Quality Assurance

Quality Assurance

To meet your requirements and guaranteed Service Level Agreements, the following sections give a first overview how we can achieve this.

Existing modules are maintained and bugs are fixed. Extensive test procedures ensure a high quality of the building blocks and a working integration.

This can also be a foundation for your pipeline. From our experience, providing infrastructure and tools for your application landscape, everything is software which needs to fulfill your companies
quality demands.

Release process

A proven and reliable transparent release process is crucial to offer curated Building Blocks.
We rely on the development process that each Building Block is based on feature branch. We rely on the development process that each Building Block includes a production branch (main), a release (or development) branch (next) and feature branches. We develop on the release branch, from which we checkout feature branches for each feature/bug and after we're done developing, we merge it back to the release branch.
Eventually, if we are confident to merge this release branch, it will be merged into the production branch (main).

This is a well known and proven process which you can also find in the git-flow idea.

For an upcoming release we collect the following information:

  • Results of a vulnerability scan. A comparison of previously detected vulnerabilities with the recent ones of the latest. Fixed ones are detected and marked as such.
  • We use renovate to detect updates of release notes from the upstream and update release notes to be passed to our customer.
  • A pipeline is executed if a merge request is created. This pipeline job collects release information which be provided in our release notes. This achieves a full transparent release process from us to the customer.

Vulnerability detection

For container vulnerability scans, we use trivy. This process takes place on each feature branch pipeline and is also scheduled once a day for each building block, so that we get the latest updates on vulnerabilities. A scan on severe or critical vulnerability is in this stage sufficient.

Updates on security matter are reported directly to our experts and actions are taken immediately, if needed.

On the next pages you will learn more about how we achieve our guaranteed service level agreement