Back to Details

risk-based-testing

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Risk-Based Testing

基于风险的测试

<default_to_action> When planning tests or allocating testing resources:
  1. IDENTIFY risks: What can go wrong? What's the impact? What's the likelihood?
  2. CALCULATE risk: Risk = Probability × Impact (use 1-5 scale for each)
  3. PRIORITIZE: Critical (20+) → High (12-19) → Medium (6-11) → Low (1-5)
  4. ALLOCATE effort: 60% critical, 25% high, 10% medium, 5% low
  5. REASSESS continuously: New info, changes, production incidents
Quick Risk Assessment:
  • Probability factors: Complexity, change frequency, developer experience, technical debt
  • Impact factors: User count, revenue, safety, reputation, regulatory
  • Dynamic adjustment: Production bugs increase risk; stable code decreases
Critical Success Factors:
  • Test where bugs hurt most, not everywhere equally
  • Risk is dynamic - reassess with new information
  • Production data informs risk (shift-right feeds shift-left) </default_to_action>
<default_to_action> 当规划测试或分配测试资源时:
  1. 识别风险:可能出现什么问题?影响有多大?发生概率是多少?
  2. 计算风险:风险 = 概率 × 影响(每项使用1-5分的量表评分)
  3. 优先级划分:严重(20分及以上)→ 高(12-19分)→ 中(6-11分)→ 低(1-5分)
  4. 分配工作投入:60%投入严重风险,25%投入高风险,10%投入中风险,5%投入低风险
  5. 持续重估:根据新信息、变更、生产事故动态调整
快速风险评估:
  • 概率影响因素:复杂度、变更频率、开发者经验、技术债务
  • 影响影响因素:用户数量、营收、安全、声誉、监管要求
  • 动态调整:生产Bug会提升风险;稳定代码会降低风险
关键成功因素:
  • 针对Bug影响最大的地方测试,不要平均分配测试资源
  • 风险是动态的——根据新信息重新评估
  • 生产数据可为风险评估提供参考(右移测试反哺左移测试) </default_to_action>

Quick Reference Card

快速参考卡

When to Use

适用场景

  • Planning sprint/release test strategy
  • Deciding what to automate first
  • Allocating limited testing time
  • Justifying test coverage decisions
  • 规划迭代/发布测试策略
  • 确定自动化测试的优先顺序
  • 分配有限的测试时间
  • 为测试覆盖范围决策提供依据

Risk Calculation

风险计算

Risk Score = Probability (1-5) × Impact (1-5)
ScorePriorityEffortAction
20-25Critical60%Comprehensive testing, multiple techniques
12-19High25%Thorough testing, automation priority
6-11Medium10%Standard testing, basic automation
1-5Low5%Smoke test, exploratory only
Risk Score = Probability (1-5) × Impact (1-5)
得分优先级资源投入动作
20-25严重60%全面测试,使用多种测试技术
12-1925%充分测试,优先自动化
6-1110%标准测试,基础自动化覆盖
1-55%冒烟测试,仅探索式测试

Probability Factors

概率影响因素

FactorLow (1)Medium (3)High (5)
ComplexitySimple CRUDBusiness logicAlgorithms, integrations
Change RateStable 6+ monthsMonthly changesWeekly/daily changes
Developer ExperienceSenior, domain expertMid-levelJunior, new to codebase
Technical DebtClean codeSome debtLegacy, no tests
因素低(1)中(3)高(5)
复杂度简单CRUD业务逻辑算法、集成逻辑
变更频率稳定6个月以上每月变更每周/每日变更
开发者经验资深领域专家中级开发初级开发,不熟悉代码库
技术债务代码整洁存在一定债务遗留代码,无测试覆盖

Impact Factors

影响因素

FactorLow (1)Medium (3)High (5)
Users AffectedAdmin onlyDepartmentAll users
RevenueNoneIndirectDirect (checkout)
SafetyConvenienceData lossPhysical harm
ReputationInternalIndustryPublic scandal
因素低(1)中(3)高(5)
受影响用户仅管理员部门级所有用户
营收影响间接影响直接影响(如支付流程)
安全影响仅影响使用便利性数据丢失人身伤害
声誉影响内部影响行业内影响公开丑闻

Risk Assessment Workflow

风险评估工作流

Step 1: List Features/Components

步骤1:列出功能/组件

Feature | Probability | Impact | Risk | Priority
--------|-------------|--------|------|----------
Checkout | 4 | 5 | 20 | Critical
User Auth | 3 | 5 | 15 | High
Admin Panel | 2 | 2 | 4 | Low
Search | 3 | 3 | 9 | Medium
Feature | Probability | Impact | Risk | Priority
--------|-------------|--------|------|----------
Checkout | 4 | 5 | 20 | Critical
User Auth | 3 | 5 | 15 | High
Admin Panel | 2 | 2 | 4 | Low
Search | 3 | 3 | 9 | Medium

Step 2: Apply Test Depth

步骤2:应用测试深度

typescript
await Task("Risk-Based Test Generation", {
  critical: {
    features: ['checkout', 'payment'],
    depth: 'comprehensive',
    techniques: ['unit', 'integration', 'e2e', 'performance', 'security']
  },
  high: {
    features: ['auth', 'user-profile'],
    depth: 'thorough',
    techniques: ['unit', 'integration', 'e2e']
  },
  medium: {
    features: ['search', 'notifications'],
    depth: 'standard',
    techniques: ['unit', 'integration']
  },
  low: {
    features: ['admin-panel', 'settings'],
    depth: 'smoke',
    techniques: ['smoke-tests']
  }
}, "qe-test-generator");
typescript
await Task("Risk-Based Test Generation", {
  critical: {
    features: ['checkout', 'payment'],
    depth: 'comprehensive',
    techniques: ['unit', 'integration', 'e2e', 'performance', 'security']
  },
  high: {
    features: ['auth', 'user-profile'],
    depth: 'thorough',
    techniques: ['unit', 'integration', 'e2e']
  },
  medium: {
    features: ['search', 'notifications'],
    depth: 'standard',
    techniques: ['unit', 'integration']
  },
  low: {
    features: ['admin-panel', 'settings'],
    depth: 'smoke',
    techniques: ['smoke-tests']
  }
}, "qe-test-generator");

Step 3: Reassess Dynamically

步骤3:动态重估

typescript
// Production incident increases risk
await Task("Update Risk Score", {
  feature: 'search',
  event: 'production-incident',
  previousRisk: 9,
  newProbability: 5,  // Increased due to incident
  newRisk: 15         // Now HIGH priority
}, "qe-regression-risk-analyzer");
typescript
// Production incident increases risk
await Task("Update Risk Score", {
  feature: 'search',
  event: 'production-incident',
  previousRisk: 9,
  newProbability: 5,  // Increased due to incident
  newRisk: 15         // Now HIGH priority
}, "qe-regression-risk-analyzer");

ML-Enhanced Risk Analysis

ML-Enhanced Risk Analysis

typescript
// Agent predicts risk using historical data
const riskAnalysis = await Task("ML Risk Analysis", {
  codeChanges: changedFiles,
  historicalBugs: bugDatabase,
  prediction: {
    model: 'gradient-boosting',
    factors: ['complexity', 'change-frequency', 'author-experience', 'file-age']
  }
}, "qe-regression-risk-analyzer");

// Output: 95% accuracy risk prediction per file
typescript
// Agent predicts risk using historical data
const riskAnalysis = await Task("ML Risk Analysis", {
  codeChanges: changedFiles,
  historicalBugs: bugDatabase,
  prediction: {
    model: 'gradient-boosting',
    factors: ['complexity', 'change-frequency', 'author-experience', 'file-age']
  }
}, "qe-regression-risk-analyzer");

// Output: 95% accuracy risk prediction per file

Agent Coordination Hints

Agent协调提示

Memory Namespace

内存命名空间

aqe/risk-based/
├── risk-scores/*        - Current risk assessments
├── historical-bugs/*    - Bug patterns by area
├── production-data/*    - Incident data for risk
└── coverage-map/*       - Test depth by risk level
aqe/risk-based/
├── risk-scores/*        - Current risk assessments
├── historical-bugs/*    - Bug patterns by area
├── production-data/*    - Incident data for risk
└── coverage-map/*       - Test depth by risk level

Fleet Coordination

集群协调

typescript
const riskFleet = await FleetManager.coordinate({
  strategy: 'risk-based-testing',
  agents: [
    'qe-regression-risk-analyzer',  // Risk scoring
    'qe-test-generator',            // Risk-appropriate tests
    'qe-production-intelligence',   // Production feedback
    'qe-quality-gate'               // Risk-based gates
  ],
  topology: 'sequential'
});
typescript
const riskFleet = await FleetManager.coordinate({
  strategy: 'risk-based-testing',
  agents: [
    'qe-regression-risk-analyzer',  // Risk scoring
    'qe-test-generator',            // Risk-appropriate tests
    'qe-production-intelligence',   // Production feedback
    'qe-quality-gate'               // Risk-based gates
  ],
  topology: 'sequential'
});

Integration with CI/CD

与CI/CD集成

yaml
undefined
yaml
undefined

Risk-based test selection in pipeline

Risk-based test selection in pipeline

  • name: Risk Analysis run: aqe risk-analyze --changes ${{ github.event.pull_request.files }}
  • name: Run Critical Tests if: risk.critical > 0 run: npm run test:critical
  • name: Run High Tests if: risk.high > 0 run: npm run test:high
  • name: Skip Low Risk if: risk.low_only run: npm run test:smoke

---
  • name: Risk Analysis run: aqe risk-analyze --changes ${{ github.event.pull_request.files }}
  • name: Run Critical Tests if: risk.critical > 0 run: npm run test:critical
  • name: Run High Tests if: risk.high > 0 run: npm run test:high
  • name: Skip Low Risk if: risk.low_only run: npm run test:smoke

---

Related Skills

相关技能

  • agentic-quality-engineering - Risk-aware agents
  • context-driven-testing - Context affects risk
  • regression-testing - Risk-based regression selection
  • shift-right-testing - Production informs risk
  • agentic-quality-engineering - 具备风险感知能力的Agent
  • context-driven-testing - 上下文影响风险
  • regression-testing - 基于风险的回归测试选择
  • shift-right-testing - 生产数据反哺风险评估

Remember

注意要点

Risk = Probability × Impact. Test where bugs hurt most. Critical gets 60%, low gets 5%. Risk is dynamic - reassess with new info. Production incidents raise risk scores.
With Agents: Agents calculate risk using ML on historical data, select risk-appropriate tests, and adjust scores from production feedback. Use agents to maintain dynamic risk profiles at scale.
风险 = 概率 × 影响。 针对Bug危害最大的领域测试。严重风险分配60%资源,低风险仅分配5%。风险是动态的——根据新信息重新评估。生产事故会提升风险分值。
搭配Agent使用: Agent可以基于历史数据通过ML计算风险,选择匹配风险等级的测试,还能根据生产反馈调整分值。使用Agent可以大规模维护动态风险画像。