Test Case for FEA405
Test Case description | Test the Security testing pipeline. |
Test Case ID | TESTCASE405 |
Author/Designer | Rasmus Vasara |
Date of creation | 11.4.2024 |
Class | Security |
Test description / objective
This test case should verify the existence and functionality of the security testing pipeline that automatically detects and reports security issues during the development process.
Links to requirements or other sources
- Requirements: ReqID list
- Use case: User Story US019
- Feature: Feature FEA405
Test pre-state
- Ensure the development environment is set up with access to the latest codebase and CI/CD pipeline tools.
Test steps
- Step: Check if the CI/CD pipeline is correctly configured to include the security testing stage.
- Step: Trigger a build by making a commit to the repository with a minor change.
- Step: Monitor the CI/CD pipeline to ensure the security testing stage is executed.
- Step: Introduce a known security vulnerability in the code and commit the changes.
- Step: Verify that the security testing stage identifies the introduced vulnerability.
- Step: Review the security report generated by the pipeline for accuracy and completeness.
- Step: Rectify the security vulnerability and recommit the changes to verify the pipeline now passes without security alerts.
Test end-state
- The test should conclude with the CI/CD pipeline running successfully without any errors and the security stage reporting no issues after the vulnerability is corrected.
To be taken into account during test
- Ensure that the security testing tools are updated to the latest version.
- Verify that the pipeline is configured to fail on detecting critical security vulnerabilities.
Test result (Pass/Fail Criteria)
- PASS condition: The pipeline detects and reports the introduced security vulnerability and passes without issues after rectification.
- FAIL condition: The pipeline does not detect the introduced security issue or fails to complete successfully.