Keyhole Software’s expert software consultants played a crucial role in enhancing a sophisticated security scanning system for mobile applications, aiming to boost performance and stability for seamless developer interactions. The system, designed for both Android and iPhone apps, conducted synchronous and asynchronous security scanning through distributed Node.js services orchestrated by a Java Spring backend.
The project involved intricate integrations with other corporate applications, utilizing direct calls, database triggers, and Websphere MQ for interactions with the Java Spring backend. The team focused on optimizing the performance of asynchronous distributed services, leveraging technologies like Node.js and Golang, deployed using Docker and Kubernetes. They also contributed to Java backend changes and made enhancements to JSP pages for an internal monitoring tool.
Working with a system that featured extensive custom code in various languages and styles, the team navigated minimal documentation and interpreted both existing functionality and its intended purpose independently. They communicated insights back to the team, facilitating proposed changes and improvements. The team acquired domain knowledge about the security features of iPhone and Android application files.
In an agile environment, the team collaborated to implement planned enhancements, proposing and gaining approval for additional improvements. They actively participated in troubleshooting performance issues, conducted code reviews, and provided feedback to fellow developers. Notably, the team contributed to enhancing the Mobile Security Company Action, integrating security testing into CI/CD pipelines through GitHub Actions.
The Mobile Security Company allows customers to upload and scan their mobile application binaries, generating security vulnerability reports to ensure compliance with rigorous security requirements. This involved close collaboration with key stakeholders, including Quality Assurance.
Technologies used in this project included TypeScript, Node.js, and GitHub Actions, with Jira employed as the project management software. The small-scale Agile environment facilitated effective collaboration, enabling the team to deliver impactful improvements to the mobile application security scanning system.