- Create a new branch and add all of my requirements
- Make a pull request to master
- All of the new requirements are easily shown in the gitlab pull request
- Reviewers would add their comments in gitlab to specific lines.
- Developers would be able to comment back and forth in the comment section of the pull request and then make fixes
- Reviewers can then verify once a fix has been made (Add a new comment to the line saying it is fixed?)
- All changes have been accepted so the branch is merged into master
Through this process, the only requirements that will actually be in the master will be fully reviewed requirements. (Can we force gitlab to not allow writing to master, only merges?)
The DER needs to review all of our certification artifacts which includes reviews. Through this process, all requirements reviews will be contained in the pull requests. Each pull request will include the following data:
- Added/Modified requirements and their authors
- Issues and the reviewer that added it
- Fixes and author
- Verification of each issue and Verifier
- Date and Times
This data should be sufficient for the DER, provided you can't modify or delete this data after the fact.