feature/story_139

[lotsofthoughts]

🔗 Part of : Rules Engine 0.4

Engine Reporting | Aggregation Hook | Data-driven decisions New Requirements

Governance Features

Narrative	Ask	Desired Result	Rationale
As a DevSecOps engineer	I want aggregate reporting for Governance Rules Engine	so that the overall usability and readability of the pass/fail data is substantially improved	because data-driven decisions require an improved interface.

Note

This is story is part of a PDI for Rule Development SERIES

Requirements

• repository must have a key/value report value
• repository aggregations must occur so the sheet key is sorted by variadic repo rows
• score must be presented as a key/value pair per repository
• status must be presented as pass/fail key/value pair per repository
• rule-id must be stated for each variadic group
• description must be stated for each variadic group

Notes

Please follow guidelines for review¹ and take the opportunity to demonstrate this with the team upon completion of the acceptance criteria.

Important

In order to mark this story done, you must follow the Acceptance Criteria² and Definition of done³.

Acceptance Criteria

Criteria	Details
Efficiency	Typescript code must be efficient, reusable, and modular.   Code must be complexity of less than 10.
Security & Governance	Code must enforce security policies, governance standards, and rollback scenarios.
Code Complexity	Complexity must be < 10 or Ω(n log(n)) or at worst:  O(n log(n))
Linted	Code must be linted with Deno Lint or ES Lint
Commit Hooks	Code must be pre-commit and pre-push validated with LeftHook using Orchestras Templates
DevContainer	Code must maintain an active DevContainer
Branch Protection	Branch protection rules must be enabled for all repositories.
Coverage	Code should be covered by at least 80% of Unit and 50% of Integration Tests.
Portable	Code should maintain 12-factor standards
Reviewable	Code should be reviewable and run through Copilot AI code review
Checking	Deno code should be checked for binary compile time type checks
Versioned	Code should be versioned using SemVer and implement Auto-Bump, and .semver files
README	Documentation should be created and contain a logical diagram

Definition of Done

Task	Requirement
Code Review	Must be reviewed and validated for efficiency and compliance.
Security Checks	Governance and security enforcement must be validated through automated tests and quality scanning system such as Checkov and Trunk.
Documentation	Workflow execution must be documented in Confluence (DevOps BestPractice DevSecOps).
SAST	SAST scanning for secrets and CVEs should occur with TruffleHog and Trunk, SonarQube, or BlackDuck at check-in.
FIPS-140-3	SSH Keys and Github Tokens must be secured with FIPS-140 implemented.  All secrets must be encrypted, entropy detected, and keys password protected and stored in KeeBase with incremental backup.,
Transcrypt	Transcrypt must store local secrets using SSH-Agent and GNUPG keys.  Public key is stored at .semver.author.gpg.tag
Vault	Secrets going over the wire should always be stored in Ansible Vault or Azure Key Vault.
YML	YML is preferred over JSON standards.
DORA	Reporting should implement DORA and Github Self Actuated Metrics.
12-Factor	All code and documentation should adhere to 12-factor standards

Footnotes

1. @octocat : When ready to ship code please review with a emoji! ↩

2. Acceptance Criteria must be reviewed by developer with PO. ↩

3. Definition of Done must be reviewed with Architect and Team. ↩

[mckesson-lynsei]

pls okayiluvubyebye 💕