...
- Note: All projects need to upgrade response to Passing (Vulnerability Report Private) to "Met"
KPI 2: Closed OJSI
...
Tickets (Krzysztof)
...
- No HTTP ports exposed.
- All port expose HTTPS, or
- HTTP port waiver granted by the SECCOM and documented in readthedocs
- All OJSI tickets with CVEs assigned are closed (Security level set to None).
KPI 3: Remediating Known Vulnerabilities in Third Party Packages (Amy)
- 75% of direct dependencies upgraded to latest version
KPI
...
4: Code coverage tests (Pawel, Amy)
Frankfurt
- all All projects achieve at least 55% code coverage for the Frankfurt release and 60% for the Guilin release
or alternatively
- each project provides a firm proposal to improve code coverage % within the Frankfurt release life-cycle. coverage.
- If a project is unable to achieve 55% they must:
- Request a TSC exception including:
- Reason 55% coverage cannot be achieved,
- % coverage they can achieve.
- Request a TSC exception including:
- KPI measurement
- Projects without exceptions: passing = at least 55%
- Projects with exceptions: passing = at least committed %
- All projects document the % coverage in the readthedocs and the location of the test suites.
Guilin and beyond
The desire is for projects to concentrate on code coverage tests for new code and core components. Until we have tooling available that reliably measures this, we will use the following measures to assess code coverage.
- All projects commit to the % coverage they can meet.
- KPI: passing = at least committed %
- Code coverage below 55% requires a TSC exception as documented in the Frankfurt code coverage tests above.