The GitHub Issues integration is now available to offer you a complete view of what’s happening in your development process. 

Learn how to integrate with GitHub Issues here.

The Azure Boards integration is now available to help you visualize sprint progress, understand the costs behind unplanned work, see how much each feature and epic costs, and more.

Learn how to integrate with Azure Boards here.

We're excited to introduce our new budgeting reports. As an engineering executive, you can now see how much each feature and epic costs, understand the costs behind unplanned work, bug fixing, and visualize the progress for each of your key business initiatives. Read more about the new reports below.

Project Costs - Accelerate Innovation and Maximize Business Impact

Resource Planning - Visualize the Financial Costs of Engineering Work

These reports are available for Jira users at the moment. You can access the new features in the Reports section.

We're excited to introduce one of the essential metrics for engineering organizations - Cycle Time! In essence, Cycle Time indicates how fast does code go from a developer's workstation to production. Studies show that measuring and improving the Cycle Time will enable organizations to innovate at a faster pace, while also improving their teams’ morale and sense of ownership.

The Cycle Time metric is an indicator of an organization's development velocity. The Cycle Time metric is the sum of four metrics, each of these metrics corresponding to a stage in the software development process:

1. CODING - Time to Issue PR from First Commit. This metric corresponds to the coding time, and is the time elapsed from the first commit to creating a PR.
2. PICKUP - Time to First Review. This metric indicates how fast do reviewers pick up their peers' PRs for review, and is the time between when a PR is opened and the first time an engineer reviews that PR.
3. REVIEW - Time to Merge from First Review. This metric signifies how fast do submitters incorporate feedback from their peers in code review, and is the time from a PR's first review to that PR being merged.
4. DEPLOY - Time to Deploy from Merge. This metric is an indicator for how fast does code get deployed into production, and is the time between when a PR is merged to when it gets released into production.

What does each color indicate? 

We've aggregated benchmark values from our platform for each stage of the cycle time. Green bars indicate leading values, yellow bars indicate average values, and red bars indicate below-average values.

For CODING:

• Green: Less than 48 hours
• Yellow: Between 48 and 72 hours
• Red: More than 72 hours

For PICKUP:

• Green: Less than 24 hours
• Yellow: Between 24 and 72 hours
• Red: More than 72 hours

For REVIEW:

• Green: Less than 24 hours
• Yellow: Between 24 and 72 hours
• Red: More than 72 hours

For DEPLOY:

• Green: Less than 10 hours
• Yellow: Between 10 and 24 hours
• Red: More than 24 hours

You can visualize your teams' cycle time in the Dashboard, Project Timeline, and Teams Stats reports. Individual cycle time can be found in the Developer Summary, and Developer Stats reports.

We're excited to announce our new design! It features a more friendly user interface and usability improvements that effectively convey our vision of engineering leadership. View more snippets of our new design below.

Developer Summary Redesigned

The new Developer Summary report is designed to help you visualize work patterns and track individual progress over time. With it, engineering managers can quickly spot and eliminate any blockers that are holding their team members down. 

Gain a better understanding of what's going on before one-to-ones and add a layer of data to performance reviews with the Developer Summary.

Team Stats Overhaul

The new Team Stats report was developed to help engineering executives build customizable high-level performance reports.

We’ve brought our new brand positioning and visual identity system to life on our website with a better articulation of how Waydev can transform engineering work metrics into impactful decisions for technology organizations across the globe.

We've added the option to compare engineer stats with team average stats using the Developer Compare feature. This will help you spot underperformers and identify coaching opportunities. Comparing engineer stats with team average stats can also help you discover top performers and recognize their wins.

We've added PR stats in the Team Compare and the Developer Compare features. Learn more about Team Compare and Developer Compare.

If you want to hide developers' names from other users in the platform, you can do it by following this guide.

We've just launched our integration with Azure DevOps Server. Learn more about integrating Azure DevOps Server here.

-- (July 7, 2020, 5 am PST update)

July 2, 2020, 11:20 am PST

We learned from one of our trial environment users about an unauthorized use of their GitHub OAuth token. The security of your data is our highest priority. Therefore, as a precautionary measure to protect your account, we revoked all GitHub OAuth tokens.

July 3, 2020, 9:45 am PST

Our Security team, along with the Bit Sentinel team (independent company), identified that between June 10, 2020, and July 03, 2020, attackers:

• performed multiple attacks over an AJAX call;
• performed exploratory activities;
• launched automated scanners;

July 3, 2020, 12:45 pm PST

The Waydev team fixed the issues and eliminated any potential threats supposedly linked to the incident.

• The attackers managed to retrieve personal details, such as emails, first and last names, but they did not retrieve any passwords.
• There is a possibility that the attackers cloned different GitHub & GitLab projects. We have no evidence that the attackers managed to clone projects from any other Git providers.
• There is a possibility that the attackers gained access to our source code. At this moment, we are in the process of a full code review and we will solve any issues that we identify.
• We are working closely with teams of legal, technical, and communications specialists. We are in the process of notifying law enforcement authorities regarding our investigation.

1. Check for any suspicious activity in your GitHub & GitLab account.
2. Perform a review over your codebase and change all the passwords, private keys, API secret keys, etc. We recommend using a tool like DumpsterDiver or truffleHog, which can perform high entropy search to help you discover all of these within the code.
3. Enable a web application firewall such as Cloudflare, mod_security, or any other WAF solution.
4. Perform a code review to identify any potential vulnerabilities that an attacker may exploit (static or dynamic code analysis), or a manual security code review, and fix all the critical vulnerabilities discovered during the engagement.
5. Check for any error logs to any of your main services (eg. web service, database service,  application level logs etc).
6. If you have any suspicious activity or you think your database was exposed, contact a cyber security company to assist you with an incident response plan and other technical forensics capabilities. Be ready to reset user passwords.
7. Enable logging (including POST data). Create a benchmark of the user’s traffic, for example, total number of requests/IP and analyze any suspicious activity for high traffic users to check for potential exploitation attempts.

• Sort your most popular IP addresses based on number of logs generated in apache: awk '{ print $1 }' *access*log | sort -n | uniq -c | sort -nr | head -50
• Find the most popular users based on number of POST requests and see what they are doing
• Find most popular users based on unique suspicious user agents and see what they are doing: awk -F'"' '{print $6}' access.log | sort | uniq -c | sort -rg | head
• Find most popular users based on number of error generated (non 200-response codes, especially 4XX or 5XX) and understand what they are doing

The investigation is still in progress and we will post updates whenever we have any relevant information. If you have any other questions regarding this topic, do not hesitate to contact us at security@waydev.co.

-- (July 2, 2020, 11:20 am PST)

July 10, 2020, 5:50 pm PST

GitHub sent an email to all the users that connected Waydev GitHub application, which included users affected and non-affected users. Please check the GitHub logs in the last period to see if you were affected or not.

Below are Waydev's IPs from where we pull data: 

• 142.93.239.72
• 167.99.223.224
• 134.209.196.25

The investigation is still in progress and we will post updates whenever we have any relevant information. If you have any other questions regarding this topic, do not hesitate to contact us at security@waydev.co.

July 24, 2020, 1 am PST

• Manual access - It is now impossible to create an account without approval from our security team;
• Monitoring all the activity;
• Tokens resetting two times a day;
• Reported the incident to authorities.

The Time Card feature now displays the time zone used for the stats.

We added Throughput, Productive Throughput, and Commits/ Active Day in Targets. Learn more about Targets.

You can now view more than 5 engineers in the Work Log, using the 'Per Page' filter.

You can now sort individual engineer stats in the Dashboard. You can do this by clicking on each metric's name.