Roles: Software-Engineer

"Area Path" and "Iteration Path" are standard fields in Azure DevOps (ADO), and they are used to organize work items by product classification, team, and time period.

Performing an Attack Surface Analysis includes analyzing the security architecture to identify and document product interfaces and surfaces that could be attacked, as well as consider if there are planned security measures that will provide enough protection against attacks on these surfaces.

This guide describes the recommended branching strategy to manage code repositories.

This guide describes how bugs – when they are created in Azure DevOps (ADO) – also are classified to ensure that they are handled with regards to their severity and potential impact.

A code review intends to improve the quality of the code. Someone other than the author of the code performs the examination. Code review is mandatory for new code and code changes (pull request).

Code signing is a crucial process in software development that ensures the integrity and authenticity of software code. It involves applying a digital signature to software programs, scripts, or drivers.

This guide describes the most fundamental parts of component capabilities. It also includes a flowchart of component capabilities updates and a list of attributes sometimes mistaken for component capabilities.

This guide provides a quick overview of component tests and when and how they should be used.

This conceptual guide explains the purpose of configuration audits and presents the main parts of a configuration audit and the highlevel approach adopted in PCP.

User documentation should provide the necessary information to help the customer ensure that the site is as secure as possible.

The Development Team process manages the planning, prioritization, and visualization of all activities related to the development of software and hardware components. There are multiple development teams in each development stream.

During L4 fault tracing it may be required to send a debug release outside of PCP. This has to be handled with care as it isn't a formally released software.

This guide defines requirements and methodologies for VHDL designs and test benches. It helps PA develop FPGAs using VHDL.

This guideline describes how to write Functional Description and Detailed Design documents.

This guideline describes how to perform a Functional Description and Detailed Design review.

A product issue is a uniquely identified problem impacting a product, requiring clear communication with various stakeholders. It must be documented with accurate information and version details and managed in parallel with bug management and product releases.

This guide focuses on describing the practical change of the work item, starting from a process change request received, to the completion of a pull request updating the template.

The purpose of this guide is to provide handson support to the roles involved in setting up a test plan and test suites in Azure DevOps (ADO), demonstrating the product's test coverage.

This guide describes how to use Markdown to document technical information using the Azure DevOps (ADO) wiki. The Markdown files can be reviewed, approved, and baselined with the code. The code and technical documentation can be restored from the same baseline when a released product needs to be updated.

This guide provides handson support for the roles involved in executing test cases and reviewing test results.

A work item of type "Bug" can be used to suggest an enhancement, something that is not a real defect, but an idea for improvement. This guide describes how to handle enhancements as bugs.

This guide describes how to determine if a malware suspicion is correct or false and how to handle both scenarios. It also includes information about how malware is detected in ABB software.

A bug is an unexpected problem in the software or hardware which can be reported for any issue in a product by e.g. product managers, product owners, test engineers, or customers (via L3 or L4 Support).

The ABB Cyber Security Assessment Tool Importer is an internal utility tool used to import the security requirements from various assessment spreadsheets into Azure DevOps (ADO) as security work items.

For a new epic, feature, or user story, there may be a need to write new test cases or modify existing test cases. The purpose of this guide is to provide handson support to the roles involved in writing, updating, or reviewing test cases of a product.

This guide provides an overview of Kanban and its application to software development teams.

This guides includes general information about performance testing and a brief description of different types of performance testing.

Table of contents

This guide explains what a product issue number (PIN) is and how it is used within the PCP organization.

The product test verifies that the product to be released has acceptable quality. It applies to new products and maintenance/updates of existing products.

What is a pull request?

The following component test frameworks are recommended but not mandatory.

This page contains a list of Azure DevOps extensions that are preapproved for use in PCP.

Each feed created in an organization is highly recommended to use the below settings. Below recommended settings are based on the need for development and cost estimate for ABB.

The following unit test frameworks are recommended but not mandatory.

Software architecture is not a static document, instead, it's a continuous iterative process throughout each increment. This guide serves as a reference for the roles providing and describing different levels of architecture.

The developer/author scope definition quick checklist.

This guide describes how Scrum can be used by teams to manage their work. Scrum is a framework that implements the principles of Agile as a concrete set of artifacts, practices, and roles.

Secure coding standards are guidelines, best practices, and coding conventions that can be used by software developers to prevent security vulnerabilities and improve the overall quality of the software during the software design & development phases.

This document describes the secure coding guidelines for the .NET programming language. Some of the guidelines are generic, whereas some are specific to the .NET programming language.

This document describes the secure coding guidelines for the C programming language. Some of the guidelines are generic, whereas some of them are specific to the C programming language.

This document describes the secure coding guidelines for ReactJS. Some of the guidelines are generic, whereas others are specific to ReactJS.

This chapter gives some basic best practices for a secure software design. Assessing how security is addressed in the design of a product is one important step to ensure that the product meets the best security level and can be done at various points in a product lifecycle.

The Security Criticality Analysis is performed to identify which of the components in a product are important to pay extra attention to when trying to minimize the risk of vulnerabilities.

Introduction

This guide gives an overview of the software artifact model which describes the relationship between artifacts used in software development.

Software development supports the incremental development of features that can be delivered to streams or other stakeholders. Included are design, implementation, unit tests, component tests, and bug fixing. Software development can result in deliverables, e.g., firmware, applications, and tools.

The software engineer creates highquality software solutions (incl. FPGA) by analyzing requirements and designing, developing, integrating, and testing software for products or systems.

This code review guideline is written for those in the Control organization working with Git and includes the functional safety related aspects to adhere to. The guideline is directed to both source code level as well as feature level.

This guideline describes the custom standard fields used in bug templates. For a more general picture of the standard work item template change process in Azure DevOps, see ADO standard work item template change management process.

This guideline describes the Document Update work item type and the custom standard fields used in its template. For a more general picture of the standard work item template change process in Azure DevOps, see ADO standard work item template change management process.

This guideline describes the custom standard fields used in the Epic template. For a more general picture of the standard work item template change process in Azure DevOps, see the ADO standard work item template change management process.

This guideline describes the custom standard fields used in the Feature template. For a more general picture of the standard work item template change process in Azure DevOps, see the ADO standard work item template change management process.

This guideline describes the fields used in the system epic template.

This guideline describes the custom standard fields used in the User Story template. For a more general picture of the standard work item template change process in Azure DevOps, see ADO standard work item template change management process.

Static source code analysis is a method for analyzing the source code without executing it. This guide provides relevant information about static code analysis within PCP R&D.

After reading Secure Design Best Practices, this page describes some weaknesses around concepts that are frequently used or encountered in software development environments. This includes all aspects of the software development lifecycle including implementation.

This guide describes what system interfaces are, how they are documented, and how they are managed.

This guide gives an overall view of the test performed before a component, container, product, or system is released.

The test phase checklist is a general guide for users to gauge the quality of product build delivery before starting tests in system test (ST) or RAT. Further, tailoring can be done to align the checklist with any specific product.

This guideline briefly describes test techniques used at the different test levels. Each project defines the test levels and when to use the various test techniques.

This page contains support contacts for commonly used DevOps tools.
Although the Configuration Manager (CM) often plays a major role to integrate these tools in pipelines, the CM is not responsible to support in case of issues with the tool, like tool bugs, upgrades, service unavailability. In most cases, these tools are managed and supported by IS. IS will take care of tickets in ServiceNow and will open requests to the vendor if required.

This tutorial gives an overview of how to work with Markdown. It describes how to change content on the "PCP R&D Processes" website, and can also be valuable for anyone using Markdown in Azure DevOps (ADO).

This guide gives an overview of what a unit test is, and when and how it should be used.

This guide provides valuable tips to anyone involved in creating unit tests. A good unit test should be easy to understand, reliable, quick to run, and without dependencies.

The traceability of the work items shows the relationship between them in Azure DevOps (ADO).