FDA-GO is Concept Plus' working prototype submission in response to the 18F BPA for Agile Delivery Services for RFQ 4QTFHS150004
| Project Links | URLs |
|---|---|
| Production Application | fdago.conceptplusllc.net |
| Development Environment | fdago-dev.conceptplusllc.net |
| CI Environment | fdago-ci.conceptplusllc.net |
| Container Advisor | fdago-ca.conceptplusllc.net |
See the FDA-GO Local Deployment Guide
Docker
See the Docker hub registry
Upon receipt of the RFQ, Yazan Ramahi was appointed and authorized to put a multidisciplinary team together to collaboratively design, develop, and deploy a working protoype.
Team members consisted of:
- Product Manager: Yazan Ramahi- Leader given authority, responsibility, and held accountable for the quality of the FDA-GO prototype.
- Technical Architect: (Category 2) - Rory McLean
- Frontend Web Developer: (Category 6) - Ponnamy Kiep
- Frontend Web Developer: (Category 6) - Dana Ramahi
- Backend Web Developer: (Category 7) - Mike Mathis
- DevOps Engineer: (Category 8) - Alex Rangeo
- DevOps Engineer: (Category 8) - Hector Villagomez
See our Attachment E: Approach Criteria Evidence
With a team in place, a project kickoff meeting was executed and ideas were presented to the product owner, leading to a decision to create FDA-GO; a site allowing consumers to execute a text search for a drug’s adverse events, labeling, and recall data. Consumers may also view recall information related to drugs, medical devices, and food for the past 12 months.
The team executed a scrum approach for all development activities. Working with the product owner, a product backlog was created identifying various user and technical stories. Stories were captured in JIRA and then groomed and refined allowing development to begin.
Development was completed in 4 sprints. Each sprint consisted of:
- Planning session – development team decomposed and estimated the user and technical stories.
- Daily stand ups – decomposed tasks and activities were tracked and impediments identified.
- Sprint demo – all completed user and technical stories were presented to stakeholders for acceptance.
- Sprint retrospective – lessons learned were captured and documented by the entire team.
Sprint tasks were tracked and managed using JIRA. A virtual agile board allowed the team to work remotely. All artifacts associated to each sprint can be found here. Simultaneously, the DevOps engineer and Technical Architect identified tasks that needed to be completed from an infrastructure perspective. All items were captured in JIRA and tracked through a Kanban board. Click here to see artifacts.
The prototype consumes the OpenFDA APIs and works on multiple devices while satisfying all of the criteria's for this challenge. This was achieved with using many modern and open source technologies.
- NodeJS - Cross-platform runtime environment
- AngularJS - Front-end framework
- Bootstrap - Front-end UI framework
- GruntJS - Javascript task runner
- Docker - Container framework
- Karma - Unit testing framework
- Jasmine - Unit testing framework
- Github - Code repository
- Jenkins - Continuous integration
- Selenium - Browser automation
- OpenFDA - REST API
- Amazon Web Services was used as our IaaS provider.
- Docker containerization of web application.
Our Continuous Integration implementation involved:
- Code check-in
- Jenkins polls and executes build to AWS
- AWS builds and starts Docker container
- Container is published to Docker Hub
- Upon [successful deployment of container](./evidence/Continuous Integration/fdago-production-build-output.rtf) Jenkins executes job to run automated tests
- [Test](./evidence/Continuous Integration/nightwatch-html-reports.pdf) and [Build](./evidence/Continuous Integration/Jenkins-Prod-Build-Pipeline.png) results produced 
For the scope of this effort, we have enabled multiple monitoring tools to monitor security, vulnerability, performance and health. Based on findings from periodic scans, appropriate action was taken.
- [SSL Scans](./evidence/Continuous Monitoring/SSL-Server-Test-fdago.conceptplusllc.pdf) - Qualys
- [Open Web Application Security Project (OWASP)](./evidence/Continuous Monitoring/fdago-OWASP-Scan.pdf) - Qualys
- [Vulnerability](./evidence/Continuous Monitoring/fdago-threat-report.pdf) - Qualys
- Container Monitoring - cAdvisor
- [Machine Health / Usage](./evidence/Continuous Integration/AWS_ec2_alarms.png) - AWS CloudWatch [with real-time alerts](./evidence/Continuous Monitoring/ALARMUSNVirginia.pdf)
Once you have FDA-GO setup on your local system. You can run the following command to execute the unit tests.
grunt test
The unit tests are created using the open source frameworks Karma, PhantomJS, and Jasmine.
The following tools tied into our CI solution and triggered the execution of automated test scripts. All testing results were captured in html reports. [Click here to view test results](./evidence/Continuous Integration/nightwatch-html-reports.pdf).
- Selenium - web browser automation tool.
- NightwatchJS - Node.js E2E testing for browser based apps and websites.
- PhantomJS - headless webkit scriptable with a Javascript API.
508 findings were added to the backlog.
FDA-GO is licensed under the MIT license. For full details see the LICENSE on github.
Please refer to the "evidence" folder.