Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  • Step 1 - select one of the 3 results below against each criteria:
  • ACCEPTABLE
  • UNACCEPTABLE
  • INAPPLICABLE
  • Step 2 - provide evidence 

CriteriaComments/ Action ItemsResponsible

Evaluation result: 

  • ACCEPTABLE
  • UNACCEPTABLE
  • INAPPLICABLE

Evidence:


Status:

To Do

In Progress

Done

1

 Uses Apache 2.0 license


Kalibek Turgumbayev Acceptablehttps://github.com/folio-org/edge-dcb/blob/master/LICENSEDone
2

 Module build MUST produce a valid module descriptor


Acceptable

Done
3

 Module descriptor MUST include interface requirements for all consumed APIs

Edge module does not require API list as they are encoded in system user permissions.

Acceptable


Done
4

 Third party dependencies use an Apache 2.0 compatible license

Attached is the result of license scan: mvn license:third-party-report

Acceptable

Done
5

 Installation documentation is included

  •  Deployment is described shortly

Jira:

Jira Legacy
serverSystem JIRA
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keyEDGEDCB-11

Acceptable

In Progress
6

 Personal data form is completed, accurate, and provided as PERSONAL_DATA_DISCLOSURE.md file

Checked and the file is present with appropriate details.Acceptablehttps://github.com/folio-org/edge-dcb/blob/master/PERSONAL_DATA_DISCLOSURE.mdDone
7

 Sensitive and environment-specific information is not checked into git repository


Acceptable
Done
8

 Module is written in a language and framework from the officially approved technologies page


Acceptable
Done
9

 Module only uses FOLIO interfaces already provided by previously accepted modules e.g. a UI module cannot be accepted that relies on an interface only provided by a back end module that hasn't been accepted yet


10 Module gracefully handles the absence of third party systems or related configuration

Acceptablehttps://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.jsonDone
10

Integration with any third party system (outside of the FOLIO environment) tolerates the absence of configuration / presence of the system gracefully


Acceptable

https://github.com/folio-org/edge-dcb/blob/master/README.md#deployment-informationDone
11

 Sonarqube hasn't identified any security issues, major code smells, or excessive (>3%) duplication


ACCEPTABLEhttps://sonarcloud.io/summary/new_code?id=org.folio%3Aedge-dcbDONE
12

 Uses officially supported build tools


ACCEPTABLE

https://github.com/folio-org/edge-dcb/blob/master/pom.xml#L25

https://github.com/folio-org/edge-dcb/blob/master/Dockerfile

DONE
13

 Unit tests have 80% coverage or greater , and are based on officially approved technologies


ACCEPTABLEhttps://sonarcloud.io/summary/new_code?id=org.folio%3Aedge-dcb

https://github.com/folio-org/edge-dcb/blob/master/pom.xml#L188
DONE
14
ACCEPTABLEhttps://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.jsonDONE
15

 Module includes executable implementations of all endpoints in the provides section of the Module Descriptor


INAPPLICABLE

https://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.jsonDONE
16

Environment vars are documented in the ModuleDescriptor


INAPPLICABLEhttps://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.jsonDONE
17

 If a module provides interfaces intended to be consumed by other FOLIO Modules, they must be defined in the Module Descriptor "provides" section


INAPPLICABLEhttps://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.jsonDONE
18

 All API endpoints are documented in RAML or OpenAPI


ACCEPTABLEhttps://github.com/folio-org/edge-dcb/blob/master/src/main/resources/swagger.api/edge-dcb.yamlDONE
19

 All API endpoints protected with appropriate permissions as per the following guidelines and recommendations, e.g. avoid using *.all permissions, all necessary module permissions are assigned, etc.


INAPPLICABLE

There are no endpoints defined in module descriptor.

https://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.json

DONE
20

 Module provides reference data (if applicable), e.g. if there is a controlled vocabulary where the module requires at least one value

For edge module, there are no prerequisites data. 

INAPPLICABLE

21

 If provided, integration (API) tests must be written in an officially approved technology

Code needs to be commitedACCEPTABLE
In Progress
22

 Data is segregated by tenant at the storage layer


Magzhan Artykov INAPPLICABLE

23

 The module doesn't access data in DB schemas other than its own and public


INAPPLICABLE

24

 The module responds with a tenant's content based on x-okapi-tenant header

For edge module, only apikey is needed.

INAPPLICABLE


DONE
25

 Standard GET /admin/health endpoint returning a 200 response

Need to check list of endpoints needs to be added in addition to health

exposure:
include:health,info,loggers
Jira Legacy
serverSystem JIRA
serverId01505d01-b853-3c2e-90f1-ee9b165564fc
keyEDGEDCB-12

ACCEPTABLE

Module have the spring boot actuator dependency and health endpoint is enabled. It is accessible in local but unable to test it in rancher. 

https://github.com/folio-org/edge-dcb/blob/master/src/main/resources/application.yml#L23

https://github.com/folio-org/edge-dcb/blob/master/pom.xml#L100

In Progress
26

 High Availability (HA) compliant

    • Possible red flags:
      • Connection affinity / sticky sessions / etc. are used
      • Local container storage is used
      • Services are stateful



In Progress
27

 Module only uses infrastructure / platform technologies on the officially approved technologies list.

    • e.g. PostgreSQL, ElasticSearch, etc.

ACCEPTABLEDR-000037 - TESTCONTAINERS_POSTGRES_IMAGEDONE