Licensed to be used in conjunction with basebox, only.
basebox Testing Overview
Purpose
This document provides an overview of the test concept and all test activities which are performed to verify basebox. Since basebox is an Off-the-shelf Software, OTS (for details refer to the Intended Use description) the Medical Device validation requirement does not apply.
Basebox testing is focused on verification activities of different types.
Note
This document provides an overview of the basebox verification activities but does not contain detailed descriptions of test cases of any test level since this information is of sensitive nature. Test cases can be audited after consultation with the company.
Terms and Definitions
Clippy
A collection of lints (code analyzer) to catch common mistakes and improve your Rust code (Source: Introduction - Clippy Documentation (rust-lang.org)).
- Git
-
Git is a distributed version control system that tracks changes in any set of computer files, usually used for coordinating work among programmers who are collaboratively developing source code during software development. Its goals include speed, data integrity, and support for distributed, non-linear workflows (thousands of parallel branches running on different computers), (Source: Git - Wikipedia).
- Gitea
-
Gitea is a lightweight DevOps platform. It brings teams and developers high efficiency but easy operations from planning to production. Some of the core capabilities are:
Code Hosting - Gitea enables the creation and management of repositories, exploration of commit history and code files, review and merging of code commits, collaboration management, branch handling, and more…
Code Review - Code review accommodates both Pull Request and AGit workflows. Reviewers can easily examine code online and submit comments or inquiries. In response, submitters can view the feedback and address it directly online. Code reviews facilitate enhanced code quality for users and businesses.
CI/CD - Gitea features an integrated Continuous Integration (CI) / Continuous delivery (CD) system, Gitea Actions, that is compatible with GitHub Actions.
Projects - With Gitea you can efficiently manage a project's requirements, features, and bugs through issue tasks, labeling, and kanban project boards.
(excerpted from: Gitea - Lightweight DevOps Platform). - Rust
-
Rust is a programming language that is growing in popularity. While its user base remains small, it is widely regarded as a cool language. According to the Stack Overflow Developer Survey 2022, Rust has been the most-loved language for seven straight years. Rust boasts a unique security model, which promises memory safety and concurrency safety, while providing the performance of C/C++. (excerpted from the Carnegie Mellon SEI blog: Rust Software Security: A Current State Assessment (cmu.edu).
Test Planning
The following aspects were considered during the planning and development of basebox tests:
- Use a programming language which is avoiding errors (like memory corruption) rather than finding errors during testing (if at all)! That`s why basebox was programmed using “Rust” as a robust and safer language. For details refer to Rust Software Security: A Current State Assessment (cmu.edu), published by the SW Engineering Institute of the Carnegie Mellon University.
- Develop test cases while you write new or maintain code. Automate as much as possible and integrate testing in a continuous integration approach.
- Leverage the test capabilities of the development framework and the programming language “Rust”.
- Use dynamic (e.g., by running unit tests) and static testing techniques (e.g., code inspection). Consider the four-eye principle not only for the programming code but also for verifying inline test cases.
- Perform testing (verification) across the following levels:
- Unit
- Integration (Interfaces)
- System
- Comply with good testing practices and regulatory requirements from:
- IEC 62304, sections: 5.5 Software Unit implementation and verification, 5.6 Software integration and integration testing, 5.7 Software system testing, and 5.8.1 Ensure software verification is complete (also considering regression testing and software problem resolution process for all test level)
Test Strategy and Test Environment
The Integration of the basebox Testing in a Continuous Integration and Delivery Approach (CI/CD) was a primary goal of development planning. The CI/CD approach was established by implementing the following tools:
Gitea – is a frontend tool which supports the implementation of the basebox CI/CD approach. The following features of Gitea are used to support any testing:
- Configuration management for distributed development environments and activities including testing.
- Enable Branching, merging, and baselining of Configuration Items, including the identification of test versions or successfully verified (main) branches.
- Align and integrate all necessary verification steps to ensure a successful generation of a main branch (a customer version).
- Support code reviews.
Rust – is the programming language which was used for the development of basebox. Rust is also being run by Gitea during CI/CD actions. The Rust programming framework consists of several verification steps during binary generation. The following sequence of verification perform static code analysis with an increasing level of rigor:
- The Compiler checks for security weaknesses in the code.
- Clippy provides a more thorough collection of lints (code analyzer) to catch more mistakes and improve your Rust code.
Git – provides fundamental version control and configuration management functionality and supports distributed development. Gitea integrates Git.
Testing Level and Test Types
The following table provides an overview about which tests are performed in which sequence.
Verification Activities on Unit Test Level | Test Type | ||||||||
Static Analysis | |||||||||
1. Code Reviews |
|
Peer Review | |||||||
2. Code Analyis |
|
Static analysis to ensure (non-comprehensive list):
|
|||||||
1. Vulnerability Analysis |
|
Security | |||||||
4. Create SBOM | Cargo SBOM creates a SBOM with formalized formats like SPDX. | Security | |||||||
Dynamic Tests | |||||||||
1. Functional Tests |
|
Functionality Performance |
|||||||
Regression Testing |
| ||||||||
Verification Activities on Integration Level | Test Type | ||||||||
Integration Tests |
|
Internal / External Interfaces Regression |
|||||||
Verification Activities on System Level | Test Type | ||||||||
Functional Tests |
|
Functional | |||||||
Stress/Load Test |
|
Stress Load |
|||||||
Security |
|
Security | |||||||
Penetration Tests |
|
Security | |||||||
Reviews/td> |
|
Documentation |
Test Results
All test results are persisted in gitea.
History
Released | Who | Changes |
---|---|---|
Dec-2023 | basebox | Initial Release |