Sprint 75 Review (2019-06-11)

Availability

(assume Team Availability Calendar is up to date, otherwise, everyone was available for 8.5 days of the 2-week Sprint)

Full team availability 8.5-day Sprint * 8 dev team members (adjusted as below)58 days

Andy -4, Yafang, JohnO, Simon -1, Ola -1.5, Jay - 0.5, Pepe -1, John -2


Total team availability this Sprint85%

POs present a review of Sprint goals and other committed work

Sprint Goal: 
Complete sync service and focus on a Revalidation workshop - to determine the plan of attack.
  • Security fixes
  • Trust ID fix
  • Sanitizer (special characters)
  • Rotations fix
  • Monitoring
  • Service Status

POs supported by Dev team provide narrative on why, and what, emergency work was brought into the Sprint and which committed-to tickets were moved out as a result

Live Issues:

type summary story points (effort) assignee created status
Loading...
Refresh

Dev team demo 'done' work contributing to those goals (no more reference to specific list of Jira tickets, and no more reference to work not 'done')

ItemDemo - from Prod URL where feasibleDemo link

1.

Remove the Synchronisation jobs within TCS and build a separate Synchronisation service

Jobs now in production but have not been set to take over from the TCS jobs as yet

2.

Reval (& Concerns and Notifications) rebuild architecture workshop (Alistair Pringle (Unlicensed))


3.

TIS-ADMINS-UI: Security vulnerabilities (Oladimeji Onalaja (Unlicensed) and john o'meara)

Bootstrap and Webpack-Bundle-Analyzer: Needed to be addressed because it opened our app to Cross-Site Scripting (XSS). XSS is a type of attack where malicious scripts are injected into trusted websites. For example, an attacker can send malicious code to an end users and when the script gets executed, a range of  script-specific hacks could be performed.

Screenshots showing Bootstrap-related styling issues and fixes: BootstrapTicket_2755.docx 

4.

Changing the trust a Site is linked to on the Site reference table on the FE does not cause the Trust ID to be updated (Oladimeji Onalaja (Unlicensed))

Before Fix

Site Creation: https://www.loom.com/share/2f1e398ea6d54d5c9780f1208c30fd3e

Site Updating: https://www.loom.com/share/55c0b78e3e5340b0a97f2770070528cf


After Fix

Site Creation: https://www.loom.com/share/afd2db8829414288b3f7196730fdbef3

Site Updating: https://www.loom.com/share/b806baf461fb438dbbdc398477829fc4

5.

Replace backend query param sanitizer 

TCS Jayanta Saha

Bulk Upload Yafang Deng

Assessment Yafang Deng

Before Fix

https://www.loom.com/share/005de071336a40e3be17d5795c909b5c

6.Portsmouth NHS Trust applicants for August 2019 Rotations not exported. 
The Trusts needed to inform their new starters to meet Code of Practice so this became an urgent to resolve. 

Issue spotted with applicants not exported for August 2019 rotations for the Portsmouth NHS Trust on the 7th of May 2019.

Applicant records were successfully exported on the 03rd June following a manual fix:


App files need to have been generated after running notification load on the same day - care needs to be taken when running these jobs manually after failures to ensure that everything has been run in the right order.


7.

ESR - Investigate on having Monitoring for the FTP uploads and downloads failures on N3 Simon Meredith (Unlicensed) John Simmons (Deactivated)

Investigation to determine how we can monitor failures better. We looked at previous failures where files hadn't been uploaded/downloaded/stored etc. We determined that a major cause of the problem is the N3 bridge which is a server that sits between our ESR ETL/Azure subscription and the FTP server that is used to transfer files between ESR and us. We are moving to a new Azure subscription which will in future be able to connect to N3 directly. This will enable much simpler and robust monitoring, much of which we can do from within the ESR ETL.

8.User unable to create Site because of duplicated associated Trust Jayanta Saha

9.Service Status (Abrar Khan (Unlicensed) and Peter Collum (Unlicensed))

Stakeholders / Users invited to query / interrogate / applaud (after Sprint Review POs convert consensus inputs into backlog tickets, giving the option to consider them in the coming Sprint Planning)

POs present the roadmap