Back to Details

risk-based-testing

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Risk-Based Testing

基于风险的测试

<default_to_action> When planning tests or allocating testing resources:
  1. IDENTIFY risks: What can go wrong? What's the impact? What's the likelihood?
  2. CALCULATE risk: Risk = Probability × Impact (use 1-5 scale for each)
  3. PRIORITIZE: Critical (20+) → High (12-19) → Medium (6-11) → Low (1-5)
  4. ALLOCATE effort: 60% critical, 25% high, 10% medium, 5% low
  5. REASSESS continuously: New info, changes, production incidents
Quick Risk Assessment:
  • Probability factors: Complexity, change frequency, developer experience, technical debt
  • Impact factors: User count, revenue, safety, reputation, regulatory
  • Dynamic adjustment: Production bugs increase risk; stable code decreases
Critical Success Factors:
  • Test where bugs hurt most, not everywhere equally
  • Risk is dynamic - reassess with new information
  • Production data informs risk (shift-right feeds shift-left) </default_to_action>
<default_to_action> 在规划测试或分配测试资源时:
  1. 识别风险:可能出现哪些问题?影响程度如何?发生概率有多大?
  2. 计算风险:风险 = 概率 × 影响(每项采用1-5分制)
  3. 划分优先级:关键级(20+)→ 高级(12-19)→ 中级(6-11)→ 低级(1-5)
  4. 分配精力:60%用于关键级,25%用于高级,10%用于中级,5%用于低级
  5. 持续重新评估:结合新信息、变更内容、生产环境事故
快速风险评估:
  • 概率因素:复杂度、变更频率、开发人员经验、技术债务
  • 影响因素:用户数量、收入、安全、声誉、合规要求
  • 动态调整:生产环境漏洞会提升风险;稳定代码会降低风险
关键成功因素:
  • 优先测试漏洞影响最大的区域,而非平均分配精力
  • 风险是动态的——结合新信息重新评估
  • 生产环境数据为风险评估提供依据(右移测试反哺左移测试) </default_to_action>

Quick Reference Card

快速参考卡片

When to Use

适用场景

  • Planning sprint/release test strategy
  • Deciding what to automate first
  • Allocating limited testing time
  • Justifying test coverage decisions
  • 规划迭代/发布测试策略
  • 确定优先自动化内容
  • 分配有限的测试时间
  • 论证测试覆盖决策的合理性

Risk Calculation

风险计算

Risk Score = Probability (1-5) × Impact (1-5)
ScorePriorityEffortAction
20-25Critical60%Comprehensive testing, multiple techniques
12-19High25%Thorough testing, automation priority
6-11Medium10%Standard testing, basic automation
1-5Low5%Smoke test, exploratory only
Risk Score = Probability (1-5) × Impact (1-5)
分数优先级精力占比行动
20-25关键级60%全面测试,采用多种技术
12-19高级25%深入测试,优先自动化
6-11中级10%标准测试,基础自动化
1-5低级5%仅进行冒烟测试、探索性测试

Probability Factors

概率因素

FactorLow (1)Medium (3)High (5)
ComplexitySimple CRUDBusiness logicAlgorithms, integrations
Change RateStable 6+ monthsMonthly changesWeekly/daily changes
Developer ExperienceSenior, domain expertMid-levelJunior, new to codebase
Technical DebtClean codeSome debtLegacy, no tests
因素低(1)中(3)高(5)
复杂度简单CRUD操作业务逻辑算法、系统集成
变更频率稳定6个月以上每月变更每周/每日变更
开发人员经验资深领域专家中级开发初级开发,不熟悉代码库
技术债务代码整洁存在部分债务遗留系统,无测试覆盖

Impact Factors

影响因素

FactorLow (1)Medium (3)High (5)
Users AffectedAdmin onlyDepartmentAll users
RevenueNoneIndirectDirect (checkout)
SafetyConvenienceData lossPhysical harm
ReputationInternalIndustryPublic scandal
因素低(1)中(3)高(5)
受影响用户仅管理员部门级用户所有用户
收入影响无影响间接影响直接影响(如结账流程)
安全影响仅影响便利性数据丢失人身伤害
声誉影响内部影响行业内影响公共丑闻

Risk Assessment Workflow

风险评估工作流

Step 1: List Features/Components

步骤1:列出功能/组件

Feature | Probability | Impact | Risk | Priority
--------|-------------|--------|------|----------
Checkout | 4 | 5 | 20 | Critical
User Auth | 3 | 5 | 15 | High
Admin Panel | 2 | 2 | 4 | Low
Search | 3 | 3 | 9 | Medium
Feature | Probability | Impact | Risk | Priority
--------|-------------|--------|------|----------
Checkout | 4 | 5 | 20 | Critical
User Auth | 3 | 5 | 15 | High
Admin Panel | 2 | 2 | 4 | Low
Search | 3 | 3 | 9 | Medium

Step 2: Apply Test Depth

步骤2:应用测试深度

typescript
await Task("Risk-Based Test Generation", {
  critical: {
    features: ['checkout', 'payment'],
    depth: 'comprehensive',
    techniques: ['unit', 'integration', 'e2e', 'performance', 'security']
  },
  high: {
    features: ['auth', 'user-profile'],
    depth: 'thorough',
    techniques: ['unit', 'integration', 'e2e']
  },
  medium: {
    features: ['search', 'notifications'],
    depth: 'standard',
    techniques: ['unit', 'integration']
  },
  low: {
    features: ['admin-panel', 'settings'],
    depth: 'smoke',
    techniques: ['smoke-tests']
  }
}, "qe-test-generator");
typescript
await Task("Risk-Based Test Generation", {
  critical: {
    features: ['checkout', 'payment'],
    depth: 'comprehensive',
    techniques: ['unit', 'integration', 'e2e', 'performance', 'security']
  },
  high: {
    features: ['auth', 'user-profile'],
    depth: 'thorough',
    techniques: ['unit', 'integration', 'e2e']
  },
  medium: {
    features: ['search', 'notifications'],
    depth: 'standard',
    techniques: ['unit', 'integration']
  },
  low: {
    features: ['admin-panel', 'settings'],
    depth: 'smoke',
    techniques: ['smoke-tests']
  }
}, "qe-test-generator");

Step 3: Reassess Dynamically

步骤3:动态重新评估

typescript
// Production incident increases risk
await Task("Update Risk Score", {
  feature: 'search',
  event: 'production-incident',
  previousRisk: 9,
  newProbability: 5,  // Increased due to incident
  newRisk: 15         // Now HIGH priority
}, "qe-regression-risk-analyzer");
typescript
// Production incident increases risk
await Task("Update Risk Score", {
  feature: 'search',
  event: 'production-incident',
  previousRisk: 9,
  newProbability: 5,  // Increased due to incident
  newRisk: 15         // Now HIGH priority
}, "qe-regression-risk-analyzer");

ML-Enhanced Risk Analysis

ML增强风险分析

typescript
// Agent predicts risk using historical data
const riskAnalysis = await Task("ML Risk Analysis", {
  codeChanges: changedFiles,
  historicalBugs: bugDatabase,
  prediction: {
    model: 'gradient-boosting',
    factors: ['complexity', 'change-frequency', 'author-experience', 'file-age']
  }
}, "qe-regression-risk-analyzer");

// Output: 95% accuracy risk prediction per file
typescript
// Agent predicts risk using historical data
const riskAnalysis = await Task("ML Risk Analysis", {
  codeChanges: changedFiles,
  historicalBugs: bugDatabase,
  prediction: {
    model: 'gradient-boosting',
    factors: ['complexity', 'change-frequency', 'author-experience', 'file-age']
  }
}, "qe-regression-risk-analyzer");

// Output: 95% accuracy risk prediction per file

Agent Coordination Hints

Agent协作提示

Memory Namespace

内存命名空间

aqe/risk-based/
├── risk-scores/*        - Current risk assessments
├── historical-bugs/*    - Bug patterns by area
├── production-data/*    - Incident data for risk
└── coverage-map/*       - Test depth by risk level
aqe/risk-based/
├── risk-scores/*        - Current risk assessments
├── historical-bugs/*    - Bug patterns by area
├── production-data/*    - Incident data for risk
└── coverage-map/*       - Test depth by risk level

Fleet Coordination

集群协作

typescript
const riskFleet = await FleetManager.coordinate({
  strategy: 'risk-based-testing',
  agents: [
    'qe-regression-risk-analyzer',  // Risk scoring
    'qe-test-generator',            // Risk-appropriate tests
    'qe-production-intelligence',   // Production feedback
    'qe-quality-gate'               // Risk-based gates
  ],
  topology: 'sequential'
});
typescript
const riskFleet = await FleetManager.coordinate({
  strategy: 'risk-based-testing',
  agents: [
    'qe-regression-risk-analyzer',  // Risk scoring
    'qe-test-generator',            // Risk-appropriate tests
    'qe-production-intelligence',   // Production feedback
    'qe-quality-gate'               // Risk-based gates
  ],
  topology: 'sequential'
});

Integration with CI/CD

与CI/CD集成

yaml
undefined
yaml
undefined

Risk-based test selection in pipeline

Risk-based test selection in pipeline

  • name: Risk Analysis run: aqe risk-analyze --changes ${{ github.event.pull_request.files }}
  • name: Run Critical Tests if: risk.critical > 0 run: npm run test:critical
  • name: Run High Tests if: risk.high > 0 run: npm run test:high
  • name: Skip Low Risk if: risk.low_only run: npm run test:smoke

---
  • name: Risk Analysis run: aqe risk-analyze --changes ${{ github.event.pull_request.files }}
  • name: Run Critical Tests if: risk.critical > 0 run: npm run test:critical
  • name: Run High Tests if: risk.high > 0 run: npm run test:high
  • name: Skip Low Risk if: risk.low_only run: npm run test:smoke

---

Related Skills

相关技能

  • agentic-quality-engineering - Risk-aware agents
  • context-driven-testing - Context affects risk
  • regression-testing - Risk-based regression selection
  • shift-right-testing - Production informs risk
  • agentic-quality-engineering - 具备风险意识的Agent
  • context-driven-testing - 场景会影响风险
  • regression-testing - 基于风险的回归测试选择
  • shift-right-testing - 生产环境数据反哺风险评估

Remember

要点回顾

Risk = Probability × Impact. Test where bugs hurt most. Critical gets 60%, low gets 5%. Risk is dynamic - reassess with new info. Production incidents raise risk scores.
With Agents: Agents calculate risk using ML on historical data, select risk-appropriate tests, and adjust scores from production feedback. Use agents to maintain dynamic risk profiles at scale.
风险 = 概率 × 影响。优先测试漏洞影响最大的区域。关键级区域分配60%精力,低级区域分配5%。风险是动态的——结合新信息重新评估。生产环境事故会提升风险评分。
借助Agent: Agent利用历史数据通过ML计算风险,选择适配风险等级的测试,并根据生产环境反馈调整评分。使用Agent可在大规模场景下维护动态风险档案。