Quality Assurance Measures

This post is a definition of terms for quality assurance measures – including exam questions and tags.

In a Nutshell

Holistic quality emerges through coordinated measures: audits, code reviews, test methods, static code analysis, pair programming, bug tracking, a sustainable development process, and consistent CI/CD pipelines, made measurable through quality goals and quality gates.

Compact Technical Description

Preventive vs. Detective

• Preventive: Guidelines, training, pair programming, definition of done
• Detective: Static code analysis, tests, code reviews, audits

Central is an automated pipeline with continuous integration that builds, analyzes, and tests each change and reports results, and delivers with continuous delivery or continuous deployment. Bug tracking manages the error lifecycle (status, severity, linking to commits, releases). Documents (architecture, ADRs, operations) are maintained and versioned as part of quality.

Exam-Relevant Bullet Points

• Audits internal/external: checklists, evidence, action plan
• Code review: four-eyes principle, checklist, architecture & security
• Test methods: unit, integration, E2E, exploratory, regression (based on test pyramid)
• Static code analysis: style, complexity, duplicates, security, quality gate
• Pair programming: real-time review, knowledge transfer, lower defect rate
• Bug tracking: workflow, MTTR, defect density, linking
• Development process: DoR/DoD, branch policy, release strategy
• CI/CD: automated stages, gates, rollback, feature flags

Core Components

1. Quality goals & metrics (ISO 25010 subcharacteristics)
2. Review practices (code, architecture, security)
3. Test strategy (test pyramid, mutation testing, flaky control)
4. Static code analysis & security scans
5. Pair/mob programming
6. Bug tracking process (triage, prioritization)
7. Development process (DoR, DoD, release flows)
8. CI pipeline (build, lint, test, analysis, artifacts)
9. Continuous delivery (manual release, staging, canary, blue-green)
10. Continuous deployment (automatic when gates are met)

Practical Example (lean QA chain for a web service)

DoD: Unit tests present, coverage increasing, analysis green, review confirmed, ticket linked, changelog, documentation updated
Pipeline:
1) Lint + format
2) Unit tests + mutation testing
3) Static code analysis (quality gate)
4) Build + sign artifact
5) Integration tests in container
6) Contract tests against neighbors
7) Deployment to staging (CD)
8) E2E smoke tests
9) Release / automatic go-live (deployment)
10) Monitoring active
Reviews: PR checklist (architecture, security, tests, documentation)
Bug tracking: ticket (high) → reproduction → test case → fix (commit) → regression test → verified → closed

Advantages and Disadvantages

Advantages

• Early error detection
• Lower rework costs
• Reproducible quality
• Better compliance evidence
• Higher team knowledge
• Faster & safer releases

Disadvantages

• Initial implementation effort
• Learning curve
• Possible slowdown without discipline
• Metric-driven management can skew behavior

Typical Exam Questions (with Short Answer)

1. Continuous delivery vs. continuous deployment? Delivery: technically possible at any time, manual release. Deployment: automatic when gates are green.
2. What belongs in a review checklist? Architecture conformity, security review, error handling, tests, naming, complexity, logging, documentation.
3. How is an audit prepared? Define scope, gather evidence, provide policies/ADRs, sample checks, action plan.
4. Role of static code analysis? Automatically detects stylistic/structural/security violations, sets quality gate.
5. How do you measure test effectiveness? Mutation score, flaky rate, defect detection before release, coverage as trend.

Most Important Sources

1. https://martinfowler.com/articles/continuousIntegration.html
2. https://testing.googleblog.com
3. https://owasp.org