Process (Defined by SDLC)
Base Image as Graalvm
Fortify Scan & Unity Fortify Suppression rules
STaaS (Framework build by SDLC and using it in QA)
GIT branching, GIT hooks & GIT adoption
Auditing (MR Build jobs, Webhooks & mandatory two reviewers)
Sonar & Jacoco code coverage threshold limits.
Security related process (Release process) → Security Assurance checklist → 3rd Party Security checklist → Secure coding guidelines
Maintain the OSSA score card
Tooling (Introduced by API Platform & SDLC)
Build Image & Build Jar from Source.
Performance testing of an API using Artillery IO & Gatling Karate framework
Execution of Karate Functional test cases on any tenant/any environment
Complexity and components
GraalVM base image
Report generation on Sonar code coverage, BA Expiration
MR Build → Code build → Test cases execution → Code coverage → Publish to Sonar
Weekly email on Sonar code coverage & BA expiration email weekly
Ownership and support
Fortify Unity custom rules (Security team)
LTs & BAs
OIM entitlement approvers ([login to view URL] & CDP.User-Admin)
GIT stat report (Tool cum ownership)
How software end to end moves to binaries/packages
Requirements → Arch support → Implementation → QA → Higher environments
Security checks, SDLC standards before QA.
Next action Items:
Formatting & Linting
Exploring Karate UI framework to simply UI test cases.