Peer review is the process to control the quality of the developments and configurations performed in the instance. Peer review is applicable to element issues and to update-set completion with quality gates fail.
In order to configure the Peer Review, you need to head to User Administration > Groups menu, and search for Quality Clouds Peer Reviewers group, and add the developers that might be engaged reviewing the Quality Cloud scan results of Live Checks on behalf of their team. Hence, this group is responsible for approval/rejection of element issue write-offs (Exception requests), and update-set completion with quality gates FAIL.
Once developers are added to the group, a Quality Clouds API Key is automatically generated for them, in order to persist the action into the main Quality Clouds for ServiceNow rules engine, and considered by future Live Checks and Full Scans triggered.
Peer Review reasons configuration
Under Quality Clouds application menu, there is menu called Quality Clouds list values to configure the justification of elements write-off and update-sets.
Peer Reviewers operation
Under Quality Clouds application menu, there is 2 submenus: Issues Peer Reviews and Update Sets Peer Reviews, to operate all historic and pending requests (from assign to approve/reject).
Each of the sub-menus has the following options
- Unassigned - Accessible only to members of the Quality Clouds Peer Reviewer Group. Shows all unassigned Peer Reviews of the type (Issue or Update Set)
- Assigned to me - Accessible only to members of the Quality Clouds Peer Reviewer Group. Shows all Peer Reviews of the type (Issue or Update Set) assigned to the current user
- Requested by me - Accessible to all users with the Quality Clouds Application Admin role. Shows all Peer Reviews of the type created by the current user. Developers who are not in the Quality Clouds Peer Reviewer Group can use this module to see all the Peer Reviews of each type which have been requested by them.
By selecting a Peer Review a new screen will allow to asses the element or update-set that originated the request and perform the following operations:
- Assign to me (When the logged in user is not the Requestor of the Peer Review)
- Approve (When the logged in user is not the Requestor of the Peer Review)
- Reject (When the logged in user is not the Requestor of the Peer Review)
- Decline (When the logged in user is the Requestor of the Peer Review)
- Add work notes and activity to provide evidences of the attestation made
Element issues: write-off
Depending on the customer configuration, the mechanism to silence detected issues called "write-off" might be set in 3 different models:
- Write-off disabled. This configuration is the most restrictive, and requires all issues to be fixed by de development team, or re-calibrate the ruleset.
- Write-off auto-approved. This configuration allows to write-off issues directly without further review or approval process required. Typically used by customers who want to accept all existing issues and technical debt.
- Write-off peer review. This configuration is meant to be the most appropriate for mature teams conscious of quality in on-going basis. Typically used by customer who want to assess the quality during the development lifecycle, and linked to the Quality Gate configuration.
Application of write-off
The write-off request is managed through the issues detected by Live Check during regular development. So once Live Check returns the results, and in case of having the Quality Gates AddOn, the recommendation is to first deal with those issues that causes the gate to fail. Then clicking through these Active issues, a page like the following is shown:
Depending on the customer configuration explained previously, the button will:
- Not appear (model 1).
- Auto-approve the write-off (model 2), and register the action under the peer review activity with status Approved.
- Trigger a write-off request to the Peer Review group configured (model 3).
Approval of write-off
The approval of write-off in case of model 3 (Peer Review module) is done by the group of Quality Clouds Peer Reviewers and explained in the Setup > Peer Reviewers Operation section above.
Once the write-off is approved, a new Live Check request must be done to refresh the list, and this issue will automatically be disappeared from the Active list.
Update-set issues: complete not allowed
Quality Clouds Peer Review controls the completion of update-sets with Quality Gates, this means that on every attempt to Complete an update-set, a Live Check of all elements included will be triggered automatically. This is to prevent elements with issues that are not allowed by the Quality Gates configuration to be promoted to upper environments. This is the cheapest moment to address quality, as it is at source and close to the development coding time.
The following flow chart depicts the udpate-set completion process to trigger a Peer Review, and exceptions supported:
Developers have already been warned during their Live Checks those elements failing the gate with a red warning message, they are not required to fix them at least until the element is to be promoted to an upper environment.
The screen informs the user that the Update Set is failing the Quality Gates threshold. If they still want to close the Update Set, they will need to enter a Reason from the drop down list, and to add some commentary detailing why the decision was made. After these fields are filled in, clicking the "Request Update Set Peer Review" button on the form will close the Update Set, and register a new Peer Review in Quality Clouds. If the user wants to fix the issues on the Update Set before closing it, they can click on the "Cancel" button, which will take them back to the Update Set definition form. The status of the Update Set has not been saved to "Closed" at this point.
Approval of update-set peer review
Once the button is clicked, a new Peer Review is generated and an entry created under the Quality Clouds > Update Sets Peer Review menu in order to authorise the Completion of an update-set having issues failing the Quality Gates configuration.