Code & Architecture Gate

Background

The Code & Architecture gate ensures that your app’s source code is written in accordance with industry best practices, is maintainable, does not contain any open source library licensing or copyright issues, and does not put KP data at risk.

Requirements

The Code & Architecture gate requires access to the app source code repository and valid test credentials.

It is advised that all vendor contracts for Custom apps include a clause that stipulates KP owns the source code.

MCoE Code & Architecture reviewers will need access to your source code repository, generally delivered as a secure link to a repository site such as Github.
- If you are using a vendor-provided app and your contract with the vendor does not require them to give KP access to their app source code (in the interest of protecting their intellectual property), then this gate will not apply to your certification.
- If you are hiring a developer vendor to build a custom app for KP, the MCoE strongly advises that you include a clause in your contract that stipulates that all work product relating to the app, including source code, is the intellectual property of KP and must be provided to KP as part of the named deliverables KP is purchasing

MCoE Code & Architecture reviewers will need to download and test your app as part of their process.
- Vendor apps available for free download on public app stores can generally be downloaded from those stores by the reviewers individually.
- Your reviewers will need at least 2 sets of valid credentials (user names and passwords) to test with.

Output

MCoE developers performing this review provide you with a copy of their findings, prioritized by issue severity.

Approval

For MCoE Certification to be awarded, all “Actions for this Release” marked items will need to be remediated prior to release.

Service Level Objective