Requirements Gathering Testing.GovStack

User Groups Use Cases

• Software Owners

  • Draft an evaluation report

  • Submit an evaluation report

  • Updating an evaluation report

• GovStack staff

  • Verify an evaluation report

  • Enter, delete, edit an evaluation report

• Government staff

  • View evaluation report overview

  • View one specific evaluation report

Evaluation Report

• An evaluation report can have only one software candidate but multiple building blocks against which the software candidate is tested.

  • That means creating an evaluation report requires to select certain BB and accordingly the entry form adapts according to the requirements in the BB specifications.

• An evaluation report as the following phases of submission (will be reflected in Jira issues) https://govstack-global.atlassian.net/wiki/spaces/GH/whiteboard/300449806

  • Draft: Open to be edited

  • In Review: Is being reviewed by GovStack Staff

  • Published: Published and cannot be changed

• An evaluation report as always one version of software and one version of the BB specs

• If the version changes or something needs changing, a new evaluation report needs to be submitted → creating a history

• A evaluation report consists of (example: Compliance Evaluation: Template )

  • Meta information

  • Manual entry on Deployment and Requirement Specification Compliance

  • Test Harness Report for Interface Compliance

• The categorization (Failed, Level 1, Level 2) according to Software Compliance Concept can be either defined automatically or done by the GovStack Staff in Review Process

• The form should be automatically created and filled with all required and optional requirements for each BB.

Questions from Dominica to Nico

Shouldn't the compliance form be added to a new page that is separated from the testing results web app?

• I imagine the start page to be an overview of all evaluation reports grouped by software candidate

• An evaluation reports contains the test results or a link to the test results

• The Drafting and Submission process includes answering questions via a form and conduct the test or conducting test is separate and the Drafting and Submission process only requires a link to the test results

How verification of submission work? Should it also be done through the app? So once the form is submitted and Jira ticket is created - what's next?

• Correct, the verification should be done through the app. GovStack needs an account authorized to change the status from “Submitted” to “Reviewed”. The evaluation report is just shown to the GovStack staff member. In case of errors, it can change the status back to “Drafted” and contact author via email do correct something.

We assume that there should be an authorization added to this page - both for providers as well as for the GovStack team.

Providers - should everyone be able to submit this form or do we need authorization for that?

• Not 100% sure. But I dont see to much risks if me minimize the login/authorization requirements. Maybe to avoid spam. Let’s tryto not need an account/login. Everyone can edit every evaluation report draft.

GovStack team - there needs to be at least an approver role if the answer for point 2. is yes

• Correct

If we want to add authorization, we could for example enable users to log in using their google/github accounts.

• Ok yes, that is maybe also a good option if it can be easily done. But I do not fear misuse at the moment.

Should a software provider be able to edit submitted form?

• Only in drafting stage. New submission if new version or error detected require a new evaluation report. This will create a history.

How (and if) we should include Sandbox(maybe some links at least) in our web app?

• I do not see connect to sandbox too important. I would rather work on the integration with the wordpress GovStack.global site. Perfect would be a embeddable overview of all evolution reports grouped by software candidate showing in the table: Software name, deployment compliance, specification compliance, interface compliance, link to evaluation report

We could provide a link to created Jira ticket once the form is submitted so the provider can see the status.

• yes, great!

Testing results web app could be extended to present not only API compliance (as currently) but also the deployment and requirement specification compliance based on the submitted (and approved) form. What do you think?

• Yes, that is the idea