TC403-001
Test Case ID | TC304-001 |
Autohor/Designer | Markus Suonio |
Date of creation | 08.04.2024 |
Class | functional/non-functional/acceptance |
Test description / objective
This test case verifies the continuous security scanning of code and dependencies to promptly identify and fix vulnerabilities, ensuring Tukko project’s integrity.
Links to requirements or other sources
Test pre-state * Start
Test steps
- Use a scanning tool to scan for vulnerabilities
- Test by pushing "normal code" to GitLab pipeline to make sure that secure code is not flagged as vulnerabilities
- Try to attack the pipeline with suspicious code
- Check if the scans are successful
- Check that the team is alerted by vulnerabilities
Test end-state
- Verify that If vulnerabilities are found, the pipeline alerts the team to ensure that only secure images are deployed to production.
To be taken into account during test
- Performance: Multiple scans can slow down the pipeline
Test result (Pass/Fail Criteria)
- PASS condition: Secure code is not flagged as vulnerable and threats are flagged as vulnerable and they alert the team
- FAIL condition: Vulnerabilities are not flagged correctly