- Step 1 - select one of the 3 results below against each criteria:
- ACCEPTABLE
- UNACCEPTABLE
- INAPPLICABLE
- Step 2 - provide evidence
Criteria | Comments/ Action Items | Responsible | Evaluation result:
| Evidence: | Status: To Do In Progress Done | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Uses Apache 2.0 license | Kalibek Turgumbayev | Acceptable | https://github.com/folio-org/edge-dcb/blob/master/LICENSE | Done | |||||||||
2 | Module build MUST produce a valid module descriptor | Acceptable | Done | |||||||||||
3 | Module descriptor MUST include interface requirements for all consumed APIs | Edge module does not require API list as they are encoded in system user permissions. | Acceptable | Done | ||||||||||
4 | Third party dependencies use an Apache 2.0 compatible license | Attached is the result of license scan: mvn license:third-party-report | Acceptable | Done | ||||||||||
5 | Installation documentation is included
|
Jira:
| Acceptable | In Progress | ||||||||||
6 | Personal data form is completed, accurate, and provided as | Checked and the file is present with appropriate details. | Acceptable | https://github.com/folio-org/edge-dcb/blob/master/PERSONAL_DATA_DISCLOSURE.md | Done | |||||||||
7 | Sensitive and environment-specific information is not checked into git repository | Acceptable | Done | |||||||||||
8 | Module is written in a language and framework from the officially approved technologies page | Acceptable | Done | |||||||||||
9 | Module only uses FOLIO interfaces already provided by previously accepted modules e.g. a UI module cannot be accepted that relies on an interface only provided by a back end module that hasn't been accepted yet | 10 | Module gracefully handles the absence of third party systems or related configuration | Acceptable | https://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.json | Done | ||||||||
10 | Integration with any third party system (outside of the FOLIO environment) tolerates the absence of configuration / presence of the system gracefully | Acceptable | https://github.com/folio-org/edge-dcb/blob/master/README.md#deployment-information | Done | ||||||||||
11 | Sonarqube hasn't identified any security issues, major code smells, or excessive (>3%) duplication | ACCEPTABLE | https://sonarcloud.io/summary/new_code?id=org.folio%3Aedge-dcb | DONE | ||||||||||
12 | Uses officially supported build tools | ACCEPTABLE | https://github.com/folio-org/edge-dcb/blob/master/pom.xml#L25 https://github.com/folio-org/edge-dcb/blob/master/Dockerfile | DONE | ||||||||||
13 | Unit tests have 80% coverage or greater , and are based on officially approved technologies | ACCEPTABLE | https://sonarcloud.io/summary/new_code?id=org.folio%3Aedge-dcb https://github.com/folio-org/edge-dcb/blob/master/pom.xml#L188 | DONE | ||||||||||
14 |
| ACCEPTABLE | https://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.json | DONE | ||||||||||
15 | Module includes executable implementations of all endpoints in the provides section of the Module Descriptor | INAPPLICABLE | https://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.json | DONE | ||||||||||
16 | Environment vars are documented in the ModuleDescriptor
| INAPPLICABLE | https://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.json | DONE | ||||||||||
17 | If a module provides interfaces intended to be consumed by other FOLIO Modules, they must be defined in the Module Descriptor "provides" section | INAPPLICABLE | https://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.json | DONE | ||||||||||
18 | All API endpoints are documented in RAML or OpenAPI | ACCEPTABLE | https://github.com/folio-org/edge-dcb/blob/master/src/main/resources/swagger.api/edge-dcb.yaml | DONE | ||||||||||
19 | All API endpoints protected with appropriate permissions as per the following guidelines and recommendations, e.g. avoid using
| INAPPLICABLE | There are no endpoints defined in module descriptor. https://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.json | DONE | ||||||||||
20 | Module provides reference data (if applicable), e.g. if there is a controlled vocabulary where the module requires at least one value | For edge module, there are no prerequisites data. | INAPPLICABLE | |||||||||||
21 | If provided, integration (API) tests must be written in an officially approved technology
| Code needs to be commited | ACCEPTABLE | In Progress | ||||||||||
22 | Data is segregated by tenant at the storage layer | Magzhan Artykov | INAPPLICABLE | |||||||||||
23 | The module doesn't access data in DB schemas other than its own and public | INAPPLICABLE | ||||||||||||
24 | The module responds with a tenant's content based on x-okapi-tenant header | For edge module, only apikey is needed. | INAPPLICABLE | DONE | ||||||||||
25 | Standard GET
| Need to check list of endpoints needs to be added in addition to health exposure:
| ACCEPTABLE | Module have the spring boot actuator dependency and health endpoint is enabled. It is accessible in local but unable to test it in rancher. https://github.com/folio-org/edge-dcb/blob/master/src/main/resources/application.yml#L23 https://github.com/folio-org/edge-dcb/blob/master/pom.xml#L100 | In Progress | |||||||||
26 | High Availability (HA) compliant
| In Progress | ||||||||||||
27 | Module only uses infrastructure / platform technologies on the officially approved technologies list.
| ACCEPTABLE | DR-000037 - TESTCONTAINERS_POSTGRES_IMAGE | DONE |