Testing SecureDrop

The SecureDrop project ships both application code for running on servers hosted on-site at news organizations, as well as configuration scripts for provisioning the servers to accept updates to the application code, and to harden the system state. Therefore testing for the project includes Application Tests for validating that the app code behaves as expected, and Configuration Tests to ensure that the servers are appropriately locked down, and able to accept updates to the app code.

In addition, the Continuous Integration automatically runs the above Application and Configuration tests against cloud hosts, to aid in PR review.