August 22, 2023 API Testing

Evaluation report flow review

Designs review

govstack

• We’re missing authentication designs.

  • Add login page for reviewers.

  • For now we will add accounts from the backend.
    
    

• We’re missing review designs.

  • It should look like the evaluation summary with notes column for reviewer

  • They should be able to either Reject or Approve

  • Reviewer should also check the level of compliance
    
    

• Evaluation report

  • It should look like the evaluation summary with all the details from https://govstack-global.atlassian.net/wiki/spaces/GH/whiteboard/300548114

  • We should include reports for each software, its versions as well as different BB versions

Clarify requirements

• How do we want to add this functionality to the current testing web app GovStack testing ? And should we do it?

  • We should have two menu items

    • One for compliance form - with reports and button to check compliance

    • The second one for API testing purposes(the current website purpose)
      
      

• Authentication

  • Authentication for GovStack team

    • One role for “approver” for all reviewers

  • Providers: Send email with custom link so the user can edit the compliance form once he starts the compliance form + later link to Jira ticket

    • Email would be required in the first step
      
      

• Statuses - do we need more statuses for reviewers? What statuses exactly do we need?

  • Draft

  • In review

  • Published

  • Rejected

• Compliance Form

  • Either Requirement or Interface Compliance needs to be filled in (deployment is not counted)
    
    
    

• Date - how should we indicate different evaluation dates in the software?

• Compliance Level - should we add tooltips to explain what each compliance level means?

• Saving draft (can be accessed again to finish submitting) - what flow of saving?
  
  

Identify any potential gaps

• What happens if a person submits a form knowing that it does not fulfill a compliance level. Do we still show it? What do we call that state? "Not passed"?

  • It would be “Rejected” state after approver rejects it.

• What happens if a person submits an empty form? I suggest status "n/a"

  • N/A will be for compliance level for a compliance part that was not submitted.

  • Software Compliance Concept

• Do we allow comments for each requirement? My impression so far was that people needed to explain why, why not or why partially something it met

  • Yes, it is already included in designs

Next steps