進一步包含一自動化預警系統。自動化預警系統係用以針對程式開發中的一項目進行異常監測,並即時透過應用程式生命周期管理平台針對一潛在風險進行警示。 The maintenance and monitoring module further includes an automated early warning system. The automated early warning system is used to monitor abnormalities in a project during program development and to issue an immediate warning of a potential risk through the application lifecycle management platform.

其中,全方位敏捷開發風險管控系統進一步包含一全方位監控儀表板模組。全方位監控儀表板模組係耦接維運監控模組,用以整合程式開發過程中以及應用程式生命周期之管理中所有的資料。 Among them, the all-round agile development risk control system further includes an all-round monitoring dashboard module. The all-round monitoring dashboard module is coupled with the maintenance monitoring module to integrate all data in the program development process and the management of the application life cycle.

其中,全方位監控儀表板模組進一步包含一管理介面。管理介面係用以提供溝通平台的追蹤與管理功能,以使使用者進行統一監控及 風險管理。 Among them, the all-round monitoring dashboard module further includes a management interface. The management interface is used to provide tracking and management functions of the communication platform so that users can conduct unified monitoring and risk management.

綜上所述,本創作提供一種全方位敏捷開發風險管控系統,透過導入應用程式生命週期管理平台並整合敏捷開發以及集成開發、安全和運營方法,進而將安全性深度嵌入開發和運營流程。全方位敏捷開發風險管控系統透過自動化串接所有作業程序,有效提升作業效率,同時確保符合各行業的嚴格安全標準與法規要求。此外,全方位監控儀表板模組的引入,實現全方位的自動化監控,使使用者能即時掌握專案或需求的開發狀態,進一步強化數位韌性及風險管理能力。 In summary, this creation provides a comprehensive agile development risk management system, which deeply embeds security into the development and operation processes by introducing the application lifecycle management platform and integrating agile development and integrated development, security and operation methods. The comprehensive agile development risk management system effectively improves operation efficiency by automatically connecting all operation procedures, while ensuring compliance with strict safety standards and regulatory requirements of various industries. In addition, the introduction of the comprehensive monitoring dashboard module realizes comprehensive automated monitoring, allowing users to grasp the development status of projects or requirements in real time, further enhancing digital resilience and risk management capabilities.

1、2、3、4、5、6:全方位敏捷開發風險管控系統 1, 2, 3, 4, 5, 6: Comprehensive agile development of risk management system

11:需求溝通模組 11: Demand communication module

12:程式開發模組 12: Programming development module

121:追蹤單元 121: Tracking unit

13:自動化流程與部署模組 13:Automated process and deployment module

131:流程優化單元 131: Process Optimization Unit

14:維運監控模組 14: Maintenance and monitoring module

141:安全性控制子模組 141: Security control submodule

142:自動化預警系統 142:Automated early warning system

15:全方位監控儀表板模組 15: All-round monitoring instrument panel module

S1~S5:步驟 S1~S5: Steps

圖1係繪示根據本創作之一具體實施例之全方位敏捷開發風險管控系統的功能方塊圖。 FIG1 is a functional block diagram of a comprehensive agile development risk management system according to one specific embodiment of the present invention.

圖2係繪示根據本創作之另一具體實施例之全方位敏捷開發風險管控系統的功能方塊圖。 Figure 2 is a functional block diagram of an all-round agile development risk management system according to another specific embodiment of the present invention.

圖3係繪示根據本創作之另一具體實施例之全方位敏捷開發風險管控系統的功能方塊圖。 FIG3 is a functional block diagram of an all-round agile development risk management system according to another specific embodiment of the present invention.

圖4係繪示根據本創作之另一具體實施例之全方位敏捷開發風險管控系統的功能方塊圖。 FIG4 is a functional block diagram of an all-round agile development risk management system according to another specific embodiment of the present invention.

圖5係繪示根據本創作之另一具體實施例之全方位敏捷開發風險管控系統的功能方塊圖。 FIG5 is a functional block diagram of an all-round agile development risk management system according to another specific embodiment of the present invention.

圖6係繪示根據本創作之另一具體實施例之全方位敏捷開發風險管控系統 的功能方塊圖。 FIG6 is a functional block diagram of an all-round agile development risk management system according to another specific embodiment of the present invention.

圖7係繪示根據本創作之一具體實施例之全方位敏捷開發風險管控方法的步驟流程圖。 FIG7 is a flowchart showing the steps of a comprehensive agile development risk control method according to one specific embodiment of the present invention.

圖8係繪示根據本創作之另一具體實施例之全方位敏捷開發風險管控方法的步驟流程圖。 FIG8 is a flowchart showing the steps of a comprehensive agile development risk control method according to another specific embodiment of the present invention.

為了讓本創作的優點,精神與標籤可以更容易且明確地了解,後續將以具體實施例並參照所附圖式進行詳述與討論。需注意的是,這些具體實施例僅為本創作代表性的具體實施例,其中所舉例的特定方法、裝置、條件、材質等並非用以限定本創作或對應的具體實施例。又,圖中各元件僅係用於表達其相對位置且未按其實際比例繪述,本創作之步驟編號僅為區隔不同步驟,並非代表其步驟順序,合先敘明。 In order to make the advantages, spirit and labels of this creation easier and clearer to understand, the following will be described and discussed in detail with specific embodiments and with reference to the attached drawings. It should be noted that these specific embodiments are only representative specific embodiments of this creation, and the specific methods, devices, conditions, materials, etc. cited therein are not used to limit this creation or the corresponding specific embodiments. In addition, the components in the figure are only used to express their relative positions and are not drawn according to their actual proportions. The step numbers of this creation are only used to separate different steps and do not represent the order of the steps, which should be explained first.

請參閱圖1,圖1係繪示根據本創作之一具體實施例之全方位敏捷開發風險管控系統1的功能方塊圖。本創作提供一種全方位敏捷開發風險管控系統1,應用於應用程式生命周期管理(ALM)平台中以進行應用程式生命周期之管理。圖1所示,全方位敏捷開發風險管控系統1包含需求溝通模組11、程式開發模組12、自動化流程與部署模組13以及維運監控模組14。需求溝通模組11係用以收集使用者於溝通平台輸入之需求資料,並將需求資料透過敏捷開發方法轉換為待辦開發任務資料,其中溝通平台(圖未顯示)係用以提供使用者與開發人員於溝通平台上進行待辦開發任務的溝通及協作。程式開發模組12係耦接需求溝通模組11,程式開發模組12包 含開發環境(圖未顯示),程式開發模組12係用以接收待辦開發任務資料以及程式。其中,程式係透過開發人員根據待辦開發任務資料於開發環境進行程式開發而產生。自動化流程與部署模組13係耦接程式開發模組12,用以接收程式並透過自動化流程與部署模組13中的持續集成單元(圖未顯示)自動化進行檢測流程,以針對程式進行資安檢測以及品質控管,以產生資安檢測結果以及品質控管結果,其中檢測流程的執行狀態係透過應用程式生命周期管理平台進行呈現。維運監控模組14係耦接自動化流程與部署模組13,用以根據程式之資安檢測結果以及品質控管結果,針對應用程式生命周期之管理進行後續追蹤及風險評估。 Please refer to FIG. 1, which is a functional block diagram of an all-round agile development risk control system 1 according to one specific embodiment of the present invention. The present invention provides an all-round agile development risk control system 1, which is applied to an application lifecycle management (ALM) platform to manage the application lifecycle. As shown in FIG. 1, the all-round agile development risk control system 1 includes a demand communication module 11, a program development module 12, an automated process and deployment module 13, and a maintenance monitoring module 14. The demand communication module 11 is used to collect demand data input by users on the communication platform, and convert the demand data into pending development task data through agile development methods, wherein the communication platform (not shown in the figure) is used to provide users and developers with communication and collaboration on pending development tasks on the communication platform. The program development module 12 is coupled to the demand communication module 11, and the program development module 12 includes a development environment (not shown in the figure). The program development module 12 is used to receive pending development task data and programs. Among them, the program is generated by the developer developing the program in the development environment according to the pending development task data. The automated process and deployment module 13 is coupled to the program development module 12, and is used to receive the program and automate the detection process through the continuous integration unit (not shown) in the automated process and deployment module 13, so as to perform information security detection and quality control on the program, and generate information security detection results and quality control results, wherein the execution status of the detection process is presented through the application lifecycle management platform. The maintenance monitoring module 14 is coupled to the automated process and deployment module 13, and is used to perform subsequent tracking and risk assessment on the management of the application lifecycle based on the information security detection results and quality control results of the program.

本創作提出一種透過應用程式生命週期流程標準化及導入流程自動化管理工具,並整合敏捷開發方法論,建置自動化工具不斷監控應用程式和系統,即時檢測及修正安全漏洞或異常行為。透過導入應用程式生命週期管理平台並整合敏捷開發以及集成開發、安全和運營方法,進而將安全性深度嵌入開發和運營流程。全方位敏捷開發風險管控系統透過自動化串接所有作業程序,有效提升作業效率,同時確保符合各行業的嚴格安全標準與法規要求。 This work proposes a method to standardize the application lifecycle process and introduce process automation management tools, integrate agile development methodology, build automation tools to continuously monitor applications and systems, and detect and correct security vulnerabilities or abnormal behaviors in real time. By introducing the application lifecycle management platform and integrating agile development and integrated development, security and operation methods, security is deeply embedded in the development and operation process. The all-round agile development risk management system connects all operation procedures through automation, effectively improving operation efficiency, while ensuring compliance with strict safety standards and regulatory requirements of various industries.

以下將配合全方位敏捷開發風險管控方法說明本具體實施例之全方位敏捷開發風險管控系統1之中各模組的功能。於實務中,全方位敏捷開發風險管控系統1中的需求溝通模組11、程式開發模組12、自動化流程與部署模組13以及維運監控模組14可整合於電腦系統、雲端系統的中央處理單元,或者整合於整合式晶片中。 The following will be used in conjunction with the all-round agile development risk control method to explain the functions of each module in the all-round agile development risk control system 1 of this specific embodiment. In practice, the demand communication module 11, program development module 12, automation process and deployment module 13, and maintenance monitoring module 14 in the all-round agile development risk control system 1 can be integrated into the central processing unit of the computer system or cloud system, or integrated into an integrated chip.

請一併參閱圖1及圖7。圖7係繪示根據本創作之一具體實施 例之全方位敏捷開發風險管控方法的步驟流程圖。請注意,圖7的全方位敏捷開發風險管控方法的步驟可以透過圖1的全方位敏捷開發風險管控系統1來達成。因此,以下藉由圖1之全方位敏捷開發風險管控系統1的架構,說明圖7的具體實施例中的全方位敏捷開發風險管控方法的各個步驟。如圖7所示,於本具體實施例中,全方位敏捷開發風險管控方法包含步驟S1:透過需求溝通模組11收集使用者於溝通平台輸入之需求資料,並將需求資料透過敏捷開發方法轉換為待辦開發任務資料,其中溝通平台係用以提供使用者與開發人員於溝通平台上進行待辦開發任務的溝通及協作;步驟S2:透過程式開發模組12接收待辦開發任務資料以及程式,程式係透過開發人員根據待辦開發任務資料於程式開發模組12中的開發環境進行程式開發而產生;步驟S3:透過自動化流程與部署模組13接收程式並透過自動化流程與部署模組13中的持續集成單元自動化進行檢測流程,以針對程式進行資安檢測以及品質控管,以產生資安檢測結果以及品質控管結果,其中檢測流程的執行狀態係透過應用程式生命周期管理平台進行呈現;步驟S4:透過維運監控模組14根據程式之資安檢測結果以及品質控管結果,針對應用程式生命周期之管理進行後續追蹤及風險評估。本具體實施例之全方位敏捷開發風險管控系統1可以透過自動化流程與部署模組13進行之檢測流程包含串接測試、資安掃描、部署及功能回歸測試,其中,檢測流程的執行狀態係透過應用程式生命周期管理平台以一視覺化方式以及一量化方式呈現。 Please refer to FIG. 1 and FIG. 7 together. FIG. 7 is a flowchart showing the steps of the all-round agile development risk control method according to a specific embodiment of the present invention. Please note that the steps of the all-round agile development risk control method of FIG. 7 can be achieved through the all-round agile development risk control system 1 of FIG. 1. Therefore, the following describes the steps of the all-round agile development risk control method in the specific embodiment of FIG. 7 by using the architecture of the all-round agile development risk control system 1 of FIG. 1. As shown in FIG. 7 , in this specific embodiment, the all-round agile development risk control method includes step S1: collecting the demand data input by the user on the communication platform through the demand communication module 11, and converting the demand data into pending development task data through the agile development method, wherein the communication platform is used to provide users and developers with communication and collaboration on pending development tasks on the communication platform; step S2: receiving the pending development task data and the program through the program development module 12, and the program is developed by the developer in the development environment of the program development module 12 according to the pending development task data. Generated by program development; Step S3: Receive the program through the automated process and deployment module 13 and automate the detection process through the continuous integration unit in the automated process and deployment module 13 to perform information security detection and quality control on the program to generate information security detection results and quality control results, wherein the execution status of the detection process is presented through the application lifecycle management platform; Step S4: Perform subsequent tracking and risk assessment on the management of the application lifecycle based on the information security detection results and quality control results of the program through the maintenance monitoring module 14. The all-round agile development risk management system 1 of this specific embodiment can perform a test process including serial testing, information security scanning, deployment and functional regression testing through the automated process and deployment module 13, wherein the execution status of the test process is presented in a visual and quantitative manner through the application lifecycle management platform.

於本具體實施例中,透過需求溝通模組11可以建立使用者(業務單位)與程式開發人員可共同協作之專案需求平台,讓團隊可以更 快速且正確的回應市場需求與變化。並將使用者需求拆解成使用者故事(User Story)成為開發人員待辦開發任務,讓系統開發更聚焦於程式使用者視野與體驗。敏捷開發方法可以為Scrum及Kanban等敏捷開發方法,藉由敏捷開發方法可以提升專案面對市場需求快速變更的適應力,減少不必要的功能開發,讓服務可以更快速交付,且更易於維護;並透過高可視度的敏捷團隊開發績效,使管理團隊能更有效追蹤專案進度,並找出流程瓶頸進行流程優化。於實務中,敏捷開發方法選用不限於此,亦可根據使用者需求選擇。程式開發人員可以透過程式開發模組12的集成開發環境(IDE)直接收到業務需求(User Story)的開發任務,並在程式碼提交(Commit)時建立User Story與程式碼之間的關聯,提升需求追溯性。這使每次版本更新都能回溯到需求,進行驗證和變更影響分析。該系統同時支援多種版本控制系統,如Git、Bitbucket、SVN和Dimensions,使專案團隊可以選擇最適合的工具來進行開發。此外,開發人員可以直接在ALM平台上同步查看持續整合管道(CI Pipeline)自動化執行的狀態。持續整合管道是指在軟體開發中,將程式碼的自動化構建、測試和部署過程串接起來的一系列步驟。這個流程旨在確保程式碼在提交(Commit)後,能夠自動化地進行編譯、測試、安全掃描等操作,確保每次提交的程式碼不會破壞現有的系統功能,並能夠快速、穩定地進入下一個開發階段。並且,透過視覺化的方式,將品質資訊量化,以便快速發現問題並分析品質趨勢。自動化流程將測試區的持續整合(Continuous Integration,CI)和正式區的持續交付或部署(Continuous Delivery or Deployment,CD)操作串聯,解決開發測試與營運部署之間的實體隔離問題,並符合金融業的安全標準及法規要 求,有效提升作業效率,縮短作業時間,並減少人為錯誤的發生率。另外,藉由維運監控模組14可以從管理角度,該系統能夠追蹤需求、測試及風險,幫助專案管理者應對金融業專案的複雜性和合規性挑戰。通過將安全測試、漏洞掃描和合規檢查整合至持續集成/持續交付(CI/CD)流程中,確保產品開發滿足金融業的安全標準及法規要求。 In this specific embodiment, a project demand platform can be established through the demand communication module 11 for users (business units) and program developers to collaborate, so that the team can respond to market demands and changes more quickly and correctly. User demands are broken down into user stories (User Stories) as development tasks to be done by developers, so that system development can focus more on the program user's vision and experience. Agile development methods can be agile development methods such as Scrum and Kanban. Agile development methods can improve the project's adaptability to rapid changes in market demands, reduce unnecessary function development, and allow services to be delivered faster and easier to maintain; and through highly visible agile team development performance, the management team can more effectively track project progress and find process bottlenecks for process optimization. In practice, the selection of agile development methods is not limited to this and can also be selected according to user needs. Program developers can directly receive development tasks for business requirements (User Stories) through the integrated development environment (IDE) of the program development module 12, and establish a relationship between User Stories and code when the code is committed (Commit) to improve demand traceability. This allows each version update to be traced back to the requirements for verification and change impact analysis. The system also supports multiple version control systems, such as Git, Bitbucket, SVN, and Dimensions, allowing project teams to choose the most suitable tools for development. In addition, developers can directly view the status of the automated execution of the continuous integration pipeline (CI Pipeline) on the ALM platform. The continuous integration pipeline refers to a series of steps that connect the automated construction, testing, and deployment processes of the code in software development. This process is designed to ensure that after the code is committed, it can be automatically compiled, tested, and scanned for security, ensuring that each submitted code will not destroy the existing system functions and can quickly and stably enter the next development stage. In addition, quality information is quantified through visual methods to quickly discover problems and analyze quality trends. The automated process connects the continuous integration (CI) of the test area and the continuous delivery or deployment (CD) of the formal area, solving the physical isolation problem between development testing and operational deployment, and meeting the security standards and regulatory requirements of the financial industry, effectively improving work efficiency, shortening work time, and reducing the incidence of human errors. In addition, through the maintenance monitoring module 14, the system can track requirements, tests, and risks from a management perspective, helping project managers cope with the complexity and compliance challenges of financial industry projects. By integrating security testing, vulnerability scanning, and compliance checks into the continuous integration/continuous delivery (CI/CD) process, it ensures that product development meets the security standards and regulatory requirements of the financial industry.

此外,本創作之全方位敏捷開發風險管控系統除了上述樣態外,亦可具有其他樣態。請一併參閱圖2以及圖8。圖2係繪示根據本創作之另一具體實施例之全方位敏捷開發風險管控系統2的功能方塊圖。圖8係繪示根據本創作之另一具體實施例之全方位敏捷開發風險管控方法的步驟流程圖。如圖2所示,本具體實施例中的全方位敏捷開發風險管控系統2,可以進一步包含全方位監控儀表板模組15。全方位監控儀表板模組15係耦接維運監控模組14,用以整合程式開發過程中以及應用程式生命周期之管理中所有的資料。 In addition, the all-round agile development risk control system of this creation may have other forms in addition to the above forms. Please refer to Figure 2 and Figure 8 together. Figure 2 is a functional block diagram of an all-round agile development risk control system 2 according to another specific embodiment of this creation. Figure 8 is a step flow chart of an all-round agile development risk control method according to another specific embodiment of this creation. As shown in Figure 2, the all-round agile development risk control system 2 in this specific embodiment may further include an all-round monitoring dashboard module 15. The all-round monitoring dashboard module 15 is coupled to the maintenance monitoring module 14 to integrate all data in the program development process and the management of the application life cycle.

本具體實施例中,圖8之方法的各步驟可以透過圖2的系統架構來達成,故以下藉由圖2中的系統架構說明圖8的步驟。如圖8所示,本具體實施例與前述具體實施例不同處,在於本具體實施例之全方位敏捷開發風險管控方法進一步包含步驟S5接續於步驟S4後執行。步驟S5:透過全方位監控儀表板模組15整合程式開發過程中以及應用程式生命周期之管理中所有的資料。本具體實施例透過全方位監控儀表板模組15的引入,實現全方位的自動化監控,使使用者能即時掌握專案或需求的開發狀態,進一步強化數位韌性及風險管理能力。請注意,本具體實施例之全方位敏捷開發風險管控方法中的其他步驟,係與前述具體實施例中對應的步驟大致相 同,故於此不再贅述。 In this specific embodiment, each step of the method of FIG. 8 can be achieved through the system architecture of FIG. 2 , so the steps of FIG. 8 are explained below by using the system architecture in FIG. 2 . As shown in FIG. 8 , the difference between this specific embodiment and the aforementioned specific embodiment is that the all-round agile development risk control method of this specific embodiment further includes step S5 executed after step S4. Step S5: Integrate all data in the program development process and in the management of the application life cycle through the all-round monitoring dashboard module 15. This specific embodiment realizes all-round automated monitoring through the introduction of the all-round monitoring dashboard module 15, so that users can grasp the development status of projects or requirements in real time, and further enhance digital resilience and risk management capabilities. Please note that the other steps in the all-round agile development risk control method of this specific embodiment are roughly the same as the corresponding steps in the aforementioned specific embodiment, so they will not be repeated here.

於另一具體實施例中,全方位監控儀表板模組15可以進一步包含一管理介面(圖未顯示)。管理介面係用以提供溝通平台的追蹤與管理功能,以使使用者進行統一監控及風險管理。於另一具體實施例中,全方位監控儀表板模組15可以進一步包含一即時監控單元(圖未顯示)。該即時監控單元用以根據一每日戰情速報,並提供該全方位敏捷開發風險管控系統之一運作狀態的即時監控。於本具體實施例中,透過整合ALM平台和版本控制平台的數據,建置全方位監控儀表板模組15,專注於每日的戰情速報,實時了解系統運作狀態、缺陷與進度,讓管理者能夠在單一平台進行追蹤與管理。 In another specific embodiment, the all-round monitoring dashboard module 15 may further include a management interface (not shown). The management interface is used to provide tracking and management functions of the communication platform so that users can perform unified monitoring and risk management. In another specific embodiment, the all-round monitoring dashboard module 15 may further include a real-time monitoring unit (not shown). The real-time monitoring unit is used to provide real-time monitoring of an operating status of the all-round agile development risk management system based on a daily battle situation report. In this specific embodiment, by integrating the data of the ALM platform and the version control platform, a comprehensive monitoring dashboard module 15 is built to focus on daily battle situation reports, and to understand the system operation status, defects and progress in real time, so that managers can track and manage on a single platform.

本創作之全方位敏捷開發風險管控系統包含其他樣態。請依序參閱圖2至圖6。圖3係繪示根據本創作之另一具體實施例之全方位敏捷開發風險管控系統3的功能方塊圖。圖4係繪示根據本創作之另一具體實施例之全方位敏捷開發風險管控系統4的功能方塊圖。圖5係繪示根據本創作之另一具體實施例之全方位敏捷開發風險管控系統5的功能方塊圖。圖6係繪示根據本創作之另一具體實施例之全方位敏捷開發風險管控系統6的功能方塊圖。如圖3所示,本具體實施例與前述具體實施例不同處,在於本具體實施例之全方位敏捷開發風險管控系統3中的程式開發模組12進一步包含追蹤單元121。追蹤單元121係用以提供使用者即時追蹤程式開發之進度狀態,並且用以建立程式之一程式碼與使用者之需求資料之間的一關聯性,並根據關聯性進行標記以產生一追溯性。 The all-round agile development risk control system of this creation includes other forms. Please refer to Figures 2 to 6 in sequence. Figure 3 is a functional block diagram of an all-round agile development risk control system 3 according to another specific embodiment of this creation. Figure 4 is a functional block diagram of an all-round agile development risk control system 4 according to another specific embodiment of this creation. Figure 5 is a functional block diagram of an all-round agile development risk control system 5 according to another specific embodiment of this creation. Figure 6 is a functional block diagram of an all-round agile development risk control system 6 according to another specific embodiment of this creation. As shown in FIG3 , the difference between this specific embodiment and the aforementioned specific embodiment is that the program development module 12 in the all-round agile development risk control system 3 of this specific embodiment further includes a tracking unit 121. The tracking unit 121 is used to provide users with real-time tracking of the progress status of program development, and to establish a correlation between a program code and the user's required data, and mark according to the correlation to generate a traceability.

如圖4所示,本具體實施例與前述具體實施例不同處,在於 本具體實施例之全方位敏捷開發風險管控系統4中的自動化流程與部署模組13進一步包含流程優化單元131。流程優化單元131係用以分析程式開發的一流程問題,並根據流程問題產生一流程優化建議。 As shown in FIG4 , the difference between this specific embodiment and the aforementioned specific embodiment is that the automated process and deployment module 13 in the all-round agile development risk management system 4 of this specific embodiment further includes a process optimization unit 131. The process optimization unit 131 is used to analyze a process problem of program development and generate a process optimization suggestion based on the process problem.

如圖5所示,本具體實施例與前述具體實施例不同處,在於本具體實施例之全方位敏捷開發風險管控系統5中的維運監控模組14進一步包含安全性控制子模組141。安全性控制子模組141係用以進行安全測試、漏洞掃描及合規性檢查,並整合至自動化流程與部署模組中的持續集成單元中,以確保程式開發之過程符合一行業之一安全標準及一法規要求。 As shown in FIG5 , the difference between this specific embodiment and the aforementioned specific embodiment is that the maintenance monitoring module 14 in the all-round agile development risk management system 5 of this specific embodiment further includes a security control submodule 141. The security control submodule 141 is used to perform security testing, vulnerability scanning and compliance checks, and is integrated into the continuous integration unit in the automation process and deployment module to ensure that the program development process complies with a security standard and a regulatory requirement of an industry.

如圖6所示,本具體實施例與前述具體實施例不同處,在於本具體實施例之全方位敏捷開發風險管控系統6中的維運監控模組14進一步包含自動化預警系統142。自動化預警系統142係用以針對程式開發中的一項目進行異常監測,並即時透過應用程式生命周期管理平台針對一潛在風險進行警示。請注意,本具體實施例之全方位敏捷開發風險管控系統3至6中的其他模組,係與前述具體實施例中對應的模組所具有的功能大致相同,故於此不再贅述。 As shown in FIG6 , the difference between this specific embodiment and the aforementioned specific embodiment is that the maintenance monitoring module 14 in the all-round agile development risk control system 6 of this specific embodiment further includes an automated early warning system 142. The automated early warning system 142 is used to perform abnormal monitoring on a project in program development and to immediately warn of a potential risk through the application lifecycle management platform. Please note that the other modules in the all-round agile development risk control system 3 to 6 of this specific embodiment have roughly the same functions as the corresponding modules in the aforementioned specific embodiment, so they will not be described here in detail.

綜上所述,本創作提供一種全方位敏捷開發風險管控系統,透過導入應用程式生命週期管理平台並整合敏捷開發以及集成開發、安全和運營方法,進而將安全性深度嵌入開發和運營流程。全方位敏捷開發風險管控系統透過自動化串接所有作業程序,有效提升作業效率,同時確保符合各行業的嚴格安全標準與法規要求。此外,全方位監控儀表板模組的引入,實現全方位的自動化監控,使使用者能即時掌握專案或需求的開發狀態,進一步強化數位韌性及風險管理能力。 In summary, this creation provides a comprehensive agile development risk management system, which deeply embeds security into the development and operation processes by introducing the application lifecycle management platform and integrating agile development and integrated development, security and operation methods. The comprehensive agile development risk management system effectively improves operation efficiency by automatically connecting all operation procedures, while ensuring compliance with strict safety standards and regulatory requirements of various industries. In addition, the introduction of the comprehensive monitoring dashboard module realizes comprehensive automated monitoring, allowing users to grasp the development status of projects or requirements in real time, further enhancing digital resilience and risk management capabilities.

藉由以上較佳具體實施例之詳述,係希望能更加清楚描述本創作之標籤與精神,而並非以上述所揭露的較佳具體實施例來對本創作之範疇加以限制。相反地,其目的是希望能涵蓋各種改變及具相等性的安排於本創作所欲申請之專利範圍的範疇內。因此,本創作所申請之專利範圍的範疇應該根據上述的說明作最寬廣的解釋,以致使其涵蓋所有可能的改變以及具相等性的安排。 The above detailed description of the preferred specific embodiments is intended to more clearly describe the label and spirit of this creation, and is not intended to limit the scope of this creation by the preferred specific embodiments disclosed above. On the contrary, its purpose is to cover various changes and arrangements with equivalents within the scope of the patent scope to be applied for this creation. Therefore, the scope of the patent scope applied for this creation should be interpreted in the broadest sense according to the above description, so as to cover all possible changes and arrangements with equivalents.

1:全方位敏捷開發風險管控系統 1: Comprehensive and agile development of risk management system

11:需求溝通模組 11: Demand communication module

12:程式開發模組 12: Programming development module

13:自動化流程與部署模組 13:Automated process and deployment module

14:維運監控模組 14: Maintenance and monitoring module

Claims (8)

一種全方位敏捷開發風險管控系統,應用於一應用程式生命周期管理平台中以進行一應用程式生命周期之管理,該全方位敏捷開發風險管控系統包含: A comprehensive agile development risk management system is applied to an application lifecycle management platform to manage an application lifecycle. The comprehensive agile development risk management system includes: 一需求溝通模組,用以收集一使用者於一溝通平台輸入之一需求資料,並將該需求資料透過一敏捷開發方法轉換為一待辦開發任務資料,其中該溝通平台係用以提供該使用者與一開發人員於該溝通平台上進行該待辦開發任務的溝通及協作; A demand communication module is used to collect demand data input by a user on a communication platform, and convert the demand data into pending development task data through an agile development method, wherein the communication platform is used to provide the user and a developer with communication and collaboration on the pending development task on the communication platform; 一程式開發模組,耦接該需求溝通模組,該程式開發模組包含一開發環境,該程式開發模組係用以接收該待辦開發任務資料以及一程式,該程式係透過該開發人員根據該待辦開發任務資料於該開發環境進行一程式開發而產生; A program development module coupled to the demand communication module, the program development module includes a development environment, the program development module is used to receive the pending development task data and a program, the program is generated by the developer developing a program in the development environment according to the pending development task data; 一自動化流程與部署模組,耦接該程式開發模組,用以接收該程式並透過該自動化流程與部署模組中的一持續集成單元自動化進行一檢測流程,以針對該程式進行一資安檢測以及一品質控管,以產生一資安檢測結果以及一品質控管結果,其中該檢測流程的一執行狀態係透過該應用程式生命周期管理平台進行呈現;以及 An automated process and deployment module coupled to the program development module, for receiving the program and automatically performing a detection process through a continuous integration unit in the automated process and deployment module, so as to perform a security detection and a quality control on the program, so as to generate a security detection result and a quality control result, wherein an execution status of the detection process is presented through the application lifecycle management platform; and 一維運監控模組,耦接該自動化流程與部署模組,用以根據該程式之該資安檢測結果以及該品質控管結果,針對該應用程式生命周期之管理進行後續追蹤及風險評估。 The one-dimensional operation monitoring module is coupled to the automation process and deployment module to perform follow-up tracking and risk assessment on the management of the application life cycle based on the information security detection results and the quality control results of the program. 如申請專利範圍第1項所述之全方位敏捷開發風險管控系統,其中該程 式開發模組進一步包含: As described in Item 1 of the patent application scope, the all-round agile development risk management system, wherein the program development module further includes: 一追蹤單元,用以提供該使用者即時追蹤該程式開發之進度狀態,並且用以建立該程式之一程式碼與該使用者之該需求資料之間的一關聯性,並根據該關聯性進行標記以產生一追溯性。 A tracking unit is used to provide the user with real-time tracking of the progress status of the program development, and to establish a correlation between a program code of the program and the user's requirement data, and to mark according to the correlation to generate traceability. 如申請專利範圍第1項所述之全方位敏捷開發風險管控系統,其中該自動化流程與部署模組進一步包含: As described in Item 1 of the patent application scope, the all-round agile development risk management system, wherein the automated process and deployment module further includes: 一流程優化單元,用以分析該程式開發的一流程問題,並根據該流程問題產生一流程優化建議。 A process optimization unit is used to analyze the process problems of the program development and generate process optimization suggestions based on the process problems. 如申請專利範圍第1項所述之全方位敏捷開發風險管控系統,其中透過該自動化流程與部署模組進行之該檢測流程包含串接測試、資安掃描、部署及功能回歸測試,其中,該檢測流程的該執行狀態係透過該應用程式生命周期管理平台以一視覺化方式以及一量化方式呈現。 As described in Item 1 of the patent application scope, the comprehensive agile development risk control system, wherein the detection process performed through the automated process and deployment module includes serial testing, information security scanning, deployment and functional regression testing, wherein the execution status of the detection process is presented in a visual manner and a quantitative manner through the application lifecycle management platform. 如申請專利範圍第1項所述之全方位敏捷開發風險管控系統,其中該維運監控模組進一步包含: As described in Item 1 of the patent application scope, the all-round agile development risk management system, wherein the maintenance and operation monitoring module further includes: 一安全性控制子模組,用以進行安全測試、漏洞掃描及合規性檢查,並整合至該自動化流程與部署模組中的該持續集成單元中,以確保該程式開發之過程符合一行業之一安全標準及一法規要求。 A security control submodule is used to perform security testing, vulnerability scanning and compliance checking, and is integrated into the continuous integration unit in the automation process and deployment module to ensure that the program development process complies with an industry security standard and a regulatory requirement. 如申請專利範圍第1項所述之全方位敏捷開發風險管控系統,其中該維運監控模組進一步包含: As described in Item 1 of the patent application scope, the all-round agile development risk management system, wherein the maintenance and operation monitoring module further includes: 一自動化預警系統,用以針對該程式開發中的一項目進行異常監測,並即時透過該應用程式生命周期管理平台針對一潛在風險進行警示。 An automated early warning system is used to monitor an abnormality of a project in the program development and to issue a warning of a potential risk in real time through the application lifecycle management platform. 如申請專利範圍第1項所述之全方位敏捷開發風險管控系統,進一步包 含: The all-round agile development risk management system as described in Item 1 of the patent application scope further includes: 一全方位監控儀表板模組,耦接該維運監控模組,用以整合該程式開發過程中以及該應用程式生命周期之管理中所有的資料。 A comprehensive monitoring dashboard module is coupled to the maintenance monitoring module to integrate all data in the program development process and the management of the application life cycle. 如申請專利範圍第7項所述之全方位敏捷開發風險管控系統,其中該全方位監控儀表板模組進一步包含: As described in Item 7 of the patent application scope, the all-round agile development risk control system, wherein the all-round monitoring dashboard module further includes: 一管理介面,用以提供該溝通平台的追蹤與管理功能,以使該使用者進行統一監控及風險管理。 A management interface is used to provide tracking and management functions for the communication platform, so that the user can conduct unified monitoring and risk management.
TW113211015U 2024-10-11 2024-10-11 Comprehensive agile development risk management system TWM665240U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW113211015U TWM665240U (en) 2024-10-11 2024-10-11 Comprehensive agile development risk management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW113211015U TWM665240U (en) 2024-10-11 2024-10-11 Comprehensive agile development risk management system

Publications (1)

Publication Number Publication Date
TWM665240U true TWM665240U (en) 2025-01-01

Family

ID=95124089

Family Applications (1)

Application Number Title Priority Date Filing Date
TW113211015U TWM665240U (en) 2024-10-11 2024-10-11 Comprehensive agile development risk management system

Country Status (1)

Country Link
TW (1) TWM665240U (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI913945B (en) 2024-10-11 2026-02-01 台北富邦商業銀行股份有限公司 Comprehensive agile development risk management system and method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI913945B (en) 2024-10-11 2026-02-01 台北富邦商業銀行股份有限公司 Comprehensive agile development risk management system and method

Similar Documents

Publication Publication Date Title
US7788632B2 (en) Methods and systems for evaluating the compliance of software to a quality benchmark
US20050144151A1 (en) System and method for decision analysis and resolution
US20080127089A1 (en) Method For Managing Software Lifecycle
Maxim et al. An introduction to modern software quality assurance
CN101676880A (en) Redundant error detection in a clinical diagnostic analyzer
Ramasubbu et al. Integrating technical debt management and software quality management processes: A normative framework and field tests
Winkler et al. Improving quality assurance in automation systems development projects
US9612944B2 (en) Method and system for verifying scenario based test selection, execution and reporting
CN118626391A (en) Software Engineering Automated Testing System Based on Internet
CN112131116A (en) Automatic regression testing method for embedded software
De Menezes et al. Using Logs to Reduce the Impact of Process Variability and Dependence on Practitioners in Requirements Engineering for Traditional Business Process Automation Software
Mays Applications of defect prevention in software development
CN116774987A (en) A web-based multi-terminal software development control method and system
Illes et al. Criteria for software testing tool evaluation–a task oriented view
Wang et al. Software testing for safety critical applications
TWM665240U (en) Comprehensive agile development risk management system
Spillner et al. Software testing practice: Test management: A study guide for the certified tester exam ISTQB advanced level
US20070130562A1 (en) Software component and software component management system
CN117592707A (en) A nuclear power business processing method based on RPA robot
Dalal et al. Software Testing-Three P'S Paradigm and Limitations
Jharko Some Issues in Using the Model of Determining the User Stories Quality to Reduce Software Development Risks
Shekhar Driving agile excellence in insurance development through shift-left testing
Agyei et al. Hybrid Software Testing Model to Improve Software Quality Assurance
Федоровская Automated testing system at an enterprise engaged in the development and implementation of automated production management systems
Ramaswamy Technical Debt and DevOps: Strategies for Managing Legacy Systems in a CI/CD World