There are 3 types of Quality checks provided by the ACM CI/CD process.
Code Quality
Performance Testing
Security Testing
Below are given Security & Performance Testing criteria
1. Security checks
Critical:
Critical security is based on 13 AEM Security health checks.
AuthorizableNodeName Implementation does not expose authorizable ID in the node name.path
Dispatcher filtering request validation
The Adobe Granite HTML library manager is configured appropriately
Default password must be changed
Deserialization firewall Attach API readiness is in an acceptable state
Deserialization firewall is Functional
Deserialization firewall is Loaded
Sling default GET servlet is protected from DOS attacks
The Sling Java Script Handler is configured appropriately
The Sling JSP Script Handler is configured appropriately
The Sling referrer filter is configured in order to prevent CSRF Attacks
Correct SSL configuration
No, Obviously insecure user profile policies found
Important - 6 checkpoints
CRXDE Support bundle is disabled
Sling DavEx bundle and servlet are disabled
Sample content is not installed
Both the WCM Request Filter and the WCM Debug Filter are disabled
The web server is configured to prevent clickjacking
Sling WebDAV bundle and servlet are configured appropriately
Information
Replication is not using the admin user
2. Performance Tests are based on
Critical
The error rate is less than 2%
Total CPU utilization is less than 80%
Disk I/O wait time s less than 50%
Important
95 % response time er page is not longer than 3s
Peak response time is no longer than 18s
Pageviews per minute are greater than or equal to 200
Disk bandwidth utilization is less than 90%
Network bandwidth utilization is less than 90%
Information
Overall requests per minute are less than 6000
CRXDE Support bundle is disabled
Sling DavEx bundle and servlet are disabled
Sample content is not installed
Both the WCM Request Filter and the WCM Debug Filter are disabled
The web server is configured to prevent clickjacking
Sling WebDAV bundle and servlet are configured appropriately
Information
Replication is not using the admin user
2. Performance Tests are based on
Critical
The error rate is less than 2%
Total CPU utilization is less than 80%
Disk I/O wait time s less than 50%
Important
95 % response time er page is not longer than 3s
Peak response time is no longer than 18s
Pageviews per minute are greater than or equal to 200
Disk bandwidth utilization is less than 90%
Network bandwidth utilization is less than 90%
Information
Overall requests per minute are less than 6000
3. Code Quality checks
The ACM build does code inspection based on SonarQuebe, which includes around 110 rules like standard Sonar Java rules, FindBugs rules, Cognifide AEM Rules, Adobe-created Rules.
No comments:
Post a Comment
If you have any doubts or questions, please let us know.