In the spirit of improving the OpenMRS fellowship program, the Quality Assurance team would like to take a step further and establish how to work with implementing organisations and partners. This would mean either have fellows sourced from interested organisations or OpenMRS would have fellows (selected through the normal selection) work directly with interested organisations.
A win-win situation for the OpenMRS community and the interested organisation needs to be established. One way to create this situation would be to have a common project with predetermined objectives. As such, I would like to solicit potential QA related project ideas organisations would like to work on with OpenMRS.
Some project ideas I have that may be of interest are as follows:
Establishing Proactive Software Quality Assurance, especially with short delivery cycles. The objectives under this idea would be:
Determine a testing approach, e.g. manual, automated scripts or a hybrid approach.
Identify preferred tools and emerging technologies. e.g. Scriptless Test Automation
Implement and evaluate the success of the identified tools and approaches.
Security testing. The objectives under this idea would be:
Determine how to identify critical security vulnerabilities faster and early.
Identification and implementation best practices and tools.
What are some of the other project ideas do you have? Feel free to respond directly to this talk post or even expound the two ideas shared above.
@tendomart Thanks for sharing your ideas! Right now, these seem more like topics that we could explore and generate possible project proposals. The decision support one definitely has promise because it ties into the ANC DAK work that includes some decision support features.
So my question now: what would be the focus of a QA capstone project to support decision support features/functionality? Or the ANC DAK work as a whole? Another way to start thinking about this: what would the results of a fellowship project for decision support be?
I think anything that falls along the OWASP ZAP top ten vulnerabilities is worth looking at.
However, being specific to RefApp, below is what i think is a must looking at.
Broken Access Control: We should make sure that privilege and role implementation is working as intended, ie, different system users are accessing different parts of the system as proposed in the system architecture.
Checking libraries and other third party APIs integrated: A third party library might have a known vulnerability in some version we might be using in our instance. As the solution to this is most times as simple as upgrading to the latest library version, this is tricky with regards to our OMRS due to the many changes that might rise. This is most common with our backend. It might cost a whole lifetime to reconfigure everything after an update.
Injection: The system being an EMRs, we are dealing with secure and secrete patient information of different individuals with different political, social and economic statuses in verst countries. This means that we have to be very careful with data vulnerabilities in the workflow of accessing the database ie, the backend and its tools, APIs, and the rendering of the information to the frontend.
Question: How are we constantly going to check for security vulnerabilities.
I think we should invest some resources and think about how to bring OpenMRS SonarQube (https://sonar.openmrs.org/) to the level worth relaying on for security other than doing these tests manually
We should try to increase the awareness of OpenMRS QA products to other developers and teams concatenated with ensuring that there is constant update/upgrade of the QA tools to reference the constantly changing OpenMRS instance.
Generally
We should use Automated tests over Manual Tests
OpenMRS products that are under rapid development should be given first priority with regards to getting Automated tests.
These automated tests should cover all the designed features of the product ( eg. with reference to 3.x all the features manually tested at O3 Exploratory QA: OpenMRS 3.x Requirements Rubric by @grace are worth being automated)
These tests should be kept alive and valid (up to date) with reference to the instance
All tests must pass before any global release to stakeholders.
I think the end goal should be ensuring that a specific OpenMRS product has fully complete, efficient and reliable Quality Assurance tooling well automated along the CI.
reliable Quality Assurance tooling well automated along the CI.