Software Developer Epic

This epic describes briefly the role, responsibilities, tasks and how the software developer interacts with the toolchain in order to accomplish his tasks in an efficient way.

Responsibilites, Tasks and Role

As a software developer I am responsible for the developement of the software (sub)system. Based on the overall architecture given by the Software Architect I decide on the design in the sub system I am in charge of. In order to do my tasks in an efficient way I integrate OSS and other 3rd party compoments. Per default I am searching in the internet for components which provide functionality that I need. I do not care about the dependencies of the components since I do not have the time to do so. I want to write easy to maintain modular code. I develop the software on feature branches, which I test before I do a PR for the main branch. My goal is to realize features as fast as possible implemented in software which is easy to test and maintain. In regard to the integrated 3rd party components my goal is to find as many suited components as possible which I can integrate to be as efficient as possible.

Epic

As a software developer I want to integrate with no effort 3rd party components in the (sub)system I am contributing to. When integrating a component in the software and thus in the build pipeline, I want that the component and all its dependencies are automatically made known in the internal component inventory and that the bill of material of the application is automatically updated accordingly. I do not want to have any additional effort caused by the "book keeping" of the application's ingredients. Further I want to have an overview of the components license information as well as the resulting obligations, restrictions and risks. In case the component or parts of it violate either the organization's policy or the application's policy I want to have the exact information what is violating what (e.g. "file yxz is licensed under abc, this license is not approved for the application"). I want to have the ability to provide information on such violations or any other "item to clarify" online. I also want to see in the component inventory whether the component I integrated is already known, whether there are alternative components avialable and I want to have an overview about the "quality" of the component and existing security vulnerabilities. Since I need to experiment with components I do not exactly know whether they really fit the purpose. Due to this I shall be able to configure whether the integrated component(s) will be added to the official bill of materials of the application. The best for me to do so is via tagging the builds or when my PR gets merged.