Automation and Time Tracking Solution: Development from Scratch

Project description

JazzTeam Time Reporting is part of the company’s corporate platform aimed at automating the company’s business processes. This system was developed for the purpose of automating the accounting of employees’ working time. It made it possible to transfer the accounting of non-working time of employees to the web interface, as well as automatically generate reports on the wages of employees based on reports of hours worked, thereby reducing the labor costs of the company’s administration.

The employees time tracking system provides:

keeping records of non-working time of employees (holidays, sick leaves, sick days, etc.);
aggregation of employees’ working time data from the internal task management system (Jira) and external sources, as well as the mandatory validation of this data to generate a payroll report;
monitoring the timely filing of hours worked and the formation of error reports;
notification of all interested parties about the errors identified in the reports;
maintaining a centralized record of information on employees and their project workload;
the ability to quickly view and cancel changes to the most important data in the system (changing the workload of an employee on a project, transferring an employee to another project, etc.).

Technological features of the project

The developed system consists of several components, the main of which are:

the synchronizer — runs in Jenkins and exports work time data for each employee from predefined sources to a single database;
the validator — runs in Jenkins on a daily basis. It generates the time that needs to be worked by employees each day and compares it with the data received from the synchronizer. As a result, a report is generated that indicates the detected errors;
the web interface — a component responsible for user interaction with the system;
the back-end — a component responsible for processing requests from the web interface.

The back-end component consists of several parts:

the JWT filter — validates requests, sends approved ones further for processing to the controller;
the controller — performs the function of dividing tasks between services;
a service — a layer whose main function is to validate requests from the controller based on a specific business logic and to perform a particular business task;
the repository — a layer that interacts with the database.

Technologies used

Programming languages: Java SE 8, JavaScript.

Frameworks, libraries: jQuery, Bootstrap 4, Material Icons, Hibernate, Spring Boot, Spring Security, Spring MockMVC, AJAX, Swagger, Apache Commons, Lombok, FreeMarker, Cypress, Playwright.

APIs: REST API.

Infrastructure: Jenkins + security plugins, Postman, Nexus, Jira, OWASP ZAP.

Databases: MySql8, H2.

Cybersecurity activities

When developing IT products, we perform manual cybersecurity testing based on the OWASP standard. However, we also use specialized tools when necessary.

To save time on one of the company’s internal projects, we used OWASP ZAP technology. This tool proved to be very effective, helping us to discover several critical vulnerabilities before the system went into production, thus avoiding potential reputational risks.

We are currently integrating additional OWASP ZAP checks into our product lifecycle. Applying this technology before major releases allows us to reduce the impact of human factors in cybersecurity testing. The results of the tests performed are added to the manual test cases. In addition, we create automated tests for frequently recurring issues.

By using specialized testing tools, we reduce the cost of ensuring cybersecurity of developed products.

Project features

The interaction between the database and the code is carried out through the DAO layer, which allows you to work flexibly with the system and makes its various components independent of each other. To connect these components into a single system, we used Nexus.
The presence of versioning in the system allows you to keep a history of all processes and events, i.e. work not only with the current state of the object, but also with its previous versions. The system also allows you to enter and track events planned for the future.
When developing the application, much attention was paid to data security issues, which was ensured primarily by a very clear delineation of rights and roles in the system and by strict rules for their setting up.
The project uses the concept of metafields, which is to provide a common mechanism for adding entity attributes and controlling access to them without the need to rebuild the application.
The following types of testing were carried out on the project: functional, regression, modular, security testing. At the same time, the DDT approach was widely used, and 80% of the code was covered by Unit tests.
To undertake security testing, we utilized the OWASP ZAP web application security scanner to examine the application for system vulnerabilities. The results were analyzed, vulnerabilities were prioritized and selected for further elimination. The driving force behind the quick and high-quality elimination of detected vulnerabilities was the QA team, which prioritized the bug fixing process and carried out timely retests of the application for previously discovered vulnerabilities after the changes were made. As a result of the dedicated and high-quality work of the team, the detected vulnerabilities were eliminated, and the overall level of application security was increased.
To ensure high-quality monitoring and further maintain the appropriate level of application security, the process of scanning for vulnerabilities using the OWASP ZAP tool was integrated into the regression testing process. This process allows you to maintain the proper level of security, reduce risks and eliminate financial and reputational losses due to both automated and targeted attacks.
To significantly speed up testing and deployment of the application while iteratively developing its functionality, special emphasis was placed on CI/CD processes. This required ensuring maximum synchronization of developers with users of the system and setting up parallel work of the entire project team with several environments (for development, testing and release) through Spring Security.

Project results

The work of the company’s administration employees has been fully automated in a number of areas, including the process of their interaction with project managers.
After the transition to the developed system, the overall labor costs of the company’s administration decreased and the loss of time spent on collecting and exchanging all data between project managers and the accounting department was eliminated.
A centralized storage and an electronic file cabinet of various types of data used by the company’s administration employees as part of their work have been created. Now all up-to-date information about employees, their managers and projects can be obtained in one place and independently.

Company’s achievements on the project

The company has developed another proprietary product that can be supplied to third parties on a commercial basis. The developed application is easily scalable and can be adapted to local customer requirements in a short time.
The process of resource provision of projects (formation of project teams) has significantly accelerated.