LiveCode Forums

Hi
I appreciate Livecode offer a code review service but this is pricey for a sole developer creating free apps.
I need a code review to help satisfy requirements to submit to the NHS apps library.
Is there an automated code review tool available that I can use on my Livecode 9.x application?
Thanks

URL to the NHS requirements?

Hi
I am advised that this forum does not allow a url to be posted but you can find a link to the questionnaire on the web at the NHS App Library
they may ask an organisation Orcha (which has a website) to review

I am advised my app needs a code level review for L1-R. Does anyone know what that is as I cannot find anything on the internet?
ISO accreditation and Cyber Essentials accreditation also cited
as well as recommended compliance with
WCAG2.0AA
ISO 9241-210
WCAG2.0 on accessibility (although I believe this a web rather thwn app based accessibility standard)
Is there an agreed accessibility standard for mobile apps?
They also cite the need for evidenced functional, non-functional and regression testing through documented recordng. Anyone point me to a source for how to best undertake this or otherwise advise as.
Many thanks

If they do not define L1-R it would seem a bit unfair to expect app devs to comply with it.

I understand NHS had a problem with apps leaking patient data, prompting closure of the app repository in 2015.

While I haven't searched in-depth enough to be able to speak authoritatively, I'd guess most of their compliance concerns are related to security and privacy, yes?

I have only a vague and old familiarity with ISO software standards. IMNSHO most of them are garbage, not reflecting much of how software is actually made in any but the largest and least productive organizations. Impairing a supplier further is the onerousness of the certification process. Tons of time and money, for specious benefit to anyone other than certification contractors. Good luck with that part.

As for rest, please consider posting the relevant URLs in a form that won't trigger this forum's URL filters, such as removing the "http://" portion. If that seems problematic feel free to send me the URLs in private message and I'll post them here.

Without those details we cannot advise on how to comply.

It would be interesting to gather up the specifics of as many of the actual requirements as possible. Just a couple of comments I have after going through some of the materials I found. This questionnaire seems to be relevant and has app development questions near the end:

https://developer.nhs.uk/wp-content/upl ... ta-PDF.pdf

For mobile security there is a link to the OWASP testing guide:

https://www.owasp.org/index.php/OWASP_M ... e#tab=Main

You can download the OWASP checklist to go through here:

https://github.com/OWASP/owasp-mstg/tre ... Checklists

Code review can come in multiple forms. They may require that a 3rd party review the code looking for issues. They may also require that no changes are submitted to the application code base without an internal review policy and process in place. This may require using a version control system where every change generates an entry that can be considered an audit trail and that an auditor could look at.

If you are a small company with only one developer submitting changes to the code base then perhaps they will be more lenient then they would with a company that has a larger team of developers with multiple people submitting changes to the code base.

Accessibility refers to a number of things within an app. The questionnaire specially talks about contrast between text and background:

"Does the colour contrast of the text on your native app comply with WCAG 2.0 AA level
requirements?"

That is easy enough to address in your UI design. If something like VoiceOver support on iOS is required then that will be more difficult with LiveCode. I hear there is an accessibility add-on that LiveCode is working on but I don't know the specifics or how it will be implemented.

When it comes to testing there is no defacto testing suite for LiveCode that I am aware of. In my company's web applications every feature that is added has tests written in one of the popular testing suites for the development platform. These tests ensure that the feature works as expected. All tests for the app get run every time changes are submitted to the app repo to make sure a change doesn't break existing functionality in the app. Testing frameworks exist for both server code as well as our browser UI.

It would be nice if we had a standard testing suite framework as well as an easy way of running the tests when submitting changes to a repo on Github. But we don't so you would need to come up with your own way of creating scripts that test your app functionality.

Gigabit wrote: ↑

Sat Dec 01, 2018 7:42 pm

I am advised that this forum does not allow a url to be posted

FourthWorld wrote: ↑

Sat Dec 01, 2018 10:18 pm

As for rest, please consider posting the relevant URLs in a form that won't trigger this forum's URL filters, such as removing the "http://" portion. If that seems problematic feel free to send me the URLs in private message and I'll post them here.

I'm pretty sure they won't be able to send you a pm, for the same reason they can't post the link, they have 6 or so posts left to go before they are elevated to those priviledges as of the time of my post...

bogs wrote: ↑

Sun Dec 02, 2018 12:04 am

I'm pretty sure they won't be able to send you a pm, for the same reason they can't post the link...

Argh. Wish I could change that. The spam countermeasures in place have not stopped Klaus and I from needing to spend considerable time removing bad posts, but they have stopped a good many legitimate users from doing useful things here.

Fortunately Trevor had the time to dig up the links (thanks Trevor).