UXPROD-36 NFR Scorecard

Owned by Kalibek Turgumbayev
Last updated: Apr 25, 2024
2 min read

Please refer to NFR Scorecard practice for detailed information

Status

COMPLETED

Date-time

 

Dev Team

Volaris

Architect

Kalibek Turgumbayev 

Team LeadGurleen Kaur1
Scrum Master

Tetiana Gusar

Product Owner

Tim Auger

Prod Ticket

UXPROD-36 - Getting issue details... STATUS

Arch Ticket

ARCH-116 - Getting issue details... STATUS

Tech DesignUXPROD-36 Profile pictures
ReleaseQuesnelia (R1 2024)

Quality Attribute

NFR ID

Non-Functional Requirement

Preliminary Analysis (Before feature started)- Date and Status

Final Analysis (After feature completed) - Date and StatusNotes and Comments
1

Availability

NFR.Baseline.Availability.1

Modules are designed and implemented following the Stateless principle

 COMPLIANT

  COMPLIANT
2

NFR.Baseline.Availability.2

Load/performance testing must be conducted for at least 2 instances

NOT VERIFIED

  COMPLIANTUploading Patron profile picture
3

Manageability


NFR.Baseline.Manageability.1

Application logs are collected in a unified form and location

 COMPLIANT

  COMPLIANT
4

NFR.Baseline.Manageability.2

All custom configuration values are placed in the settings, not in the program code

 COMPLIANT

  COMPLIANThttps://github.com/folio-org/mod-users?tab=readme-ov-file#example-request-1

NFR.ProfilePictures.Manageability.1

  • Enabling/disabling the profile pictures feature for the tenant
  • Storage type for pictures should be configurable (e.g. database, S3-like storage)

NOT VERIFIED

  COMPLIANT
5

Performance


NFR.Baseline.Performance.1

Components are performance tested and compared to the prior release baseline; performance may not degrade more than 5% in exceptional cases

NOT VERIFIED

  COMPLIANTProfile opening /saving should not degrade from existing values for more than 5%.

NFR.ProfilePictures.Performace.1

The system can process ~70K profile pictures per year

NOT VERIFIED

  COMPLIANTUploading Patron profile picture
6

Security



NFR.Baseline.Security.1

Tenant data must be isolated from other tenants

NOT VERIFIED

  COMPLIANT UXPROD-4562 - Getting issue details... STATUS
7

NFR.Baseline.Security.2

Secrets (such as usernames, passwords, API keys, and/or their combinations) are not stored in source repositories (i.e. Github)

NOT VERIFIED

  COMPLIANT
https://sonarcloud.io/summary/new_code?id=org.folio%3Amod-users&pullRequest=344
8

NFR.Baseline.Security.3

No sensitive information in logs (logins, passwords, API keys)

NOT VERIFIED

  COMPLIANT

NFR.ProfilePictures.Security.1

Only authorized library staff can view and manage (upload, view, update, delete) photos for patron accounts

NOT VERIFIED

  COMPLIANTReuse of previously existing mechanism of permissions

NFR.ProfilePictures.Security.2

Patron photos should be securely stored with proper encryption and access controls to protect sensitive information.

NOT VERIFIED

  NON COMPLIANTTech Debt: need to address change encryption key and related data.
9

Testability

NFR.Baseline.Testability.1

Unit-test coverage for new code created/changed during the implementation of the feature >= 80%

NOT VERIFIED

  COMPLIANThttps://sonarcloud.io/summary/new_code?id=org.folio%3Amod-users&pullRequest=344
10

NFR.Baseline.Testability.2

E2E-test coverage - # of automated test cases from test rail to # of all test cases at a particular feature

NOT VERIFIED



11

NFR.Baseline.Testability.3

Karate-test coverage - # of test to # of new endpoints that were created (or existing endpoints that were changed) in the feature scope

NOT VERIFIED

  COMPLIANTReport

LEGEND: Enumeration of possible statuses


COMPLIANT Compliance checked and confirmed

NOT VERIFIED Compliance not checked

NON COMPLIANT Compliance checked, and non-compliance found

NOT APPLICABLE Сompliance not required, requirement not applicable