Skip to content

Add test-coverage model: testCases[], testResults[], coverage and evidence #61

Description

@JohnASRG

Motivation

methodology/UseCases.md lists UC_004 (test plan authoring) and UC_005 (test report correlation) as V1.0 use cases. Today RDX has no schema objects for test cases, test results, or coverage — so tests can only be linked as free-text evidence. That blocks the testing-exchange profile from #50 and the cybersecurity verification side of #57.

Proposed change

  1. testCases[] (top-level): id, title, objective, method (penetration-test | fuzzing | static-analysis | code-review | dast | sast | requirement-test), targetedCybersecurityRequirementIds[], targetedThreatScenarioIds[], targetedAttackPathIds[], procedureRef, tooling, prerequisites[], status.
  2. testResults[] (top-level): id, testCaseId, executedAt, executor, outcome (pass | fail | inconclusive | skipped), findings[] (linked to vulnerabilityLinks from #44), evidenceRefs[] (link to linkedArtifacts[] Richer SBOM/HBOM/VEX linkage via a typed linkedArtifacts[] traceability layer #52 — typically a test report), confidence.
  3. coverageReport (optional, on riskSet): coveredRequirementIds[], coveredThreatScenarioIds[], coveredAttackPathIds[], coverageMetricRef.
  4. Relationship types: verifiedBy, evidencedBy (alongside existing).
  5. Example: examples/rdx-testing-exchange-example.json showing CSR → test case → test result → coverage report.

References

  • AI peer review, "Cybersecurity validation/verification" gap and section 7
  • Related: #44, #50, #52, #51, #57

Acceptance criteria

  • testCases[], testResults[], coverageReport added in JSON Schema + XSD
  • New example validates and demonstrates the full chain
  • methodology/UseCases.md updates UC_004/UC_005 to "Supported" with criteria

Surfaced by external AI peer review; see chat transcript for full review text.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ai-proposalProposed by the AI idea scout; needs human reviewenhancementNew feature or requestpeer-reviewSurfaced by external AI/peer review of the repopriority/P3Low priority — differentiating features

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions