Versions Compared

Old Version 5

changes.mady.by.user Tetiana Gusar

Saved on

compared with

New Version 6

changes.mady.by.user Gurleen Kaur1

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  • Step 1 - select one of the 3 results below against each criteria:
  • ACCEPTABLE
  • UNACCEPTABLE
  • INAPPLICABLE
  • Step 2 - provide evidence 

CriteriaComments/ Action ItemsResponsible

Evaluation result: 

  • ACCEPTABLE
  • UNACCEPTABLE
  • INAPPLICABLE

Evidence:


Status:

To Do

In Progress

Done

1

 

Upon acceptance, code author(s) agree to have source code canonically in folio-org github

Uses Apache 2.0 license


Kalibek Turgumbayev 


2

 

Copyright assigned to OLF

Module build MUST produce a valid module descriptor


Kalibek Turgumbayev 




3

 

Uses Apache 2.0 license

Module descriptor MUST include interface requirements for all consumed APIs


Kalibek Turgumbayev 




4

 Third party dependencies use an Apache 2.0 compatible license


Kalibek Turgumbayev 




5 Module’s

 Installation documentation is included


Kalibek Turgumbayev 




6

 Personal data form is completed, accurate, and provided as PERSONAL_DATA_DISCLOSURE.md file






7

 Sensitive and environment-specific information is not checked into git repository






8

 Module is written in a language and framework from the officially approved technologies page






9

 Module only uses FOLIO interfaces already provided by previously accepted modules e.g. a UI module cannot be accepted that relies on an interface only provided by a back end module that hasn't been accepted yet






10

 Module gracefully handles the absence of third party systems or related configuration



ACCEPTABLE



11

 Sonarqube hasn't identified any security issues, major code smells or excessive (>3%) duplication






12

 Uses officially supported build tools






13

 Unit tests have 80% coverage or greater, and are based on officially approved technologies






147
  • Module's repository includes a compliant Module Descriptor

    Kalibek Turgumbayev 

    		6
    •  Modules must declare all consumed interfaces in the Module Descriptor “requires” and “optional” sections





    15

     Module includes executable implementations of all endpoints in the provides section of the Module Descriptor






    16




    8 Back-end modules must define endpoints consumable by other modules 17

     If a module provides interfaces intended to be consumed by other FOLIO Modules, they must be defined in the Module Descriptor

    “provides”

    "provides" section






    918

     All API endpoints are documented in RAML or OpenAPI






    1019

     All API endpoints protected with appropriate permissions

    ACCEPTABLE

    		11
    •  No excessive permissions granted to the module
    		12
    •  Code of Conduct statement in repository
    		13
    •  Installation documentation included
    		14
    •  Contribution guide is included in repo
    		15

    as per the following guidelines and recommendations, e.g. avoid using *.all permissions, all necessary module permissions are assigned, etc.






    20

     Module provides reference data (if applicable)

    		16 Personal data form is completed

    ,

    accurate, and provided asPERSONAL_DATA_DISCLOSURE.md file    		17
    •  Sensitive information is not checked into git repository
    		18
    •  Module is written in a language and framework that FOLIO development teams are familiar with e.g. Vertx/RMB, Spring Way/folio-spring-base, and React/Stripes
    		19
    •  Back-end modules are based on Maven/JDK 11 and provide a Dockerfile
    		20 Integration (API) tests written in Karate if applicable

    e.g. if there is a controlled vocabulary where the module requires at least one value






    21

     If provided, integration (API) tests must be written in an officially approved technology






    21
    •  Back-end unit tests at 80% coverage
    		22

     Data is segregated by tenant at the storage layer






    23

     

    Back-end modules don’t

    The module doesn't access data in DB schemas other than

    their

    its own and public






    24

     

    Tenant data is segregated at the transit layer    		25 Back-end modules respond with a tenant’s

    The module responds with a tenant's content based on x-okapi-tenant header






    2625

     Standard GET /admin/health endpoint returning a 200 response






    2726

     

    HA (

    High Availability (HA) compliant

    (at least 2 replicas)     		28
    •  Module only uses FOLIO interfaces already provided by previously accepted modules e.g. a UI module cannot be accepted that relies on an interface only provided by a back end module that hasn’t been accepted yet
    		29

      • Possible red flags:
        • Connection affinity / sticky sessions / etc. are used
        • Local container storage is used
        • Services are stateful





    27

     Module only uses

    existing

    infrastructure / platform

    technologies_

    technologies on the officially approved technologies list.

      • e.g. PostgreSQL, ElasticSearch
    (and Kafka, despite it being still unofficial at present)_    		30
    •  Integration with any third party system (outside of the FOLIO environment) tolerates the absence of configuration / presence of the system gracefully.
    		31
    •  sonarqube hasn't identified any security issues
      • , etc.