We're an Embedded Award 2026 Tools nominee and would love your support! Vote for C/C++test CT >>
Whitepaper
Wondering what’s inside the guide? Get a preview below.
The rapid growth of automotive software—driven by ADAS and increasing safety and security demands—has made development and testing increasingly costly and complex. With modern vehicles containing over 100 million lines of code, automakers are adopting CI/CD and DevOps practices to reduce time to market and control costs.
This whitepaper explains how integrating automated testing—particularly static analysis, unit testing, and structural code coverage aligned with ISO 26262—into CI pipelines enables continuous testing, significantly improving productivity, reducing testing effort, and enhancing overall software quality and safety.
Continuous integration depends on automated build and deployment processes to avoid slow, manual workflows that undermine its effectiveness.
CI requires a single source repository, automated builds, and rapid resolution of integration issues. However, CI/CD efforts often stall at the testing phase, where determining what to test and executing tests, especially manually, becomes time-consuming and costly. While test automation is essential, it alone is insufficient, highlighting the need for more comprehensive testing strategies to sustain continuous delivery.
CI/CD continues to increase in popularity within automotive software development organizations. However projects are often constrained in ways that application development is not.
Besides physical and computational constraints of target hardware, there are marketplace constraints. Automotive software has requirements for safety, security, reliability, and extremely long life cycles—products can remain in market for decades.
At the development level, automotive software requires IDEs, compilers, static and dynamic analysis, and build tools. Tools often target different architectures than they work on (host versus target environment). Version consistency of tools across the team is essential.
Automation at the build level uses the same techniques. But when code needs execution, the host/target barrier becomes significant. Automation requiring code execution needs special support in automotive software development.
Automating testing for automotive software is more challenging due to complexity of initiating and observing tests on embedded targets, limited access to target hardware, and the need for workable continuous testing from host development systems to target systems.
A solution like Parasoft C/C++test comes with an optimized test harness to take minimal additional overhead for the binary footprint and provides it in the form of source code, where it can be customized if platform-specific modifications are required.
A high-level view of deploying, executing, and observing tests from host to target.
One huge benefit that the Parasoft C/C++test solution offers is dedicated integrations with embedded IDEs and debuggers that make the process of executing test cases smooth and automated. Supported IDE environments include Eclipse, VS Code, Green Hills Multi, Wind River Workbench, IAR EW, ARM MDK, ARM DS-5, TI CCS, Visual Studio, and many others.
The Parasoft solution supports the creation of regression testing baselines as an organized collection of tests and will automatically verify all outcomes. These tests run automatically on a regular basis to verify whether code modifications change or break the functionality captured in the regression tests. During subsequent tests, C++test will report tasks if it detects changes to the behavior captured in the initial test.
The parity of capabilities of remote target execution with host-based testing means that automotive software teams can reap the same benefits of automation as any other type of application development.
Containerized deployments of development tools are becoming the bread and butter of automotive development teams. Even though containers were initially developed to solve problems with deployment of microservices and web-based applications, they recently gained popularity among development teams, especially large teams that use containers to manage complex toolchains.
When it comes to managing complex development environments, specifically in safety-critical software development, teams usually struggle with the following challenges:
All these problems are easy to solve with containers.
It’s easy to configure the command-line based tool, Parasoft C/C++test Professional, to work with a compilation toolchain and the execution environment deployed in containers. The tool supports deployments based on Linux and Docker containers.
The biggest benefit of CI/CD is reducing project risk. In the past, too many projects relied on "big bang" software integration efforts where software teams attempted to integrate their software too close to the end of product development. These teams encountered huge issues with integration and were often under massive "crunch" schedules to get the project finished. Testing was pushed even further to the end of the project where it became too little too late.
By using continuous integration, software teams always have a full build of the product ready for testing, delivery, and release. Rather than throw things together in one big bang, the team goes through smaller integration steps, continuously, to find issues early and reduce the risk from late cycle integration.
Here are more benefits to continuous integration:
Continuous integration is just part of a continuous development process requiring testing and delivery. Continuous testing provides automated, unobtrusive immediate feedback on software release candidates, not just simply more test automation, but actually building quality and security into products as part of CI/release/delivery processes.
Early detection of bugs and security vulnerabilities at the developer’s desktop prevents bugs from wasting unit testing time and entering the software build.
Helps conform to required industry standards like MISRA C/C++ or CERT C/C++, preventing whole classes of defects and poor coding practices from entering the build.
Needed as soon as the application is built. Required tests include unit tests plus nonfunctional load, security, and performance testing executed directly from CI orchestration systems.
Links code, tests, and other assets with business requirements. Provides objective assessment of unimplemented requirements, gaps in testing and progress towards delivery.
Provides direction on where testing efforts need to go. From a risk perspective, changed code impacts more than the software itself—it impacts relevant tests and assets.
Significantly increases effectiveness of continuous testing strategy. Good test data and test data management practices increase coverage and drive more accurate results.
The drive to shift left, safety, security, and reliability in the software development life cycle (SDLC) comes from the desire to find and fix bugs and security vulnerabilities as early as possible. Issues are much easier, cheaper, and less risky to fix earlier, not later. Common sense, but the software industry is full of examples where critical defects caused catastrophic results.
The essential requirements to shift left center around the need to incorporate quality into any and all applications at the very beginning. Safety and security can’t be added on. They must be built in. Here are some recommendations to shift left in the CI/CD pipeline that help create the necessary platform for continuous testing:
It’s worth mentioning that DevOps and DevSecOps methodologies share the use of automation and continuous processes for establishing collaborative cycles of development. While DevOps prioritizes delivery speed, DevSecOps shifts security to the left, which is more important in software that’s classified as embedded safety- and security-critical.
DevOps and DevSecOps both rely on automation and continuous collaboration, but DevSecOps places a stronger emphasis on integrating security early in the development process—an essential requirement for embedded, safety- and security-critical software. By fostering closer collaboration between developers and stakeholders, DevSecOps improves the development of secure software. While test automation is a key enabler, it is only one part of the approach. Because testing is often a major bottleneck in the software lifecycle, shifting security activities earlier and reducing downstream testing effort significantly improves both software security and development efficiency.
Modern DevSecOps initiatives require the ability to assess the risks associated with a release candidate, instantly and continuously. Continuous testing within the CI/CD pipeline provides an automated, unobtrusive way to obtain immediate feedback on the security risks associated with a software release candidate. It guides development teams to meet security requirements and helps managers make informed trade-off decisions to optimize the release candidate.
Continuous testing delivers a quantitative assessment of risk as well as actionable tasks that mitigate risks before they progress to the next stage of the SDLC. The goal is to eliminate meaningless activities while improving quality and security and driving development towards a successful release.
Continuous integration and delivery is commonplace in automotive development. Migrating a waterfall process to CI/CD and Agile development pays off with risk reduction and quality and security improvements. Security is top of mind for automotive developers and CI/CD is an enabler for DevSecOps, which introduces security requirements and controls into all aspects of the pipeline.
Containers are a perfect fit with CI/CD. They support rapid deployment and portability across different host environments with support for versioning and centralized control. Containerized development environments are important for secure development in a DevSecOps pipeline since it’s possible to provide a reproducible application environment with built-in security controls.
Testing is by far the most time and resource consuming activity in automotive development. Continuous testing is a necessary component of a well-oiled CI/CD pipeline and provides a framework to shift testing earlier in the life cycle.
With the right application of automation and focus on the highest risk areas of the application, it’s possible to streamline testing to be less of an inhibitor in continuous processes. Continuous testing requires tool support for automation and optimization. Tools that drive larger code coverage, smart test execution, and bidirectional traceability further improve continuous testing.
Ready to dive deeper?
