Testing Policy

SW360 Testing Policy

To ensure the reliability, maintainability, and security of the SW360 portal, this policy mandates automated testing for all code contributions.

Policy Requirements

1. New Functionality

Every new feature or major enhancement MUST be accompanied by automated tests. This includes:

• Unit Tests: For individual components and business logic.
• Integration Tests: For service interactions and data handling layers.
• API Tests: For new REST endpoints.

2. Bug Fixes

All bug fixes MUST include one or more regression tests that demonstrate the bug being fixed and prevent it from recurring.

3. Automated Execution

All tests MUST be integrated into the project’s Continuous Integration (CI) suite. No contribution will be merged if it causes regressions in existing tests.

4. Coverage Targets

The project targets a minimum of 80% statement coverage across the core Java and JavaScript codebases.

• Contributors are encouraged to monitor coverage reports generated by the CI pipeline.
• While 100% coverage is not strictly required, critical security-related code paths MUST strive for complete coverage.

Testing Frameworks

The project utilizes the following tools for testing:

• Backend (Java): JUnit 5, Mockito, AssertJ, and JaCoCo for coverage.
• Frontend (JavaScript/TypeScript): Jest or Vitest for unit tests, and Cypress/Playwright for E2E testing.
• Static Analysis: CodeQL and Checkstyle are used to enforce code quality and security standards.

Contribution Workflow

1. Develop: Write code and accompanying tests.
2. Verify locally: Run mvn test (backend) or pnpm test (frontend) to ensure all tests pass locally.
3. Submit PR: Open a Pull Request on GitHub.
4. CI Validation: Ensure that the “SW360 Build and Test” workflow passes successfully.
5. Review: Maintainers will review the tests as part of the standard code review process.