Skip to content
Published on

BoxBoat and OpenTAP – Streamlining DevSecOps


The OpenTAP ecosystem team sat down with Cole Kennedy, BoxBoat Technologies Director, Defense Initiatives, to learn more about the synergies between BoxBoat TaaS-One and OpenTAP.

Q: How would you describe BoxBoat?

A: BoxBoat Technologies is a DevOps consultancy, focused on cloud native integrations that accelerate an organization’s delivery and support of secure software. The name BoxBoat is a slang term for container ship, a play on words around the concept of creating and shipping application containers and microservices.

On July 8, IBM announced plans to acquire BoxBoat Technologies, to extend IBM’s container strategy and implementation services portfolio and further advance IBM’s hybrid cloud strategy.

Q: What is BoxBoat TaaS-One?

A: TaaS-One, the BoxBoat “Test-as-a-Service” solution, brings DevSecOps to embedded systems development – building and deploying IoT, mobile/wireless and other smart devices. It lets device software developers push and validate code just like web developers do. TaaS-One is built on open source and with a modular architecture, making it easy to support a range of test frameworks, RTOSes, Kubernetes distros, and measurement devices. The agent-based BoxBoat framework gives teams a secure cloud-to-edge solution that allows test teams to push and test code even for remote devices under test, in another lab, another building or on another continent. The framework orchestrates the scheduling of jobs that flash and test code, allowing devices under test to be shared among developers.

Result of CI pipeline showing hardware test results and CI gate pass.

Q: How do BoxBoat DevOps automation and OpenTAP work together?

A: In support of rapid hardware validation and testing of embedded code, developers just need to check-in an OpenTAP test plan and settings alongside application code. On every code push, a container image is built using a continuous integration (CI) pipeline that contains the OpenTAP test plan and settings together with the necessary tooling for executing the test plan. This container image is based upon a freely-available open source OpenTAP Docker image. The CI pipeline notifies the framework that a new test is ready to be scheduled on an available testing device. The framework then schedules the test and the software agent executes it. The CI pipeline reports results directly to the developer; If there are test errors, the developer is notified immediately.

BoxBoat TaaS-One Workflow

Q: BoxBoat is a services and training organization.   How does BoxBoat fit into the OpenTAP ecosystem?

A: Many BoxBoat customers build and test IoT, mobile and other embedded systems that require custom software.  BoxBoat has traditionally focused on IT systems, helping customers iterate those software systems more quickly and with greater assurance.  By combining OpenTAP and TaaS-One, we bring that same development experience to intelligent device developers.  

Moreover, in support of new regulations affecting supply chain security and requiring generation of Software Bills of Material (SBOMs),  TaaS-One streamlines automation and attestation of the software components integrated into and deployed with embedded systems.  A great example is U.S. Air Force DevStar. In support of that effort, the BoxBoat team was able to go from concept to delivery in just a few weeks, leveraging tutorials and existing plugin code plus the PSLab board from FOSSASIA.

“This wouldn’t be possible without OpenTAP. What an amazing project! ”
– Cole Kennedy, Director Defense Initiatives at BoxBoat Technologies.

Ultimately, TaaS-One delivers superior Supply Chain Security through verification to OpenTAP ecosystem participants. To mitigate today’s increasing threat of supply chain attack,TaaS-One streamlines hardening the software supply chain by incorporating supply chain security practices into the DevSecOps workflow.  

Q: Your title at BoxBoat is Director, Defense Initiatives.  What types of A&D applications are using BoxBoat and how can OpenTAP provide value to the A&D lifecycle?

Cole Kennedy

A: BoxBoat TaaS-One has applications across the gamut of modern aerospace and defense systems.  For example,  the U.S. Air Force presents contractors with very strict certification requirements around flight safety, weapons security, and other design domains.  The mandatory certification processes are traditionally very cumbersome and occur out-of-band from the workflows they govern, delaying the Air Force from realizing value from the software being developed and delivered.  This ponderous “big bang” methodology was aligned with past waterfall approaches but really goes against DevSecOps principles, and efficient Systems of Systems development practices.  TaaS-One bridges the gap between old and new methods and brings the certification process into the incremental, agile development cycle.