Skip to content

Test Case for FEA405
Test Case description Test the Security testing pipeline.
Test Case ID TESTCASE405
Author/Designer Rasmus Vasara
Date of creation 11.4.2024
Class Security

Test description / objective

This test case should verify the existence and functionality of the security testing pipeline that automatically detects and reports security issues during the development process.

Test pre-state

  • Ensure the development environment is set up with access to the latest codebase and CI/CD pipeline tools.

Test steps

  1. Step: Check if the CI/CD pipeline is correctly configured to include the security testing stage.
  2. Step: Trigger a build by making a commit to the repository with a minor change.
  3. Step: Monitor the CI/CD pipeline to ensure the security testing stage is executed.
  4. Step: Introduce a known security vulnerability in the code and commit the changes.
  5. Step: Verify that the security testing stage identifies the introduced vulnerability.
  6. Step: Review the security report generated by the pipeline for accuracy and completeness.
  7. Step: Rectify the security vulnerability and recommit the changes to verify the pipeline now passes without security alerts.

Test end-state

  • The test should conclude with the CI/CD pipeline running successfully without any errors and the security stage reporting no issues after the vulnerability is corrected.

To be taken into account during test

  • Ensure that the security testing tools are updated to the latest version.
  • Verify that the pipeline is configured to fail on detecting critical security vulnerabilities.

Test result (Pass/Fail Criteria)

  • PASS condition: The pipeline detects and reports the introduced security vulnerability and passes without issues after rectification.
  • FAIL condition: The pipeline does not detect the introduced security issue or fails to complete successfully.