This is the list of what should be handed over (checked by SaFi side after handed over), and also it is a good agenda for the handover meeting:
- Jira - how is the work managed, how to work with it
- Confluence - how is documentation structured, a brief overview
- 3rd parties - what, for what, where it is documented
- Contact persons/channels - for 3rd parties, products, …
- Credentials - where are they, how are they managed
- Dev level test - what is covered, what not, where to put the focus, where to be careful
- Bugs/VAPT findings - which are there for SaFi to pick up
- Planned development for MVP
- Ownership handover
- For developers (workshops)
- Oustanding items
Technical Handovers sessions:
Jira
Sub-squads Boards:
Core Banking
Core Foundation
Data Foundation
App Foundation
SRE
Legacy board:
Note: Issues are filtered out in boards based on the Component attribute assigned to each specific issue.
Confluence
Root of documentation: SRE/DevOps
3rd parties
Information on 3rd parties utilized by Application squads can be found in the respective Engineering handover documents.
Communication between VL team and respective 3rd parties has been usually established directly by Ion Mudreac and Jideo Pena (Unlicensed).
Contacts
Describe important persons and communication channels (e.g. with 3rd party in Lark)
Ion Mudreac - Technical/Business owner
User b6b4a - Security requirements
Andre Laksmana (Unlicensed) - Application Team Front-End (DK)
User 87682,Lukas Civin - Big Data processing
Other squads: Squad Stakeholders
Credentials
Dev level test
N/A - no tests were planned and neither implemented
Bugs/VAPT findings
VAPT done on the application level - all vulnerabilities were reported on the application level. App squads may need assistance/involvement of DevOps in remediation of some issues - either by creating a SRE ticket or reaching out to the squad directly.
Tickets that need DevOps involvement:
SAF-130 - SaFi-2022-9 SaFi Mobile Application Information Disclosure via Stack Trace Backlog
SAF-142 - SaFi-2022-10 SaFi Mobile Application HTTP Headers And Cookies Best Practices Done
SM-7448 - SaFi-2022-24 SaFi Mobile Lack of SSL Certificate Pinning Done
Full VAPT vulnerabilities report to review.
Planned development for MVP
Roadmap
Src: https://miro.com/app/board/uXjVPN2ub5k=/
See also Backlogs (To Do) per individual components (Core Banking, Core Foundation, Data Foundation, App Foundation, SRE).